SlideShare a Scribd company logo

MIST Effective Masquerade Attack Detection in the Cloud

Kumar Goud, profile picture
Kumar Goud

The document discusses a novel approach to improving cloud data security through the use of decoy information technology to counter insider data theft. It proposes monitoring user access patterns to detect abnormal behaviors and respond to unauthorized access attempts by overwhelming attackers with false information. This method aims to enhance data protection in cloud environments where traditional measures like encryption have proven inadequate against insider threats.

Engineering
1 of 4
Download to read offline
1
2
3
4
International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) MIST Effective Masquerade Attack Detection in the Cloud Tallapaneni Madhavi M.Tech Scholar (CSE) Dept. of CSE Prakasam Engineering College AP, India 43 Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment. Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user I. INTRODUCTION In this paper, we address a novel approach to securing personal and business data in the Cloud. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documents in a Cloud service. Decoy documents stored in the Cloud alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology could provide unprecedented levels of security in the Cloud and in social networks. If a valid user’s credentials are stolen by an attacker, the attacker can enter into the cloud as a valid user. Distinguishing the valid user and the attacker (the user, who is doing identity crime). Protecting the real user’s sensitive data on the cloud from the attacker (insider data theft attacker). Platforms will not show the complexity and details of the underlying infrastructure from users and applications by providing very simple graphical interface or API (Applications Programming Interface Cloud computing is a type of the use or operation of computers that relies on sharing computing resources rather than having local servers or personal devices to handle applications. Businesses, especially startups small talks, small and medium businesses (SMBs), are increasingly opting for outsourcing data and the action of mathematical calculation to the Cloud. Data theft attacks are increase the volume of the attacker is a intended to do harm insider. This is considered as one of the top effective threats to cloud computing by the Cloud privacy Alliance. While most Cloud computing users are well-aware of this effective threat, they are left only with trusting the service provider when it comes to protect their data. The lack of temporary information into, let alone constraints over, the Cloud provider authentication, authorization, and audit controls only make worse with this threat. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. Much research in Cloud computing security has focused on ways of preventing unauthorized and illegitimate access to data by developing sophisticated access control and encryption mechanisms. However these mechanisms have not been able to prevent data compromise. 2. LITERATURE SURVEY Top Threats to Cloud Computing Cloud Computing represents one of the most significant shifts in information technology many of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility has great potential, promising innovations we cannot yet imagine. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the opportunities to reduce capital costs. They are excited for a chance to divest them of infrastructure management, and focus on core competencies. Most of all, they are excited by the agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies and needs more readily. However, customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable. To aid both cloud customers and cloud providers, CSA developed “Security Guidance for Critical Areas in Cloud Computing”, initially released in April 2009, and revised in December 2009. This guidance has quickly become the industry standard catalogue of best practices to secure Cloud Computing, consistently
International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 44 lauded for its comprehensive approach to the problem, across 13 domains of concern. Numerous organizations around the world are incorporating the guidance to manage their cloud strategies. The great breadth of recommendations provided by CSA guidance creates an implied responsibility for the reader. Not all recommendations are applicable to all uses of Cloud Computing. Some cloud services host customer information of very low sensitivity, while others represent mission critical business functions. Some cloud applications contain regulated personal information, while others instead provide cloud-based protection against external threats. It is incumbent upon the cloud customer to understand the organizational value of the system they seek to move into the cloud. Ultimately, CSA guidance must be applied within the context of the business mission, risks, rewards, and cloud threat environment using sound risk management practices. Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to “Security Guidance for Critical Areas in Cloud Computing”. