Internati
o
nal
Journal of Ele
c
trical
and Computer
Engineering
(IJE
CE)
Vol.
5, No. 6, Decem
ber
2015, pp. 1545~
1
552
I
S
SN
: 208
8-8
7
0
8
1
545
Jo
urn
a
l
h
o
me
pa
ge
: h
ttp
://iaesjo
u
r
na
l.com/
o
n
lin
e/ind
e
x.ph
p
/
IJECE
Novel
Approach for Cont
rol
Da
ta Theft Attack in Cloud
Computing
K.
Nar
a
si
mh
a
Sas
t
r
y
, B
.
T
h
i
r
umal
a
Ra
o,
T
.
Gun
a
se
kh
a
r
Dept of CSE, K
L University
, In
dia
Article Info
A
B
STRAC
T
Article histo
r
y:
Received
May 27, 2015
Rev
i
sed
Au
g
12
, 20
15
Accepte
d
Se
p 2, 2015
Information security
is a major
pr
oblem faced
b
y
cloud compu
ting around
the world
.
Be
ca
us
e of the
i
r adv
e
rs
e eff
ects
on
organiz
a
tion
a
l
i
n
form
ation
s
y
s
t
em
s
,
virus
e
s
,
hackers
,
and a
t
t
acker
s inside
rs ca
n je
opa
r
dize or
ganizations
capab
ilities to
pursue their un
dertak
en
effectively
.
Although
technolo
g
y
based solutions help to m
itiga
t
e
som
e
of the m
a
n
y
probl
em
s of
inform
ation
securit
y
,
even t
h
e preem
inent t
echnolog
y
c
a
n’t
work successf
ull
y
un
less
effec
tive hum
a
n
com
puter co
m
m
unica
tion o
ccurs.IT
exper
t
s, users and
adm
i
nistrators
al
l pla
y
cru
c
ia
l ro
le to
de
term
ine
the b
e
havior
tha
t
oc
curs as
people inter
act with
information
techno
log
y
will support the maintenan
ce of
effec
tive s
e
curi
t
y
or thr
eat
en i
t
. In the pr
es
e
n
t paper we tr
y to
app
l
y
behavior
al scien
ce
concepts and
te
chniques to understanding
p
r
oblems
of
information secu
rity
in org
a
nizations.
Keyword:
Insi
der
Jeopardize
Mitig
ate
Preem
inent
Copyright ©
201
5 Institut
e
o
f
Ad
vanced
Engin
eer
ing and S
c
i
e
nce.
All rights re
se
rve
d
.
Co
rresp
ond
i
ng
Autho
r
:
K. Nar
a
sim
h
a
Sastry
,
Dept o
f
CSE
,
K L Un
iv
ersity.
Em
a
il: sastrysa
ys@g
m
a
il.co
m
1.
INTRODUCTION
C
l
ou
d st
ora
g
e
i
s
a
m
odel
of n
e
t
w
o
r
ke
d ent
e
r
p
ri
se C
ache
w
h
ere
dat
a
i
s
st
ored i
n
vi
rt
ual
i
z
ed p
ool
s
of
st
ora
g
e. St
ori
n
g,
Out
s
ou
rci
n
g
dat
a
i
n
C
l
o
u
d
has b
eco
m
e
an ext
r
em
ely
conve
n
ient
c
h
oice for the
business
sect
or.
I
n
s
p
i
t
e
of
an
excel
l
e
nt
o
p
er
at
i
onal
effi
ci
ency
,
st
ori
ng
dat
a
on
cl
ou
d
has i
t
s
o
w
n
set
o
f
dra
w
bac
k
s
whi
c
h i
m
possi
bl
e t
o
a
voi
d.
St
eal
i
ng t
h
e
us
er cre
d
e
n
t
i
a
l
s
by
M
a
sq
uera
d
e
rs m
i
m
i
c l
e
gi
tim
at
e users w
h
en t
h
ey
access of Cloud.
Whe
n
the
masquera
de
rs logs i
n
with th
e stolen cre
d
e
n
tials, He or s
h
e gets sam
e
rights to
access the
data
like real
use
r
.
These type
s
of
attacksare
done by insider [2].
The i
n
form
ation the
f
t attacks
carrie
d
out
by
an i
n
si
d
e
r is
o
n
e
of th
e top th
reats t
o
Clou
d security.
