Identifying Insider and Masquerade attackers in Cloud Computing and IoT Devices

--There are a variety of communication mediums for interaction. Users often hop from one medium of communication to another. Hopping from one computer to another or to a mobile device or to cloud computing environment. The advancement in hardware technology led to cheaper cost and maintenance. However, this also leads to the security and vulnerabilities issues. Provision of service to users is as much important as its security. Malicious insider and masquerade threat detection is of growing interest owing to the number of cyber-attacks. In this paper we propose a user behavior evaluation model using supervised machine learning to identify insider and masquerade users. System users exhibit certain behavioral patterns when utilizing the system such as time of login, device used, IP address etc. If this behavior is captured and compared with normal users’ behavior, anomalies can be detected. Our model follows this principle. We extract the important features from the dataset. These extracted features dataset is fed as input to four different machine learning algorithms. Best performing machine learning algorithm is chosen based on the accuracy amongst the four machine learning algorithms to identify malicious and masquerade users. The dataset contains 20,001 records. Using k-fold cross validation, model has been trained and tested. Results have shown an accuracy of 98.1% in predicting the unseen user behavior activities. Identifying malicious behavior could prevent or mitigate the attacks. This will also enable in taking timely action against these users from performing any unauthorized or illegal actions.