Detecting Insider Malicious Activities in Cloud Collaboration Systems

Cloud Collaboration Systems (CCS) offer efficient coordination among users to work on shared tasks in diverse distributed environments such as social networking, healthcare, wikis, and intelligent systems. Many cloud collaboration systems services are basically loosely coupled in nature. The flexibility of such CCS lead to various vulnerabilities in the system since the users are given broad access privileges. This may result in catastrophic activities from malicious insiders which in turn result in major misuse and abuse of information. While many sophisticated security mechanisms have been established to detect outsider threats in various systems, a very few works have been reported so far to detect anomalous insider activities in complex CCS. In this paper, we propose a Sliding Window based Anomaly Detection using Maximum Mean Discrepancy or SWAD-MMD model to detect anomalous insider activities via access network of users and objects. The main scope of this paper is to exploit information theoretic and statistical techniques to address the above security issues in order to provide information theoretically provable security (i.e., anomaly detection with vanishing probability of error) based on graph based Maximum Mean Discrepancy (MMD) that measures the distance between mean embedding of distributions into a Reproducing Kernel Hilbert Space (RKHS). The theoretical aspects show that the proposed approach is suitable for detecting anomalous insider activities in dynamic cloud collaborative systems. Finally we validate the proposed model using two publicly available datasets fromWikipedia and present a performance evaluation in terms of accuracy of the proposed model.