One
of the curre
nt exam
ples being the cre
d
it card data
breach at Marri
ot, She
r
aton a
nd
othe
r hotel
s. The
com
p
any
sai
d
i
n
f
o
rm
at
i
on o
f
cust
om
er’s
na
m
e
s and
n
u
m
b
ers
on
cons
umers'
credit or
debit cards, sec
u
rity
code
s an
d ca
rd
expi
rat
i
on
dat
e
s are t
h
e
f
t
by
cy
ber cri
m
i
n
al
s. A
n
ot
her e
x
a
m
pl
e i
s
t
h
e on
e whi
c
h
hap
p
e
n
ed i
n
B
e
rl
i
n
. C
e
l
l
p
h
o
n
e,
b
r
oa
d
b
a
nd
p
r
o
v
i
d
e
r
V
oda
f
one
De
ut
s
c
hl
an
d say
s
i
t
was t
h
e t
a
rget
of a l
a
rge
scal
e dat
a
th
eft affecting
th
e p
e
rson
al details o
f
2
mill
io
n
Germ
an custom
ers. Spokesm
an Al
ex
and
e
r
Leinho
s says th
e
attack
was cond
u
c
ted
b
y
an un
id
en
tified
IT
syste
m
s ad
min
i
strato
r
wh
o wo
rk
ed
for a com
p
an
y.
Voda
fone said in a state
m
ent Thur
s
d
ay that the stolen dat
a
include
d c
u
s
t
om
ers
'
na
m
e
s, addresses
,
et
c. and
was d
one
by
an i
n
si
der a
ttacke
r
.Various security
m
echanism
s
h
a
v
e
fo
cu
sed
on
w
a
ys of
pr
ev
en
ting
illegal and
una
uthorize
d acce
ss to data
present on the Cl
oud. This has
been done
through va
rious
enc
r
ypti
on
tech
n
i
qu
es. N
i
n
g
Cao
,
Cong
W
a
ng
and
o
t
h
e
rs
p
r
op
o
s
ed
an
en
cryp
tion
tech
n
i
qu
e
b
a
sed
on
Mu
lti-k
e
yw
o
r
d
R
a
nke
d Sea
r
c
h
whi
c
h ca
nn
ot
pr
ot
ect
agai
n
s
t
i
n
si
der
at
t
ack
er. B
u
i
l
d
i
n
g t
h
e t
r
ust
w
o
r
t
h
y
cl
ou
d i
s
n
o
t
en
ou
g
h
,
av
o
i
d
i
ng
d
a
ta th
eft attack
s is
m
o
re i
m
p
o
r
tant. On
ce th
e
d
a
t
a
is lo
st we cou
l
d
n
o
t
g
e
t it back
. Th
en
an
id
ea is
pr
o
pose
d
w
h
i
c
h ca
n sec
u
re
d
a
t
a
t
o
s
o
m
e
ext
e
nt
i
.
e.
di
si
nf
orm
a
t
i
on at
t
ack.
O
n
e e
x
am
ple i
s
dat
a
t
h
eft
at
t
a
c
k
from
the Cloud. Se
ve
ral Twi
tter pers
onal and
business
docum
ents were
ex-filtrated
to t
echnological website
TechCrunch [2], and c
u
stomers
‟
accounts, Cloud service custom
er
a
nd
within pe
rsonal online socia
l
Evaluation Warning : The document was created with Spire.PDF for Python.
I
S
SN
:
2
088
-87
08
IJECE
Vol. 5, No. 6, D
ecem
ber
2015 :
1545 –
1552
1
546
net
w
or
ki
n
g
pr
ofi
l
e
s by
i
n
di
vi
dual
users
.
C
l
o
ud st
ora
g
e i
s
a
m
odel
of net
w
or
ke
d ent
e
r
p
ri
se st
ora
g
e w
h
er
e l
a
rge
d
a
ta is stored
[3
].
2.
SYSTE
M
MO
DEL
Th
ere are th
ree d
i
fferen
t
en
t
ities as
in
Fig
u
r
e 1.
Clo
u
d
serv
er, Clou
d
serv
ice prov
id
er (CSP) and
clien
t
s are th
e d
a
ta own
e
rs.
Clien
t
s always requ
ests
s
p
ac
e on t
h
e cloud while in re
gis
t
ration. T
h
e se
rvice
provider takes
the re
quest, proces
sesre
q
ues
t
and acce
ss
t
o
the client
on cloud.
The cli
e
nt receive
a s
y
ste
m
created
pass
word via em
ail
by clou
d se
rve
r
. O
n
ce t
h
e
re
gi
st
rat
i
on i
s
s
u
ccessfully completed the
user can
access his
data
and capa
b
le t
o
perf
orm
uploa
d,
downloa
d
a
n
d etc.
Fi
gu
re 1.
Sy
st
em
m
odel
3.