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. There has been much debate about what is “in scope” for this research. We expect this debate to continue and for future versions of “Top Threats to Cloud Computing” to reflect the consensus emerging from those debates. While many issues, such as provider financial stability, create significant risks to customers, we have tried to focus on issues we feel are either unique to or greatly amplified by the key characteristics of Cloud Computing and its shared, on-demand nature. We identify the following threats in our initial document: · Abuse and Nefarious Use of Cloud Computing · Insecure Application Programming Interfaces · Malicious Insiders · Shared Technology Vulnerabilities · Data Loss/Leakage · Account, Service & Traffic Hijacking · Unknown Risk Profile Our goal is to provide a threat identification deliverable that can be quickly updated to reflect the dynamics of Cloud Computing and its rapidly evolving threat environment. We look forward to your participation on subsequent versions of “Top Threats to Cloud Computing”, as we continue to refine our list of threats, and to your input as we all figure out how to secure Cloud Computing. Threat #1: Abuse and Nefarious Use of Cloud Computing IaaS providers offer their customers the illusion of unlimited compute, network, and storage capacity — often coupled with a ‘frictionless’ registration process where anyone with a valid credit card can register and immediately begin using cloud services. Some providers even offer free limited trial periods. By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity. PaaS providers have traditionally suffered most from this kind of attacks; however, recent evidence shows that hackers have begun to target IaaS vendors as well. Future areas of concern include password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms. Threat #2: Insecure Interfaces and APIs Cloud Computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Furthermore, organizations and third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API; it also increases risk, as organizations may be required to relinquish their credentials to third parties in order to enable their agency. Threat #3: Malicious Insiders The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 3. PROPOSED SYSTEM We propose a completely different approach to securing the cloud using decoy information technology, that we have come to call Fog computing. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from
International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 45 fake worthless data. The decoys, then, serve two purposes: (1) validating whether data access is authorized when abnormal information access is detected, and (2) confusing the attacker with bogus information. MODULE DESCRIPTION: 1. Cloud Computing. 2. User Behavior Profiling: 3. Decoy documents. 1. Cloud computing: Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service-provider interaction. It divides into three types 1. Application as a service. 2. Infrastructure as a service. 3. Platform as a service. 2. User Behavior Profiling: We monitor data access in the cloud and detect abnormal data access patterns User profiling is a well known Technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior-based security is commonly used in fraud detection applications. Such profiles would naturally include volumetric information, how many documents are typically read and how often. We monitor for abnormal search behaviors that exhibit deviations from the user baseline the correlation of search behavior anomaly detection with trap-based decoy files should provide stronger evidence of malfeasance, and therefore improve a detector’s accuracy. 3. Decoy documents: We propose a different approach for securing data in thecloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data the decoys, then, serve two purposes: (1) Validating whether data access is authorized when abnormal information access is detected, and (2) Confusing the attacker with bogus information.. 4. IMPLEMENTATION Figure 1 System Architecture Figure.2. AUC Comparison by user 4.1. System Modules User Access Behavior Profiling: It is expected that access to a user’s information in the Cloud will exhibit a normal means of access. User profiling is a well known technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior-based security is commonly used in fraud detection applications. Such profiles would naturally include volumetric information, how many documents are typically read and how often. These simple user specific features can serve to detect abnormal Cloud access based partially upon the scale and scope of data transferred. Decoy File System Maintenance: Decoy information, such as decoy documents, honeyfiles, honeypots, and various other bogus information can be generated on demand and serve as a means of detecting unauthorized access to information and to
