Monitoring insiders activities in cloud computing using rule based learning

One of the essential but formidable tasks in cloud computing is to detect malicious attacks and their types. A cloud provider’s constraints or inability in monitoring its employees, and lack of transparency, may make the detection process even harder. We found these insiders’ activities form similar pattern in the monitoring systems as some other cyber attacks because these also uses huge computer resources. In this paper we first provide a brief overview on the importance of monitoring insiders’ activities through a literature survey on cloud computing security. Then, we observe some of the real life insiders’ activities that can be detected from the performance data in a hypervisor and its guest operating systems. Rule based learning is successfully used for identification of these activities in this research. We further observe that some of these insiders’ activities can on occasions turn into a malicious insider’s attack, and thus, need constant monitoring in the cloud environment.