SECU
RI
NG
CLOU
D WIT
H
FO
G
C
l
ou
d com
put
i
ng i
s
a t
ech
ni
q
u
e w
h
i
c
h
pr
o
v
i
d
e ser
v
i
ces t
o
cl
i
e
nt
ove
r t
h
e
net
w
or
k;
use
r
can us
e an
y
t
y
pe o
f
ser
v
i
c
e
s
(Saa
S,
PaaS,
IaaS
). C
l
o
u
d
st
ora
g
e i
s
t
h
e
m
odel
of
net
w
or
k e
n
t
e
r
p
ri
se
st
ora
g
e
whe
r
e
hu
g
e
am
ount
of
data
are stored. Cl
oud c
o
m
puting provide st
or
a
g
e space se
rvice
s
for the
use
r
s,
user can
store
d
hi
s
data and information in the
cloud a
nd
he c
a
n access t
o
inform
ation as st
ore it form
any com
puter connecte
d
to
th
e in
tern
et
[2
],
[3
].th
e m
a
i
n
t
h
ing
is t
h
at t
h
e
u
s
er
d
on’
t
kn
ow
wh
er
e
and
ho
w
d
a
ta
is
sto
r
ed
?
a
nd
who
can
see th
e d
a
ta
?
Th
e pro
b
l
em
o
f
u
s
er wh
en
h
e
sto
r
e sen
s
itiv
e in
form
at
io
n
in
th
e clou
d
t
h
e u
s
er
requ
ire secu
rity
of t
h
ecl
o
ud c
o
m
put
i
ng t
o
a
ssura
nce
n
o
b
o
d
y
can
ri
g
h
t
t
o
u
s
e an
d
vi
ew hi
s
dat
a
a
nd
b
u
si
nes
s
r
e
l
a
t
e
d
i
n
f
o
rm
at
i
on t
h
at
hi
s st
ore i
n
cl
oud
, t
o
av
oi
d t
h
i
s
pr
o
b
l
e
m
used e
n
cry
p
t
i
on m
e
t
hod. B
u
t
encry
p
t
i
o
n m
e
t
h
o
d
uns
ucces
sful in pre
v
enting
data theft
attacks. By applying encry
p
tion tec
hni
que t
o
the i
n
form
ation we
can’t
realize to
tal p
r
o
t
ectio
n
to
co
nfid
en
tial d
a
ta. In
Ex
istin
g
syste
m
as p
e
r th
e Literatu
re su
rvey d
o
n
e it is o
b
serve
th
at d
eco
y f
ile cr
eatio
n
is done w
h
en
ev
er
n
e
w
f
ile is b
e
ing
u
p
l
o
a
d
t
o
th
e clo
u
d
w
a
s sug
g
ested
bu
t in
such
case
require
huge a
m
ount of stora
g
e space i
n
the
cloud
[4]. A.
Disadva
n
tage 1.
It’s
not
id
e
n
tify whe
n
the at
tack is
h
a
pp
en
ing
.
2
.
Itsv
ery co
m
p
lex
to
id
en
tify
wh
i
c
h
u
s
er is
attack
.3
.
We can’t detect th
e file wh
ich
was h
a
ck
i
n
g.
4.
PROP
OSE
D
WORK
In
o
u
r
wo
rk
w
e
p
r
o
p
o
se
a
di
ffe
rent
a
p
pr
oa
ch fo
r secu
ri
n
g
dat
a
i
n
t
h
e cl
ou
d usi
n
g o
f
f
e
nsi
v
e dec
o
y
tech
no
log
y
. The d
a
ta th
eft b
y
in
sid
e
r is sim
p
ly p
a
ssed
wi
t
h
t
h
e hel
p
o
f
cre
a
t
i
on o
f
dec
o
y
fi
l
e
on dem
a
nd
.
W
e
check
data acc
ess in the cl
oud an
d ide
n
tify
abnorm
a
l data
access pattern
s.
When illegal
access is suppose
d
and t
h
e
n
ve
ri
fi
ed usi
ng c
h
al
l
e
nge
que
st
i
ons
, we l
a
unc
h di
si
nf
orm
a
t
i
on at
t
ack by
ret
u
r
n
i
ng l
a
r
g
e am
o
unt
s
o
f
d
eco
y inform
at
io
n
to
th
e attack
er. In
t
h
e syste
m
we develop whe
n
ever in
si
der
obse
r
ved t
o
be
per
f
o
r
m
i
ng dat
a
t
h
eft
,
onl
y
t
h
e
n
dec
o
y
fi
l
e
i
s
creat
ed a
nd i
s
passe
d
on t
o
t
h
e re
quest
i
n
g i
n
si
der,
w
h
e
n
eve
r
user t
r
y
i
ng t
o
upl
oad
a
fi
l
e
o
n
t
h
e
cl
o
u
d
us
er
pr
ovi
de sec
u
ri
t
y
q
u
est
i
o
n.