International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 46 ‘poison’ the thief’s ex-filtrated information. Serving decoys will confound and confuse an adversary into believing they have ex-filtrated useful information, when they have not. This technology may be integrated with user behavior profiling technology to secure a user’s information in the Cloud. Whenever abnormal access to a cloud service is noticed, decoy information may be returned by the Cloud and delivered in such a way as to appear completely legitimate and normal. The true user, who is the owner of the information, would readily identify when decoy information is being returned by the Cloud, and hence could alter the Cloud’s responses through a variety of means, such as challenge questions, to inform the Cloud security system that it has inaccurately detected an unauthorized access. In the case where the access is correctly identified as an unauthorized access, the Cloud security system would deliver unbounded amounts of bogus information to the adversary, thus securing the user’s true data from unauthorized disclosure. The decoys, then, serve two purposes: (1) validating whether data access is authorized when abnormal information access is detected, and (2) confusing the attacker with bogus information. Anomaly Detection: The correlation of search behavior anomaly detection with trap-based decoy files should provide stronger evidence of malfeasance, and therefore improve a detector’s accuracy. We hypothesize that detecting abnormal search operations performed prior to an unsuspecting user opening a decoy file will corroborate the suspicion that the user is indeed impersonating another victim user. This scenario covers the threat model of illegitimate access to Cloud data. Furthermore, an accidental opening of a decoy file by a legitimate user might be recognized as an accident if the search behavior is not deemed abnormal. In other words, detecting abnormal search and decoy traps together may make a very effective masquerade detection system. Combining the two techniques improves detection accuracy. We use decoys as an oracle for validating the alerts issued by the sensor monitoring the user’s file search and access behavior. In our experiments, we did not generate the decoys on demand at the time of detection when the alert was issued. Instead, we made sure that the decoys were conspicuous enough for the attacker to access them if they were indeed trying to steal information by placing them in highly conspicuous directories and by giving them enticing names. With this approach, we were able to improve the accuracy of our detector. Crafting the decoys on demand improves the accuracy of the detector even further. Combining the two techniques, and having the decoy documents act as an oracle for our detector when abnormal user behavior is detected may lower the overall false positive rate of detector. Challenge Requests: If the current user’s behavior seems anomalous, then the user is asked for randomly selected secret questions. If the user fails to provide correct answers for a certain limits or threshold, the user is provided with decoy files. If the user provided correct answers for a limit, the user is treated as normal user. 5. CONCLUSION We present a novel approach to securing personal and business data in the Cloud. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documents in a Cloud service. Decoy documents stored in the Cloud alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology , could provide unprecedented levels of security in the Cloud and in social networks model. REFERENCES [1]. Cloud Security Alliance, “Top Threat to Cloud Computing V1.0,” March 2010. [Online]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [2]. M. Arrington, “In our inbox: Hundreds of confidential twitter documents,” July 2009. [Online]. Available: http://techcrunch.com/2009/07/14/in-our-inbox-hundreds-ofconfidential- twitter-documents/ [3]. D. Takahashi, “French hacker who leaked Twitter documents to TechCrunch is busted,” March 2010. [Online]. Available: http://venturebeat.com/2010/03/24/french-hacker-wholeaked- twitter-documents- to-techcrunch-is-busted/ [4]. D. Danchev, “ZDNET: french hacker gains access to twitter’s admin panel,” April 2009. [Online]. Available: http://www.zdnet.com/blog/security/french-hacker-gains-access-totwitters- admin-panel/3292 [5]. P. Allen, “Obama’s Twitter password revealed after french hacker arrested for breaking into U.S. president’s account,” March 2010. [Online]. Available: http://www.dailymail.co.uk/news/article- 1260488/Barack- Obamas-Twitter-password-revealed-French-hacker-arrested. html [6]. F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing confidential data in the cloud,” in Proceedings of the First International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments, Hong Kong, ser. DCDV ’11, June 2011. [7]. M. Van Dijk and A. Juels, “On the impossibility of cryptography alone for privacy-preserving cloud computing,” in Proceedings of the 5th USENIX conference on Hot topics in security, ser. HotSec’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–8. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924931.1924934 [8]. J. Pepitone, “Dropbox’s password nightmare highlights cloud risks,” June 2011. [9]. M. Ben-Salem and S. J. Stolfo, “Modeling user search-behavior for masquerade detection,” in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. Heidelberg: Springer, September 2011, pp. 1–20. [10]. B. M. Bowen and S. Hershkop, “Decoy Document Distributor: http://sneakers.cs.columbia.edu/ids/fog/,” 2009. [Online]. Available: http://sneakers.cs.columbia.edu/ids/FOG/

