Qutaibah Althebyan

A Knowledge-Base Model for Insider Threat Prediction

Many consider insider attacks to be more severe and devastating than outsider attacks. Many techniques exist for defending against outsider attacks. However, little work has been presented for defending insider attacks and threats. In this work, we presented a prediction technique for insider threats. Due to the nature of these kinds of attacks, we relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method.

Multi-agent based dynamic resource provisioning and monitoring for cloud computing systems infrastructure

The cloud computing paradigm provides a shared pool of resources and services with different models delivered to the customers through the Internet via an on-demand dynamically-scalable form charged using a pay-per-use model. The main problem we tackle in this paper is to optimize the resource provisioning task by shortening the completion time for the customers’ tasks while minimizing the associated cost. This study presents the dynamic resources provisioning and monitoring (DRPM) system, a multi-agent system to manage the cloud provider’s resources while taking into account the customers’ quality of service requirements as determined by the service-level agreement (SLA). Moreover, DRPM includes a new virtual machine selection algorithm called the host fault detection algorithm. The proposed DRPM system is evaluated using the CloudSim tool. The results show that using the DRPM system increases resource utilization and decreases power consumption while avoiding SLA violations.

Cloud support for large scale e-healthcare systems

Rapid development of wearable devices and mobile cloud computing technologies has led to new opportunities for large scale e-healthcare systems. In these systems, individuals’ health information are remotely detected using wearable sensors and forwarded through wireless devices to a dedicated computing system for processing and evaluation where a set of specialists namely, hospitals, healthcare agencies and physicians will take care of such health information. Real-time or semi-real time health information are used for online monitoring of patients at home. This in fact enables the doctors and specialists to provide immediate medical treatments. Large scale e-healthcare systems aim at extending the monitoring coverage from individuals to include a crowd of people who live in communities, cities, or even up to a whole country. In this paper, we propose a large scale e-healthcare monitoring system that targets a crowd of individuals in a wide geographical area. The system is efficiently integrating many emerging technologies such as mobile computing, edge computing, wearable sensors, cloud computing, big data techniques, and decision support systems. It can offer remote monitoring of patients anytime and anywhere in a timely manner. The system also features some unique functions that are of great importance for patients’ health as well as for societies, cities, and countries. These unique features are characterized by taking long-term, proactive, and intelligent decisions for expected risks that might arise by detecting abnormal health patterns shown after analyzing huge amounts of patients’ data. Furthermore, it is using a set of supportive information to enhance the decision support system outcome. A rigorous set of evaluation experiments are conducted and presented to validate the efficiency of the proposed model. The obtained results show that the proposed model is scalable by handling a large number of monitored individuals with minimal overhead. Moreover, exploiting the cloud-based system reduces both the resources consumption and the delay overhead for each individual patient.

PEP-side caching: An insider threat port

PEP-side caching is used in request-response access control mechanisms to increase the availability and reduce the processing overhead on PDP. Nonetheless, this paper shows that using this approach may open an insider threat port that can be used to bypass access control models in cloud and distributed relational databases. Moreover, the paper proposes a light model that detects and prevents the threat without affecting the performance of PEP and PDP, and it keeps the advantages of PEP-side caching model.

Multi-threading based Map Reduce tasks scheduling

Map Reduce is a parallel and a distributed computing framework used to process datasets that have large scale nature on a cluster. Due to the nature of data that needs to be handled in the Map Reduce problem which involves huge amount of data, many problems came up that are of great importance. Scheduling tasks is considered one of these major problems that face Map Reduce frameworks. In this paper, we tackled this problem and proposed a new scheduling algorithm that is based on a multi-threading principle. In our proposed algorithm, we divided the cluster into multi blocks where each one of them is scheduled by a special thread. Two major factors are used to test our algorithm; the simulation time and the energy consumption. Our proposed scheduler is then compared with existing schedulers and the results showed the superiority and the preference of our proposed scheduler over the existing schedulers.

A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack

Many consider insider attacks to be more severe than outsider attacks due to the nature of such attacks that involve people who have knowledge of their own organization. In this work, we presented a new model to evaluate and analyze a system after the occurrence of an insider attack. By evaluating and analyzing the system after detecting such attack, we classified systems’ objects into a list of non affected objects and a list of affected objects. We also introduced a new graph called knowledge Bayesian attack graph (KBAG). KBAG represents possible candidate paths that malicious insiders may follow to achieve their goal of compromising critical objects. KBAG also enables us to calculate risk values for different objects using Bayesian inference techniques. These risk values will be considered as measurements for the likelihood of possible occurrence of other insider attacks that have not yet been detected by the underlying system.

Evaluating map reduce tasks scheduling algorithms over cloud computing infrastructure

Efficiently scheduling MapReduce tasks is considered as one of the major challenges that face MapReduce frameworks. Many algorithms were introduced to tackle this issue. Most of these algorithms are focusing on the data locality property for tasks scheduling. The data locality may cause less physical resources utilization in non‐virtualized clusters and more power consumption. Virtualized clusters provide a viable solution to support both data locality and better cluster resources utilization. In this paper, we evaluate the major MapReduce scheduling algorithms such as FIFO, Matchmaking, Delay, and multithreading locality (MTL) on virtualized infrastructure. Two major factors are used to test the evaluated algorithms: the simulation time and the energy consumption. The evaluated schedulers are compared, and the results show the superiority and the preference of the MTL scheduler over the other existing schedulers. Also, we present a comparison study between virtualized and non‐virtualized clusters for MapReduce tasks scheduling. Copyright

Mitigating insider threat in cloud relational databases.

Cloud security has become one of the emergent issues because of the immense growth of cloud services. A major concern in cloud security is the insider threat because of the harm that it poses. Therefore, defending cloud systems against insider attacks has become a key demand. This work deals with insider threat in cloud relational database systems. It reveals the flaws in cloud computing that insiders may use to launch attacks and discusses how load balancing across availability zones may increase insider threat. To mitigate this kind of threat, the paper proposes four models, which are peer-to-peer model, centralized model, Mobile-Knowledgebases model, and Guided Mobile-Knowledgebases model, and it discusses their advantages as well as their limitations. Moreover, the paper provides experiments and analysis that compare among the proposed models, demonstrate their effectiveness, and show the conditions under which they work with highest performance. Copyright

Performance analysis of an insider threat mitigation model

In this work, we presented an approach to extract knowledge out of an object. A graph theory approach to represent and manage the knowledge is explained. We then presented a performance analysis for an insider threat mitigation model proposed earlier. We relied on some characteristics of the insiders and the decomposition of objects in the underlying system in developing our method and conducting our simulation. Our modelpsilas results showed great resistance against such attacks.

Towards improving resource management in cloud systems using a multi-agent framework

With the goal of efficient sharing of resources and services, the cloud computing paradigm has gained a lot of interest recently. This work focuses on improving the resource utilisation by optimising the resource provisioning through a multi-agent framework in which different agents are responsible for different tasks including the monitoring of customers (behaviour, resource usage patterns and QoS requirements as stated in the SLA) and available resources based on customers requests. Moreover, we introduce the concept of TaskFlow which allows a more elastic resources provisioning to match the customer real usage of the resources. The proposed system is implemented and tested on the CloudSim simulator and the results show it increases resource utilisation and decreases power consumption while avoiding SLA violations. The results also show that the introduction of the concept of TaskFlow into our proposed system leads to more resource saving but with a higher risk of SLA violations.