The
sam
e
securi
t
y
q
u
est
i
o
n
appea
r
w
h
en
a
n
y
u
s
er
want
t
o
d
o
w
nl
oad
or d
o
any
ope
rat
i
o
n per
f
o
rm
on t
h
e par
t
i
c
ul
ar fi
l
e
for
m
t
h
e cl
oud. I
n
case i
n
si
der
t
r
i
e
s t
o
do
w
n
l
o
a
d
t
h
e
sam
e
fi
l
e
onc
e agai
n t
h
e
us
age o
f
t
i
m
e stam
p base
d ke
y
gi
ves hi
m
a new
dec
o
y
fi
l
e
as
co
m
p
ared
t
o
the prev
i
o
u
s
wh
i
c
h
will co
nfu
s
e h
i
m
.
Th
is
pro
t
ects ag
ain
s
t t
h
e misu
se of t
h
e
u
s
er’s
real
d
a
ta.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
J
ECE
I
S
SN
:
208
8-8
7
0
8
No
vel App
r
oa
ch
for Con
t
ro
l
Da
t
a
Th
eft Atta
ck in Clou
d Co
mpu
tin
g (K.
Na
ra
si
mha
Sa
stry
)
1
547
Fi
gu
re
2.
B
l
oc
k
Di
ag
ram
of P
r
o
p
o
sed
sy
st
em
We are
prov
idin
g
an
OTP sy
ste
m
at th
e u
s
er lev
e
l in
t
h
is
syste
m
. Th
e OTP system
wil
l
g
e
n
e
rate a
v
e
rification
cod
e
wh
ich
th
e
user req
u
i
red
to
en
ter du
ri
n
g
reg
i
stratio
n. After th
is co
d
e
will b
e
co
nfirm
e
d
b
y
th
e
TPA and
on
ly after
h
i
s au
tho
r
ization
th
e
user reg
i
stration will b
e
don
e. Nex
t
m
o
v
e
s t
o
th
e
u
p
l
o
a
d
i
ng
and
d
o
wn
lo
ad
ing
of files.
W
h
ile up
lo
ad
ing
th
e inn
o
v
a
tiv
e d
a
ta
will b
e
sen
t
to
th
e CSP an
d
a
co
p
y
of it wo
uld
b
e
sen
t
to
t
h
e TPA for au
t
h
en
ti
catio
n
.
After a si
m
p
le ye
s/n
o
m
e
ssag
e
fro
m
th
e TPA the in
nov
ativ
e file
will b
e
p
r
o
cessed
fu
rt
h
e
r fo
r
d
i
v
i
sion
and
en
cry
p
tio
n
b
y
th
e CSP. Th
is will als
o
redu
ce th
e ov
erh
e
ad
sig
n
i
fican
tly.
The ri
ghts to
m
odify update
or delete will only exist in
with the owne
r of t
h
e da
ta thereby ensuring a
m
o
st
select lev
e
l o
f
Security. In
tern
ally th
e DB ad
m
i
n
is
al
so
m
oni
t
o
re
d by
t
h
e TPA i
n
o
r
de
r t
o
keep a c
h
e
c
k
o
n
any form
of wi
cked activity.
Data lost ca
n a
l
so eff
ect
i
v
el
y
ret
r
i
e
ve
d
usi
n
g
st
an
dby
se
r
v
er
s (R
A
I
D LE
V
EL 1
)
.
Oth
e
r sp
ecificatio
n
s
i
n
th
e applicatio
n
in
clude d
i
g
ital sign
at
u
r
es.
Figure
3. System
architecture
5.
SECU
RI
NG
CLOU
DS
The neces
sary idea is that we
can
boundary the injure of
stolen inform
atio
n if we decreas
e the value
of that stolen i
n
form
ation to the attacker
.
We can achieve t
h
is
th
ro
ugh
a “p
rev
e
n
tiv
e
‟
di
s
i
nf
orm
a
t
i
on at
tack.
We im
agine that secure
Cloud se
rvices
can
be
i
m
pl
em
ent
e
d
gi
ve
n t
w
o
ot
her
secu
ri
t
y
fe
at
ures:
1) C
o
n
f
usi
ng t
h
e at
t
acker wi
t
h
d
u
m
m
y
dat
a
we im
ag
in
e th
at th
e co
m
b
in
atio
n
of th
ese two
secu
rity
feature
s
will provi
de
unm
atched levels
of se
curity in Cloud. Curre
ntly th
e
Cloud sec
u
rity m
e
thod is
avai
lable
that provides this level
of sec
u
rity.