More Related Content

DOCX
Cloud Computing Security
Ahmed Banafa
 
PDF
Cloud Computing Security
Arunvignesh Venkatesh
 
PDF
Project 3
Priyanka Goswami
 
PDF
New Approaches to Security and Availability for Cloud Data
EMC
 
PDF
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
PDF
Global Security Certification for Governments
CloudMask inc.
 
PDF
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
PPTX
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Cloud Computing Security
Ahmed Banafa
 
Cloud Computing Security
Arunvignesh Venkatesh
 
Project 3
Priyanka Goswami
 
New Approaches to Security and Availability for Cloud Data
EMC
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Global Security Certification for Governments
CloudMask inc.
 
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 

What's hot (19)

PPTX
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
PDF
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
PDF
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
PDF
Securing Cloud Using Fog: A Review
IRJET Journal
 
PDF
br-security-connected-top-5-trends
Christopher Bennett
 
PDF
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
PDF
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
PDF
Attributable Networks - Guardtime Whitepaper
Martin Ruubel
 
PDF
Darktrace enterprise immune system whitepaper_digital
CMR WORLD TECH
 
PPTX
Microsoft Platform Security Briefing
technext1
 
PDF
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
PDF
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix
 
PDF
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
PPTX
Security challenges of cloud computing
Md. Hasibur Rashid
 
PPTX
Cloud Computing Security Issues
Stelios Krasadakis
 
PDF
Abuse_in_the_Cloud_Palani_Ashwin
Ashwin Palani
 
PDF
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
PDF
Why Passwords are not strong enough
EMC
 
PDF
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
Securing Cloud Using Fog: A Review
IRJET Journal
 
br-security-connected-top-5-trends
Christopher Bennett
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
Attributable Networks - Guardtime Whitepaper
Martin Ruubel
 
Darktrace enterprise immune system whitepaper_digital
CMR WORLD TECH
 
Microsoft Platform Security Briefing
technext1
 
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix
 
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Security challenges of cloud computing
Md. Hasibur Rashid
 
Cloud Computing Security Issues
Stelios Krasadakis
 
Abuse_in_the_Cloud_Palani_Ashwin
Ashwin Palani
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
Why Passwords are not strong enough
EMC
 
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Ad

Viewers also liked (8)

PPTX
Masquerader Detection
Arquam Md
 
PPTX
Intrusion detection system with GA
ChungHsiangHsueh
 
PPTX
626 Information leakage and Data Loss Prevention Tools
Splitty
 
PDF
Automated Detection of Session Fixation Vulnerabilities
Yuji Kosuga
 
PPT
Intrusiond and detection
Piyu Karande
 
PPTX
Dr.r.k.dhuria hydroponics aks, new delhi
AyurvetAks
 
PPT
Cloud Computing Business Model
ippei_suzuki
 
PDF
Cloud Computing Business Models
Karri Huhtanen
 
Masquerader Detection
Arquam Md
 
Intrusion detection system with GA
ChungHsiangHsueh
 
626 Information leakage and Data Loss Prevention Tools
Splitty
 
Automated Detection of Session Fixation Vulnerabilities
Yuji Kosuga
 
Intrusiond and detection
Piyu Karande
 
Dr.r.k.dhuria hydroponics aks, new delhi
AyurvetAks
 
Cloud Computing Business Model
ippei_suzuki
 
Cloud Computing Business Models
Karri Huhtanen
 
Ad

Similar to MIST Effective Masquerade Attack Detection in the Cloud (20)

PDF
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
PDF
A017130104
IOSR Journals
 
PDF
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
PDF
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
PDF
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...
Associate Professor in VSB Coimbatore
 
PDF
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...
AJASTJournal
 
PDF
Outsourcing control
Shahbaz Sidhu
 
DOCX
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
PPTX
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
PDF
SECURE CLOUD ARCHITECTURE
acijjournal
 
PDF
Cloud Computing Security Issues and Challenges
paperpublications3
 
PDF
Solutions of cloud computing security issues
Jahangeer Qadiree
 
PDF
Top Cloud Threats
Piyush Mittal
 
PDF
Csathreats.v1.0
vivek_kale27
 
PDF
Cloud Computing Security Issues and Challenges
CSCJournals
 
PDF
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
Claire Webber
 
PDF
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET Journal
 
DOCX
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
willcoxjanay
 
PDF
Review on Security Aspects for Cloud Architecture
IJECEIAES
 
DOC
Reseach paper-mla-sample
Cheap Custom Writing
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
A017130104
IOSR Journals
 
