Insider threat detection model for the cloud

Abstract

Cloud computing is a revolutionary technology that is changing the way people and organizations conduct business. It promises to help organizations save money on IT expenditure while increasing reliability, efficiency and productivity. However, despite the potential benefits that the cloud promises its users, it is facing some security challenges. Insider threats are some of the growing security concerns that are hindering the adoption of the cloud. Cloud providers are faced with a challenge of monitoring usage patterns of users so as to ensure that malicious insiders do not compromise the security of customer data and applications. Solutions are still needed to ensure that the data stored in the cloud is secure from malicious insiders of the cloud service provider. This paper presents an Insider Threat Detection Model that can be used to detect suspicious insider activities. An experimental system was designed to implement this model. This system uses sequential rule mining to detect malicious users by comparing incoming events against user profiles.