We
have
use
f
ul
t
h
ese c
once
p
ts t
o
noti
ce illegal data
access to
data
store
d
on
a l
o
cal
fi
l
e
sy
st
em
by
m
a
sq
uera
de
rs
, i.e. attackers
who copy
valid
us
ers after th
eft th
eir i
d
en
tifi
catio
n.
Una
u
thorized
access to Cloud data
by a ra
scal insider
as
the m
a
licious act of a m
a
squera
der. Our s
a
m
p
le
Evaluation Warning : The document was created with Spire.PDF for Python.
I
S
SN
:
2
088
-87
08
IJECE
Vol. 5, No. 6, D
ecem
ber
2015 :
1545 –
1552
1
548
resu
lts in
a lo
cal file syste
m
s
e
ttin
g
sho
w
that co
m
b
in
ing
bo
th
pro
cedu
r
es can
yield
b
e
tter recogn
itio
n
resu
lts.
The
res
u
l
t
s
are
rec
o
m
m
e
nd t
h
at
t
h
i
s
ap
p
r
oac
h
m
a
y
wor
k
i
n
a C
l
o
u
d
en
vi
r
onm
ent
.
T
h
e C
l
ou
d i
s
pr
o
p
o
s
e
d t
o
be as clear to
the user as a l
o
cal f
ile system
.
In
th
e fo
llowing
we an
alysis b
r
iefly so
me o
f
th
e trial resu
lts
achi
e
ve
d
by
u
s
i
ng t
h
i
s
a
p
p
r
oa
ch t
o
det
ect
m
a
squ
e
rad
e
activ
i
t
y in
a lo
cal
file settin
g
[9
], [11
]
.
2)
Desc
ri
pt
i
o
n
of
R
e
searc
h
a)
User
Beh
a
v
i
or Profilin
g
b)
Decoy docum
e
nts
c)
Secure from
dealer
d)
B
l
ock t
h
e
nast
y
user
e)
Diffe
re
ntiate u
s
er
5
.
1
.
User Profiling
Behav
i
o
r
Mo
dule
In
th
is co
m
p
on
en
t, ad
m
i
n
will g
o
i
n
g
to
reco
rd
lo
g
record
o
f
all u
s
ers
so
th
at h
e
can easily
set
worki
n
g baseli
ne for legal us
er.
Adm
i
n
m
onitor
data
acce
ss in the cl
oud and notice abnorm
al data access
p
a
ttern
s
User
profilin
g
will a well-k
nown
Tech
n
i
q
u
e
th
at
can
b
e
app
lied
h
e
re to
ch
eck
h
o
w,
wh
en
, and
ho
w
m
u
ch a client access their da
ta in the Cl
oud.
Suc
h
'
n
ormal user'
be
ha
vior c
a
n
be c
o
ntinuously chec
ked
t
o
determ
ine whe
t
her a
b
norm
a
l
access to a
us
er'
s
data is ex
perie
n
ce. T
h
is
m
e
thod of
be
havi
or
base
d s
ecurity
will regu
larly
u
s
e in sch
e
m
e
un
cov
e
ri
ng
ap
p
lication
s
. Such
p
r
o
f
iles wou
l
d
ob
v
i
o
u
s
ly in
clu
d
e
vo
lu
m
e
tric
i
n
f
o
rm
at
i
on, h
o
w m
a
ny
doc
um
ent
s
are t
ypi
cal
l
y
read a
nd
h
o
w
oft
e
n.
W
e
chec
k f
o
r a
b
n
o
r
m
a
l
searc
h
beha
vi
o
r
s t
h
at
di
spl
a
y
de
vi
at
i
ons f
r
o
m
the u
s
er
basel
i
n
e t
h
e c
o
n
n
e
c
t
i
on o
f
sea
r
c
h
act
i
o
n
s
di
f
f
e
rence
id
en
tificatio
n
with
trap
-b
ased
d
e
co
y
files
sh
ou
ld
p
r
ov
id
e stron
g
e
r
co
nfir
mation of m
a
lfeasance, a
n
d therefore
recover a
detec
t
or'
s
exactne
ss
[13].
5.2. Dec
o
y
Documents
Module
We s
u
ggest a
diffe
re
nt approach for securing data
i
n
t
h
e c
l
ou
d u
s
i
n
g na
s
t
y
decoy
t
ech
n
o
l
o
gy
.
We
m
onitor data
a
ccess in the cl
oud a
n
d se
nse
irregular da
ta
access patterns.
W
e
initiate a
disinform
a
t
i
on attack
by
rec
u
r
r
i
n
g l
a
rge am
ou
nt
s
of
dec
o
y
i
n
f
o
rm
at
i
on t
o
t
h
e a
tta
cker. T
h
is protects against
t
h
e
m
i
suse of the
user'
s
real
dat
a
.
