Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability

Most security related research for cloud computing focuses on attacks generated outside the cloud system. However, insider attackers are more challenging and can cause severe impacts on the cloud system stability and quality of service. In this paper, we propose an insider threat model using a knowledgebase approach. Knowledgebase models were used earlier in preventing insider threats in both the system level and the database level. We extend this work to cloud computing systems. The proposed model insures an early detection (and hence, the prevention) of possible insider breaches by correlating system administrators knowledge who may grant undesired privileges to insiders of the underlying cloud data center. The proposed model handles the insider threat in a cloud data center at its several levels: the host level and the network level where insiders are categorized several levels of privileges according to their locations within the cloud data center. The concentration will be insider threats at the host (database) level. The conducted simulation shows that the proposed model works well in predicting malicious acts of insiders of the cloud.