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...
Associate Professor in VSB Coimbatore
 
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...
AJASTJournal
 
Outsourcing control
Shahbaz Sidhu
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
SECURE CLOUD ARCHITECTURE
acijjournal
 
Cloud Computing Security Issues and Challenges
paperpublications3
 
Solutions of cloud computing security issues
Jahangeer Qadiree
 
Top Cloud Threats
Piyush Mittal
 
Csathreats.v1.0
vivek_kale27
 
Cloud Computing Security Issues and Challenges
CSCJournals
 
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
Claire Webber
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET Journal
 
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
willcoxjanay
 
Review on Security Aspects for Cloud Architecture
IJECEIAES
 
Reseach paper-mla-sample
Cheap Custom Writing
 

More from Kumar Goud (20)

PDF
Ijeee 33-36-surveillance system for coal mines based on wireless sensor network
Kumar Goud
 
PDF
Ijeee 28-32-accurate fault location estimation in transmission lines
Kumar Goud
 
PDF
Ijeee 24-27-energy efficient communication for adhoc networks
Kumar Goud
 
PDF
Ijeee 20-23-target parameter estimation for pulsed doppler radar applications
Kumar Goud
 
PDF
Ijeee 16-19-digital media hidden data extracting
Kumar Goud
 
PDF
Ijeee 16-19-a novel approach to brain tumor classification using wavelet and ...
Kumar Goud
 
PDF
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Kumar Goud
 
PDF
Ijeee 3-6-implementation of environment monitoring system using arm microcont...
Kumar Goud
 
PDF
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Kumar Goud
 
PDF
layout impact of resolution enhancement in design for manufacturing dfm- in ...
Kumar Goud
 
PDF
a new power gating technique for mitigation of standby leakage power using vt...
Kumar Goud
 
PDF
hardware implementation of aes encryption and decryption for low area & low p...
Kumar Goud
 
PDF
dynamic resource allocation using virtual machines for cloud computing enviro...
Kumar Goud
 
PDF
transient stability improvement in power system in multi machine system with ...
Kumar Goud
 
PDF
go green - green marketing its rise for an eco friendly processes in india
Kumar Goud
 
PDF
hand vein structure authentication
Kumar Goud
 
PDF
enhancement of low power pulse triggered flip-flop design based on signal fee...
Kumar Goud
 
PDF
implementation of area efficient high speed eddr architecture
Kumar Goud
 
PDF
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
Kumar Goud
 
PDF
Ijeee 58-61-assessment of raw milk quality by neural networking n-n- model i...
Kumar Goud
 
Ijeee 33-36-surveillance system for coal mines based on wireless sensor network
Kumar Goud
 
Ijeee 28-32-accurate fault location estimation in transmission lines
Kumar Goud
 
Ijeee 24-27-energy efficient communication for adhoc networks
Kumar Goud
 
Ijeee 20-23-target parameter estimation for pulsed doppler radar applications
Kumar Goud
 
Ijeee 16-19-digital media hidden data extracting
Kumar Goud
 
Ijeee 16-19-a novel approach to brain tumor classification using wavelet and ...
Kumar Goud
 
Ijeee 7-11-privacy preserving distributed data mining with anonymous id assig...
Kumar Goud
 
Ijeee 3-6-implementation of environment monitoring system using arm microcont...
Kumar Goud
 
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Kumar Goud
 
layout impact of resolution enhancement in design for manufacturing dfm- in ...
Kumar Goud
 
a new power gating technique for mitigation of standby leakage power using vt...
Kumar Goud
 
hardware implementation of aes encryption and decryption for low area & low p...
Kumar Goud
 
dynamic resource allocation using virtual machines for cloud computing enviro...
Kumar Goud
 
transient stability improvement in power system in multi machine system with ...
Kumar Goud
 
go green - green marketing its rise for an eco friendly processes in india
Kumar Goud
 
hand vein structure authentication
Kumar Goud
 
enhancement of low power pulse triggered flip-flop design based on signal fee...
Kumar Goud
 
implementation of area efficient high speed eddr architecture
Kumar Goud
 
professional fuzzy type-ahead rummage around in xml type-ahead search techni...
Kumar Goud
 