W
e
u
s
e t
h
i
s
t
echnol
ogy
t
o
be
gi
n
di
si
nf
orm
a
t
i
on at
t
acks agai
nst
m
a
l
i
c
i
ous i
n
si
ders, p
r
e
v
ent
i
n
g
t
h
em
fr
om
di
st
i
ngui
s
h
i
n
g t
h
e
val
i
d
aware
cust
om
er
dat
a
f
r
om
bo
gus
u
s
el
ess
[9]
,
[
11]
.
5.3. Secure fr
om De
aler
If legal
user
does not wa
nt to gi
ve access t
o
the
d
ealer s
o
we can
protec
t that access form
dealer. In
pre
v
ious syste
m
, dealer can directly
access the own or c
o
rporate
data which is
stored
on to th
e cloud. T
h
ere is
n
o
an
y situ
atio
n
fo
r secu
rity o
f
inform
atio
n
wh
ich
is sto
r
ed o
n
to
th
e cloud
. So
in
ou
r
p
l
an
n
e
d
system
,
all th
e
data whic
h is store
d
on the cloud is
confine
d
, it is totally depe
nd on the user to assi
gn access agreem
ent to its
data. In case, i
f
dealer
wa
nt to access the inform
ation wh
i
c
h is store
d
on the cloud, it has to gain t
h
e
pri
v
ate
key
o
f
t
h
at
pa
rt
i
c
ul
ar
user t
o
decry
p
t
t
h
e i
n
fo
rm
ati
on a
n
d
t
h
i
s
m
e
t
hod i
s
get
fi
ni
she
d
vi
a safe
key
r
e
pl
ac
e
al
go
ri
t
h
m
[14]
,
[
15]
.
5.
4.
B
l
ock the Nas
t
y User
If
we will fo
und
an
y
n
a
sty u
s
er fro
m
h
i
s u
s
er profile b
e
h
a
vio
r
we can
d
i
rectly
b
l
o
c
k
th
at u
s
er or we
can ask a sec
u
rity questions
. For e
x
. User successively
fails in
lo
g
i
n
,
an
im
a
l
search
attack
, u
p
l
o
a
ds files
wh
ich
con
t
ain
s
.ex
e
files with in
it etc, [13
]-[15
]. So
, a
ll th
is record
of th
e
all u
s
er
will main
tain
ed
i
n
the u
s
er
p
r
o
f
iling
activ
i
ties, so
as soon as syste
m
d
e
te
cts an
y n
a
st
y activ
ities, it d
i
rectly b
l
o
c
k
th
at
u
s
er i
n
case, if an
y
allowed use
r
try to searc
h
a
n
y othe
r
widely s
t
ore
d
file
s the
n
according t
o
our
situa
tion our system
blocks that
client, but
during bl
ocki
ng
sy
ste
m
asks sec
u
rity questions
to that
us
e
r
to a
voi
d acce
pted
user jamm
ing [16].
5.
5.
Differe
nti
a
te User
We ca
n
di
ffe
r
e
nt
i
a
t
e
user
b
y
usi
n
g c
ont
a
c
t
ri
g
h
ts.
We can
allo
t
human
righ
ts at
th
e tim
e o
f
upl
oadi
ng
.
Fo
r
exam
pl
e l
o
w
user
ha
ve
o
n
l
y
read
pe
rm
i
ssi
ons,
hi
gh
u
s
er
h
a
s al
l
pe
rm
i
ssions
l
i
k
e m
odi
fi
cat
i
on.
B
y
cat
egori
z
i
n
g di
f
f
ere
n
t
use
r
s on t
h
e cl
o
u
d
,
we o
b
t
a
i
n
fai
r
and
fl
exi
b
l
e
co
nt
r
o
l
on m
a
nag
i
ng res
o
urces
o
n
t
h
e
cl
ou
d [1
1]
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
J
ECE
I
S
SN
:
208
8-8
7
0
8
No
vel App
r
oa
ch
for Con
t
ro
l
Da
t
a
Th
eft Atta
ck in Clou
d Co
mpu
tin
g (K.
Na
ra
si
mha
Sa
stry
)
1
549
6.
IMPLEME
N
TATION RE
SULTS
Fi
gu
re
4.
H
o
m
e
Scree
n
Fi
gu
re 5.
Use
r
Lo
gi
n
Fig
u
re
6
.
File
Up
l
o
ad to
cl
o
ud
Evaluation Warning : The document was created with Spire.PDF for Python.
