Machine Learning for Cloud-Based Privilege Escalation Attack Detection and Mitigation with CATBOOST
Main Article Content
Abstract
The exponential growth in attack frequency and complexity in the past few years has made cybersecurity a major concern with the advent of smart devices. Cloud computing has changed the way businesses operate, but users may find it more challenging to use dispersed services, such as security systems, due to their centralization. Organizations and cloud service suppliers exchange massive amounts of data, which poses a significant risk of accidental or intentional disclosure of sensitive information. Because of their increased access and potential to do substantial harm, an antagonistic insider poses a serious threat to the company. Only approved individuals within the organization have access to sensitive data and assets. This research details a machine learning-based strategy for classifying insider threats and finding out-of-the-ordinary events that can indicate privilege escalation security issues. The system uses a systematic approach to detect these irregularities. Machine learning and prediction accuracy are both enhanced by ensemble learning, which considers several models simultaneously. Using anomaly and weakness detection, some studies have attempted to identify security issues or hazards associated with privilege delegation in network systems. However, the assaults cannot be definitely identified from this research. Ensembles for machine learning (ML) are suggested and assessed in this research. The objective of this endeavor is to classify insider assaults using machine learning approaches. The dataset it uses has been modified from many files beneath the CERT dataset. The dataset is subjected to four machine learning techniques: Light GBM, XG Boost, Ada Boost, and three Random Forest (RF) methods. In terms of overall performance, light was superior. In contrast, RF and AdaBoost are two algorithms that may be better at preventing assaults from inside, such as attacks using behavioral biometrics. Consequently, it is possible that various internal threats may be better classified by combining various machine learning algorithms. With a 97% dependability rate, the Light GBM method outperforms the other suggested techniques; RF, AdaBoost, and XG Boost all have 88% accuracy rates.
Downloads
Metrics
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
References
U. A. Butt, R. Amin, H. Alibis, S. Mohan, B. Aloft, and A. Ahmadi, ‘‘Cloud-based email phishing attack using machine and deep learning algorithm,’’ Complex Intel. Syst., pp. 1–28, Jun. 2022.
D. C. Le and A. N. Zincin-Heywood, ‘‘Machine learning-based insider threat modelling and detection,’’ in Proc. IFIP/IEEE Sump. Integer. Newt. Service Manga. (IM), Apr. 2019, pp. 1–6.
P. Oberoi, ‘‘Survey of various security attacks in cloud-based environments,’’ Int. J. Adv. Res. Compute. Sci., vol. 8, no. 9, pp. 405–410, Sep. 2017.
A. Ajmal, S. Ibra, and R. Amin, ‘‘Cloud computing platform: Performance analysis of prominent cryptographic algorithms,’’ Concurrency Compute., Pact. Expert., vol. 34, no. 15, p. e6938, Jul. 2022.
U. A. Butt, R. Amin, M. Mehmood, H. albas, M. T. Aldhabi, and N. Alabama, ‘‘Cloud security threats and solutions: A survey,’’ Wireless Pers. Common., vol. 128, no. 1, pp. 387–413, Jan. 2023.
H. Tourer, S. Zaman, R. Amin, M. Hussain, F. Al-Tudjman, and M. Bilal, ‘‘Smart home security: Challenges, issues and solutions at different IoT layers,’’ J. Supercomputer., vol. 77, no. 12, pp. 14053–14089, Dec. 2021.
S. Zou, H. Sun, G. Xu, and R. Quan, ‘‘Ensemble strategy for insider threat detection from user activity logs,’’ Compute., Mater. Continua, vol. 65, no. 2, pp. 1321–1334, 2020.
G. Apprizes, M. Calacanis, L. Ferretti, A. Guido, and M. Marchetti, ‘‘On the effectiveness of machine and deep learning for cyber security,’’ in Proc. 10th Int. Conf. Cyber Conflict (Cyc on), May 2018, pp. 371-390.
D. C. Le, N. Zincin-Heywood, and M. I. Heywood, ‘‘Analyzing data granularity levels for insider threat detection using machine learning,’’ IEEE Trans. Newt. Service Manga., vol. 17, no. 1, pp. 30–44, Mar. 2020.