Ijeee 58-61-assessment of raw milk quality by neural networking n-n- model i...
Kumar Goud
 

Recently uploaded (20)

PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
web development for engineering and engineering
keshriji700
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 

MIST Effective Masquerade Attack Detection in the Cloud

  • 1. International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) MIST Effective Masquerade Attack Detection in the Cloud Tallapaneni Madhavi M.Tech Scholar (CSE) Dept. of CSE Prakasam Engineering College AP, India 43 Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment. Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user I. INTRODUCTION In this paper, we address a novel approach to securing personal and business data in the Cloud. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documents in a Cloud service. Decoy documents stored in the Cloud alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology could provide unprecedented levels of security in the Cloud and in social networks. If a valid user’s credentials are stolen by an attacker, the attacker can enter into the cloud as a valid user. Distinguishing the valid user and the attacker (the user, who is doing identity crime). Protecting the real user’s sensitive data on the cloud from the attacker (insider data theft attacker). Platforms will not show the complexity and details of the underlying infrastructure from users and applications by providing very simple graphical interface or API (Applications Programming Interface Cloud computing is a type of the use or operation of computers that relies on sharing computing resources rather than having local servers or personal devices to handle applications. Businesses, especially startups small talks, small and medium businesses (SMBs), are increasingly opting for outsourcing data and the action of mathematical calculation to the Cloud. Data theft attacks are increase the volume of the attacker is a intended to do harm insider. This is considered as one of the top effective threats to cloud computing by the Cloud privacy Alliance. While most Cloud computing users are well-aware of this effective threat, they are left only with trusting the service provider when it comes to protect their data. The lack of temporary information into, let alone constraints over, the Cloud provider authentication, authorization, and audit controls only make worse with this threat. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. Much research in Cloud computing security has focused on ways of preventing unauthorized and illegitimate access to data by developing sophisticated access control and encryption mechanisms. However these mechanisms have not been able to prevent data compromise. 2. LITERATURE SURVEY Top Threats to Cloud Computing Cloud Computing represents one of the most significant shifts in information technology many of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility has great potential, promising innovations we cannot yet imagine. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the opportunities to reduce capital costs. They are excited for a chance to divest them of infrastructure management, and focus on core competencies. Most of all, they are excited by the agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies and needs more readily. However, customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable. To aid both cloud customers and cloud providers, CSA developed “Security Guidance for Critical Areas in Cloud Computing”, initially released in April 2009, and revised in December 2009. This guidance has quickly become the industry standard catalogue of best practices to secure Cloud Computing, consistently
  • 2. International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 44 lauded for its comprehensive approach to the problem, across 13 domains of concern. Numerous organizations around the world are incorporating the guidance to manage their cloud strategies. The great breadth of recommendations provided by CSA guidance creates an implied responsibility for the reader. Not all recommendations are applicable to all uses of Cloud Computing. Some cloud services host customer information of very low sensitivity, while others represent mission critical business functions. Some cloud applications contain regulated personal information, while others instead provide cloud-based protection against external threats. It is incumbent upon the cloud customer to understand the organizational value of the system they seek to move into the cloud. Ultimately, CSA guidance must be applied within the context of the business mission, risks, rewards, and cloud threat environment using sound risk management practices. Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to “Security Guidance for Critical Areas in Cloud Computing”. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. There has been much debate about what is “in scope” for this research. We expect this debate to continue and for future versions of “Top Threats to Cloud Computing” to reflect the consensus emerging from those debates. While many issues, such as provider financial stability, create significant risks to customers, we have tried to focus on issues we feel are either unique to or greatly amplified by the key characteristics of Cloud Computing and its shared, on-demand nature. We identify the following threats in our initial document: · Abuse and Nefarious Use of Cloud Computing · Insecure Application Programming Interfaces · Malicious Insiders · Shared Technology Vulnerabilities · Data Loss/Leakage · Account, Service & Traffic Hijacking · Unknown Risk Profile Our goal is to provide a threat identification deliverable that can be quickly updated to reflect the dynamics of Cloud Computing and its rapidly evolving threat environment. We look forward to your participation on subsequent versions of “Top Threats to Cloud Computing”, as we continue to refine our list of threats, and to your input as we all figure out how to secure Cloud Computing. Threat #1: Abuse and Nefarious Use of Cloud Computing IaaS providers offer their customers the illusion of unlimited compute, network, and storage capacity — often coupled with a ‘frictionless’ registration process where anyone with a valid credit card can register and immediately begin using cloud services. Some providers even offer free limited trial periods. By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity. PaaS providers have traditionally suffered most from this kind of attacks; however, recent evidence shows that hackers have begun to target IaaS vendors as well. Future areas of concern include password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms. Threat #2: Insecure Interfaces and APIs Cloud Computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Furthermore, organizations and third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API; it also increases risk, as organizations may be required to relinquish their credentials to third parties in order to enable their agency. Threat #3: Malicious Insiders The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 3. PROPOSED SYSTEM We propose a completely different approach to securing the cloud using decoy information technology, that we have come to call Fog computing. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from
  • 3. International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 45 fake worthless data. The decoys, then, serve two purposes: (1) validating whether data access is authorized when abnormal information access is detected, and (2) confusing the attacker with bogus information. MODULE DESCRIPTION: 1. Cloud Computing. 2. User Behavior Profiling: 3. Decoy documents. 1. Cloud computing: Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service-provider interaction. It divides into three types 1. Application as a service. 2. Infrastructure as a service. 3. Platform as a service. 2. User Behavior Profiling: We monitor data access in the cloud and detect abnormal data access patterns User profiling is a well known Technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior-based security is commonly used in fraud detection applications. Such profiles would naturally include volumetric information, how many documents are typically read and how often. We monitor for abnormal search behaviors that exhibit deviations from the user baseline the correlation of search behavior anomaly detection with trap-based decoy files should provide stronger evidence of malfeasance, and therefore improve a detector’s accuracy. 3. Decoy documents: We propose a different approach for securing data in thecloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data the decoys, then, serve two purposes: (1) Validating whether data access is authorized when abnormal information access is detected, and (2) Confusing the attacker with bogus information.. 4. IMPLEMENTATION Figure 1 System Architecture Figure.2. AUC Comparison by user 4.1. System Modules User Access Behavior Profiling: It is expected that access to a user’s information in the Cloud will exhibit a normal means of access. User profiling is a well known technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior-based security is commonly used in fraud detection applications. Such profiles would naturally include volumetric information, how many documents are typically read and how often. These simple user specific features can serve to detect abnormal Cloud access based partially upon the scale and scope of data transferred. Decoy File System Maintenance: Decoy information, such as decoy documents, honeyfiles, honeypots, and various other bogus information can be generated on demand and serve as a means of detecting unauthorized access to information and to