I
S
SN
:
2
088
-87
08
IJECE
Vol. 5, No. 6, D
ecem
ber
2015 :
1545 –
1552
1
550
Fig
u
re 7
.
Files in
clou
d
Figu
re 8.
OT
P Verificatio
n
Fi
gu
re 9.
D
o
w
n
l
o
a
d
i
n
g Dat
a
Evaluation Warning : The document was created with Spire.PDF for Python.
I
J
ECE
I
S
SN
:
208
8-8
7
0
8
No
vel App
r
oa
ch
for Con
t
ro
l
Da
t
a
Th
eft Atta
ck in Clou
d Co
mpu
tin
g (K.
Na
ra
si
mha
Sa
stry
)
1
551
Fig
u
re 10
.
Resu
lts
This res
u
lts ca
n be
use
d
for i
d
entify the
una
u
thoriz
e
d
acce
ss by a
n
alyzing user
profiles[8] [9].
If a
n
y
u
n
a
u
t
horized
profile is id
en
tified
b
y
p
r
esen
tin
g
th
e ch
alleng
ing
qu
estion
if h
e
is an
swered
th
e o
r
i
g
in
al
d
a
ta is
di
spl
a
y
e
d
ot
he
rwi
s
e l
a
r
g
e a
m
ount
s of
dec
o
y
dat
a
i
s
di
s
p
l
a
y
e
d. T
h
e d
ecoy
i
n
f
o
rm
at
ion i
s
st
o
r
e
d
i
n
a l
o
cal
serv
er, wh
en
ever it req
u
i
red it will retr
iev
e
d fro
m
serv
er.
Th
e
d
e
tector is con
tin
uou
sly
m
o
n
ito
rin
g
u
s
ag
e
of
accessed
file a
n
d searc
h
c
r
iteria of
files.
7.
CO
N
C
LUS
I
ON
We i
m
pl
em
ented a di
ffe
rent
app
r
oach
fo
r s
ecuri
ng
per
s
o
n
a
l
and
bu
si
nes
s
dat
a
i
n
t
h
e
cl
ou
d.
We
propose a syste
m
to preve
n
t data access
pat
t
erns by profiling
user
beha
vi
or
to establish if and
whe
n
a wicke
d
insider c
r
iminally accesses someone docu
m
e
nts in the cloud services. The
d
ecoy technol
ogy allows the use to
k
eep
d
eco
y info
rm
atio
n
o
r
d
u
mmy
in
fo
rm
ati
o
n
in
the file syste
m
to
m
i
sle
a
d
in
sid
e
r d
a
ta th
eft attack
ers.
W
e
wo
ul
d
l
i
k
e t
o
i
n
crease
t
h
e
us
er
pr
ofi
l
e
m
a
nagem
e
nt
and
u
s
e m
o
re dec
o
y
i
n
f
o
rm
at
i
on f
r
o
m
vari
o
u
s
do
m
a
i
n
s
for civ
ilizing
ex
act po
sitiv
es
o
f
th
e
fog
co
mp
u
ting
.
REFERE
NC
ES
[1]
Ben-Salem
M, Salvator
e J. Stolfo, a
nd Ange
lo
s D. Kerom
y
t
i
s,
“
F
og Com
pu
ting: Mitiga
ting I
n
sider Data Th
e
f
t
Attacks
in th
e C
l
oud,”
I
E
EE sym
posium on secur
ity and priva
c
y
workshop (
S
PW)
, 2012
.
[2]
Saif Ali Abd., Alradha Alsaid
i, “Prot
ect Sensitiv
e Data in Public Cloud from
an
Theft Att
ack an
d detect Abnorm
a
l
Client Beh
a
vior”,
In
IJESC
,
2014
.
[3]
Gunasekhar T.,
Rao K.
T.,
Basu
M. T., "Understanding insid
e
r
at
tack p
r
oblem an
d scope in
cloud
,"
Circuit, Power
and Computing
Technologies (
I
CCPCT)
,
2015 International Co
nference on
, pp
.
1-6, 2015
.
[4]
Say
a
lir
aje, Namratap
atil, Shita
lmundhe, and Ritikamahaja
n “Cloud security
using fog computin
g”,
Pr
oceed
ings
of
IRF In
ternationa
l Conference,
20
14.
[5]
V. Sriharsha
,
V.
Prabhaker
,
and
N. Krishna Ch
yth
a
n
y
a
,
“
D
y
n
a
m
ic Deco
y Fi
le
Usage to
Prote
c
t from
m
a
li
cio
u
s
insider for data
on public cloud
”,
International
Journal of Adva
n
ced Engin
eerin
g and Global Technology
, Vol.
1,
No. 3, 2013.
[6]
P. Jy
o
t
hi, R. Anuradha,
and Dr. Y.