F. Janjua, A. Masood, H. Abbas, and I. Rashid, ‘‘Handling insider threat through supervised machine learning techniques,’’ Proc. Compute. Sci., vol. 177, pp. 64–71, Jan. 2020.
R. Kumar, K. Seth, N. Prajapati, R. R. Rout, and P. Brea, ‘‘Machine learning-based malware detection in cloud environment using clustering approach,’’ in Proc. 11th Int. Conf. Compute., Common. Newt. Technol. (ICCCNT), Jul. 2020, pp. 1–7.
D. Tripathi, R. Gohil, and T. Halaby, ‘‘Detecting SQL injection attacks in cloud SaaS using machine learning,’’ in Proc. IEEE 6th Int. Conf. Big Data Secure. Cloud (Bigdata Security), Int. Conf. High Perform. Smart Compute. (HPSC), IEEE Int. Conf. Intel. Data Secure. (IDS), May 2020, pp. 145–150.
X. Sun, Y. Wang, and Z. Shi, ‘‘Insider threat detection using an unsupervised learning method: COPOD,’’ in Proc. Int. Conf. Common., Inf. Syst. Compute. Eng. (CISCE), May 2021, pp. 749–754.
J. Kim, M. Park, H. Kim, S. Cho, and P. Kang, ‘‘Insider threat detection based on user behaviour modelling and anomaly detection algorithms,’’ Appl. Sci., vol. 9, no. 19, p. 4018, Sep. 2019.
L. Liu, O. de Vela, Q.-L. Han, J. Zhang, and Y. Xiang, ‘‘Detecting and preventing cyber insider threats: A survey,’’ IEEE Common. Surveys Tuts., vol. 20, no. 2, pp. 1397–1417, 2nd Quart., 2018.
P. Chattopadhyay, L. Wang, and Y.-P. Tan, ‘‘Scenario-based insider threat detection from cyber activities,’’ IEEE Trans. Comp. Social Syst., vol. 5, no. 3, pp. 660–675, Sep. 2018.
G. Ravikumar and M. Govind Arius, ‘‘Anomaly detection and mitigation for wide-area damping control using machine learning,’’ IEEE Trans. Smart Grid, early access, May 18, 2020, Doi: 10.1109/TSG.2020.2995313.
M. I. Tariq, N. A. Memo, S. Ahmed, S. Tayyaba, M. T. Mushtaq, N. A. Mina, M. Imran, and M. W. Ashraf, ‘‘A review of deep learning security and privacy defensive techniques,’’ Mobile Inf. Syst., vol. 2020, pp. 1–18, Apr. 2020.
D. S. Berman, A. L. Buzau, J. S. Chavis, and C. L. Corbett, ‘‘A survey of deep learning methods for cyber security,’’ Information, vol. 10, no. 4, p. 122, 2019.
N. T. Van and T. N. Thanh, ‘‘An anomaly-based network intrusion detection system using deep learning,’’ in Proc. Int. Conf. Syst. Sci. Eng. (ICSSE), 2017, pp. 210–214.
G. Pang, C. Shen, L. Cao, and A. V. D. Hengelo, ‘‘Deep learning for anomaly detection: A review,’’ ACM Compute. Surf., vol. 54, no. 2, pp. 1–38, Mar. 2021.
A. Arora, A. Khanna, A. Rastogi, and A. Agarwal, ‘‘Cloud security ecosystem for data security and privacy,’’ in Proc. 7th Int. Conf. Cloud Compute., Data Sci. Eng., Jan. 2017, pp. 288–292.
L. Cippolini, S. Antonio, G. Mazzei, and L. Romano, ‘‘Cloud security: Emerging threats and current solutions,’’ Compute. Electra. Eng., vol. 59, pp. 126–140, Apr. 2017.
M. Abdulsalam, R. Krishnan, Y. Huang, and R. Sandhu, ‘‘Malware detection in cloud infrastructures using convolutional neural networks,’’ in Proc. IEEE 11th Int. Conf. Cloud Compute. (CLOUD), Jul. 2018, pp. 162-169.