  • 4. International Journal of Ethics in Engineering & Management Education Website: www.ijeee.in (ISSN: 2348-4748, Volume 1, Issue 10, October 2014) 46 ‘poison’ the thief’s ex-filtrated information. Serving decoys will confound and confuse an adversary into believing they have ex-filtrated useful information, when they have not. This technology may be integrated with user behavior profiling technology to secure a user’s information in the Cloud. Whenever abnormal access to a cloud service is noticed, decoy information may be returned by the Cloud and delivered in such a way as to appear completely legitimate and normal. The true user, who is the owner of the information, would readily identify when decoy information is being returned by the Cloud, and hence could alter the Cloud’s responses through a variety of means, such as challenge questions, to inform the Cloud security system that it has inaccurately detected an unauthorized access. In the case where the access is correctly identified as an unauthorized access, the Cloud security system would deliver unbounded amounts of bogus information to the adversary, thus securing the user’s true data from unauthorized disclosure. The decoys, then, serve two purposes: (1) validating whether data access is authorized when abnormal information access is detected, and (2) confusing the attacker with bogus information. Anomaly Detection: The correlation of search behavior anomaly detection with trap-based decoy files should provide stronger evidence of malfeasance, and therefore improve a detector’s accuracy. We hypothesize that detecting abnormal search operations performed prior to an unsuspecting user opening a decoy file will corroborate the suspicion that the user is indeed impersonating another victim user. This scenario covers the threat model of illegitimate access to Cloud data. Furthermore, an accidental opening of a decoy file by a legitimate user might be recognized as an accident if the search behavior is not deemed abnormal. In other words, detecting abnormal search and decoy traps together may make a very effective masquerade detection system. Combining the two techniques improves detection accuracy. We use decoys as an oracle for validating the alerts issued by the sensor monitoring the user’s file search and access behavior. In our experiments, we did not generate the decoys on demand at the time of detection when the alert was issued. Instead, we made sure that the decoys were conspicuous enough for the attacker to access them if they were indeed trying to steal information by placing them in highly conspicuous directories and by giving them enticing names. With this approach, we were able to improve the accuracy of our detector. Crafting the decoys on demand improves the accuracy of the detector even further. Combining the two techniques, and having the decoy documents act as an oracle for our detector when abnormal user behavior is detected may lower the overall false positive rate of detector. Challenge Requests: If the current user’s behavior seems anomalous, then the user is asked for randomly selected secret questions. If the user fails to provide correct answers for a certain limits or threshold, the user is provided with decoy files. If the user provided correct answers for a limit, the user is treated as normal user. 5. CONCLUSION We present a novel approach to securing personal and business data in the Cloud. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documents in a Cloud service. Decoy documents stored in the Cloud alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology , could provide unprecedented levels of security in the Cloud and in social networks model. REFERENCES [1]. Cloud Security Alliance, “Top Threat to Cloud Computing V1.0,” March 2010. [Online]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [2]. M. Arrington, “In our inbox: Hundreds of confidential twitter documents,” July 2009. [Online]. Available: http://techcrunch.com/2009/07/14/in-our-inbox-hundreds-ofconfidential- twitter-documents/ [3]. D. Takahashi, “French hacker who leaked Twitter documents to TechCrunch is busted,” March 2010. [Online]. Available: http://venturebeat.com/2010/03/24/french-hacker-wholeaked- twitter-documents- to-techcrunch-is-busted/ [4]. D. Danchev, “ZDNET: french hacker gains access to twitter’s admin panel,” April 2009. [Online]. Available: http://www.zdnet.com/blog/security/french-hacker-gains-access-totwitters- admin-panel/3292 [5]. P. Allen, “Obama’s Twitter password revealed after french hacker arrested for breaking into U.S. president’s account,” March 2010. [Online]. Available: http://www.dailymail.co.uk/news/article- 1260488/Barack- Obamas-Twitter-password-revealed-French-hacker-arrested. html [6]. F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing confidential data in the cloud,” in Proceedings of the First International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments, Hong Kong, ser. DCDV ’11, June 2011. [7]. M. Van Dijk and A. Juels, “On the impossibility of cryptography alone for privacy-preserving cloud computing,” in Proceedings of the 5th USENIX conference on Hot topics in security, ser. HotSec’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–8. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924931.1924934 [8]. J. Pepitone, “Dropbox’s password nightmare highlights cloud risks,” June 2011. [9]. M. Ben-Salem and S. J. Stolfo, “Modeling user search-behavior for masquerade detection,” in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. Heidelberg: Springer, September 2011, pp. 1–20. [10]. B. M. Bowen and S. Hershkop, “Decoy Document Distributor: http://sneakers.cs.columbia.edu/ids/fog/,” 2009. [Online]. Available: http://sneakers.cs.columbia.edu/ids/FOG/