Vijay
a
lata, “Minimizing Internal Data
Theft
in Cloud Throu
gh Disinformation
Attacks
”
,
Intern
ational Journal
of Advanced
Resear
ch in Computer and Communication
Engin
eering
,
Vol.
2,
No.
9, 2013
.
[7]
Dn
y
a
n
e
sh S. Patil, Su
y
a
sh S. P
a
til
, Deepak P.
Pote,
a
nd Nil
e
sh V. Koli
, “Secured cloud com
puting with
deco
y
documents”,
Pr
o
ceed
ings
of
4th I
RF In
ter
nationa
l
Confer
en
ce
,
Pu
ne, 2014
.
[8]
Madhusri K. Navneet, “Fog Co
mputing: Det
ecting Malicious Attacks in
a cloud
”,
International
Jo
urnal of S
c
ien
tific
&
E
ngineering,
Research,
Vol. 4
,
No. 5, 2013.
[9]
Gunasekhar T.,
et al.
, "A Survey
on
Denial of
Service Attacks",
International
Journal of Com
puter Science a
nd
Information Technologies,
Vol.
5, No. 2, pp. 237
3-2376, 2014
.
[10]
Cloud Secur
i
t
y
Allian
ce, “Top
T
h
reat
to
Cloud C
o
m
puting V1.0,” 2010.
[11]
Gunasekhar T.,
et al
.,
"Mitig
atio
n of Insider
Attacks through Mul
ti-Cloud",
Intern
ational Journal of
Electrical
an
d
Computer Engin
eering (
I
JEC
E
)
,
Vol. 5
,
No.1
, pp
. 136-141, 2015.
[12]
M Dileep Kumar,
M.
Trinath Basu,
T.
Gunase
khar,
”Meshing
VANEMO
protocol into VANETs”,
Internatio
nal
Journal of Applied Eng
i
neering
Research,
Vol.
1
0
, No. 12, pp. 31
951-31958, 201
5.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
S
SN
:
2
088
-87
08
IJECE
Vol. 5, No. 6, D
ecem
ber
2015 :
1545 –
1552
1
552
[13]
Anusha M., Vemuru S., and Gunasekha
r T., "
T
DMA-based MAC protocols fo
r scheduling channel
allo
catio
n in
m
u
lti-chann
e
l
wireless m
e
sh
networks using
cogni
tive rad
i
o",
Circuit, Po
wer and Comp
uting Technolo
g
ies
(
I
CCPCT)
,
2015 International C
onference on
, pp
. 1-5
,
2015
.
[14]
T. Gunasekhar
,
K. Thirupa
thi R
a
o, ”
E
BCM: Single En
cr
yption
,
Multiple De
cr
yptions”,
In
ternational Journal of
Applied
Eng
i
neering Research
,
Vol. 9
,
No. 19, p
p
. 5885-5893
, 2
014.
[15]
R. Praveen Kum
a
r, Jagdish Babu
, T.
Gunasekh
ar,
and S. Bharath
Bhushan,
”Mitig
ating Appli
c
a
tio
n DDoS
Attack
s
using Random Port Hopping Techn
i
que”,
I
n
ternational
Jo
urnal of Emer
ging Research
in Management
&
T
echnology,
Vol.
4
,
No
. 1
,
pp
.
1-4, 2015
.
[16]
Anusha M., Sri
k
anth Vem
u
ru,
and T
.
Gunasek
h
ar, "
T
ra
nsm
i
ssion protoco
l
s in
Cognitive
Rad
i
o
Mesh Network
s
"
International Jo
urnal of
Electrical
and Computer Engin
eering
(
I
JECE)
,
Vol. 5, No. 4
,
2015
.
BIOGRAP
HI
ES OF
AUTH
ORS
K.
Nar
a
simha Sastr
y
,
receiv
e
d
MCA degree from KLUniversity
, Guntur, A.P
in 2010 and
pursuing M.Tech degree
in Computer
Science &Engineering at KLUniversity
.
Dr B. Thirumala Rao,
Professor Ph
D. He
had published
res
earch p
a
pers
at Nationa
l
andIntern
a
tion
a
l Journals and
Conferences. C
u
rrently
he is working
ha
s Profe
ssor a
t
KL
University
Vijayawada.
T.
Gunase
khar
rece
ived his
B
ach
elor of T
echno
lo
g
y
and M
a
s
t
er o
f
Techno
log
y
fro
m
J
a
waharlal
Nehru Techno
logical University
Anantapur
in
2011 and 2013 respectively
.
He is currently
pursuing PhD at
K L University
.
Evaluation Warning : The document was created with Spire.PDF for Python.