A novel framework for mitigating insider attacks in big data systems

Cyber attacks are becoming a threat to the proliferation of big data services. Security in big data services is primarily implemented through software that is maintained by service providers which makes it easier for insider attacks. In this paper, we introduce a novel hardware driven framework for mitigating insider attacks in big data systems. The key idea is to delegate security to special purpose hardware that is capable of detecting an attack on the primary copy of data and preventing that attack on the replicas. In the proposed framework, the assembly code of a process running on the primary copy is analyzed and an attack probability score (APS) is derived which captures in some sense the control structure of the code. The APS of a process is unique to the structure of that process and is derived from the control-flow instructions and their data (if applicable). This score along with the control and data stacks are maintained in the replica nodes. Now, at the replica nodes when the same code is executed, the APS is computed dynamically on the fly and matched with the stored APS. If there is a mismatch indicating a possible attack, the control and data flow stacks are matched in sequence to detect attacks. Our proposed framework was simulated on a virtual cluster and verified using open benchmarks. Experimental results prove that our framework can be implemented with negligible time overhead. Results indicate that the average time overhead is about 0.01% of the total execution time.