Continuous identity verification in cloud storage services using behavioural profiling |
Cloud storage services have become immensely popular because they enable users to remotely store their data over the Internet. However, this has led to a lack of physical control to protect their information with an increasing vulnerability to potential attacks. Well-known service providers including Dropbox and Apple iCloud have suffered from attacks, leading to sensitive customer information being exposed. A key issue is that the cloud services rely upon a simple authentication login and remain accessible to users afterward for significant periods of time. Thus, arguably more intelligent security measures are required to support the security of the system. Behavioural profiling is one technique that has been applied successfully with a variety of technologies for continuous user verification, telecommunication misuse and credit card fraud. However, the implementation of such a technique in cloud storage services has not been studied. This paper investigates the application in cloud storage services to detect misuse post initial login. A private dataset was collected from a cloud storage service (Dropbox) containing real user interactions of 30 participants over a six month period (totalling 91,371 log entries). A series of experiments have been implemented on the dataset using a supervised machine learning algorithms to examine the feasibility of classifying the normal and abnormal users’ behaviour. On average, the best experimental result achieved an EER of as low as 5.8% with six users experiencing an EER equal to or less than 0.3%. The results are very encouraging and indicate the feasibility of detecting misuse in cloud computing services.
Al-Bayati B, Clarke NL, Haskell-Dowland PS (Dowland PS), Li F