Project Title: Detection and Mitigation of Malicious Insider Threats in Cloud Environment using Machine Learning Methods

Team Members

Dr. G. Padmavathi, Dean - PSCS, Professor, Department of Computer Science

Dr. D. Shanmugapriya, Assistant Professor and Head, Department of Information Technology

Ms. S. Asha, Research Scholar, Department of Computer Science

Project Summary

Cloud computing is a framework that provides infrastructure, platform and software as a service to a wide range of users at a metered cost. It is more beneficial to the end user but it is prone to numerous security threats. Some security threats in the cloud can be handled using a built-in security mechanism. However, it fails to handle the more destructible passive attack such as malicious insider threats. Malicious Insider may be a current / past employee of an organization who can steal the confidential data leading to data breaches. So, it is important to detect and mitigate the malicious insider from the network to enhance the security of the cloud. 

The aim of the project is to propose the techniques for detecting and mitigating malicious insider. One way of detecting the malicious insider threat is by applying anomaly detection techniques. Since the class imbalance problem arises in these techniques, the data level sampling methods are recommended. The performance of different types of undersampling and oversampling techniques are evaluated based on the performance metrics such as precision, recall, f-score and accuracy. The best performing sampling technique is used in anomaly detection technique for further detection. In this project, supervised machine learning based anomaly detection using one-class support vector machine (OCSVM) with variants of sampling techniques are implemented for detecting the attack and Multifactor Authentication with keystroke based biometric authentication and OTP based secondary authentication is implemented to mitigate the malicious insider threat. In detection phase, the true detection rate is of 100% and false detection rate is of 0% to detect all the malicious activity in top 50%. The user who performs the malicious activity is undergone the mitigation phase. In mitigation phase, the biometric authentication verifies the user as genuine if the value of EER is low, the user is labelled as genuine and is subjected to OTP-based secondary authentication. The user who performs successful OTP verification is considered as genuine and has gained access to security system.