Abstract
Attacks launched from the inside of the cloud are threats not only to the cloud users but also to the cloud infrastructures. Although with trusted computing the cloud service providers can guarantee the trust and security of the cloud environment for the users, the trustworthiness of users is not properly assessed. Inspired by the concept of variable trust, the main contribution of this paper is that we propose a trust assessment method for cloud users based on deep learning. Firstly, we extract users’ activities from system logs and employ stacked LSTM (long short-term memory) neural network to model normal activity patterns to build trust profiles for different users. Secondly, the trust profile is capable of predicting future behavioural actions of the specific user, and by calculating the similarity between predicted actions and actual actions the trustworthiness of the user will be assessed with a baseline to detect the trust state of the cloud user dynamically. And in the end, we design and conduct experiments on a public dataset. The results of experiments indicate that when the user is in abnormal state, there are notable differences between predicted actions and user’s actual actions, which proves the efficiency of the proposed method.
Highlights
Security issue is one of the most important problems in cloud computing and building trust is a practical method to resolve it
Note that the zero trust architecture [15] stated that a variable trust should be allocated to every entity in the network no matter the service provider or the service recipient; we believe that the trust of users should be dynamic and real-time. erefore, in this paper, combining the notions of variable trust and anomaly detection, we propose a method of building trust profiles to assess trust for cloud users based on system logs from virtual machines which are legitimate and easy to collect [16]
System logs are generic for most kinds of operating systems and with fixed format to analyze [12]. e contributions of this paper can be highlighted as follows: A deep learning-based trust profile: the trust profile is capable of predicting future behavioural actions of the specific user, and by calculating the similarity between predicted actions and actual actions the trustworthiness of the user will be assessed with a baseline to detect the trust state of the cloud user dynamically
Summary
Security issue is one of the most important problems in cloud computing and building trust is a practical method to resolve it. Cloud service providers (CSPs) usually need to provide trust evidence to cloud users to ensure that the security of computing environment is guaranteed. TCG’s trusted computing-based trust chain [1], trustworthiness attestation [2], and transparency of cloud platform [3] are all included in trust evidence. Few CSPs would ask for trust evidence from users and which leads to inside attack performed by malicious inside attackers. Malicious cloud users may exploit cloud resources to launch attack against some other cloud users or other Internet services. Malware such as viruses, trojans, and worms are used to perform attack activities by malicious insiders. In 2009, Zeus Botnet was found in Amazon EC2 and, in 2011, SONY PSN was attacked by hackers using Amazon EC2 resources in the same way. A lot of work has discussed malicious insiders in different aspects [6,7,8]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
