Behaviour-based detection ofransomware attacks in the Cloud usingmachine learning

Popryho, Yaroslav, Popryho, Leonid

January 2023

Background: Ransomware attacks are a significant threat to digital informa-tion, and with the increasing adoption of cloud storage services, attackers now targetcloud environments. The existing literature on ransomware detection has primarilyfocused on local environments, and there is a limited body of research on applyingthese approaches to the cloud environment. Objectives: In this thesis, we aim to develop a behavior-based ransomware de-tection system for cloud environments, specifically focusing on Google Drive, usingmachine learning techniques. We will create a dedicated Google Workspace and uti-lize the Google Cloud Platform for developing the anomaly detection classifier. Methods: We will review related work in ransomware detection and machinelearning approaches to select suitable techniques for our research. Our anomaly de-tection classifier will analyze user activities in the cloud, such as file access patternsand permission changes, to detect deviations indicative of ransomware attacks. Results: We will validate our system’s performance by conducting experimentsin our Google Workspace, emulating ransomware attacks, and comparing the classi-fier’s performance against existing techniques. Conclusions: Our thesis aims to contribute a novel, behavior-based detectionsystem for ransomware attacks in cloud environments, advancing the state-of-the-artand providing a scalable solution for various cloud storage providers.Keywords: ransomware detection, cloud environments, behavior-based detec-tion, machine learning, Google Drive.

ransomware detection

cloud environments

behavior-based detec- tion

machine learning

Google Drive

Computer Sciences

Datavetenskap (datalogi)

Log Frequency Analysis for Anomaly Detection in Cloud Environments

Bendapudi, Prathyusha

January 2024

Background: Log analysis has been proven to be highly beneficial in monitoring system behaviour, detecting errors and anomalies, and predicting future trends in systems and applications. However, with continuous evolution of these systems and applications, the amount of log data generated on a timely basis is increasing rapidly. Hence, the amount of manual effort invested in log analysis for error detection and root cause analysis is also increasing. While there is continuous research to reduce manual effort, This Thesis introduced a new approach based on the temporal patternsof logs in a particular system environment, to the current scenario of automated log analysis which can help in reducing manual effort to a great extent. Objectives: The main objective of this research is to identify temporal patterns in logs using clustering algorithms, extract the outlier logs which do not adhere to any time pattern, and further analyse them to check if these outlier logs are helpful in error detection and identifying the root cause of the said errors. Methods: Design Science Research was implemented to fulfil the objectives of the thesis, as the thesis required generation of intermediary results and an iterative and responsive approach. The initial part of the thesis consisted of building an artifact which aided in identifying temporal patterns in the logs of different log types using DBSCAN clustering algorithm. After identification of patterns and extraction of outlier logs, Interviews were conducted which employed manual analysis of the outlier logs by system experts, who then provided insights on the logs and validated the log frequency analysis. Results: The results obtained after running the clustering algorithm on logs of different log types show clusters which represent temporal patterns in most of the files. There are log files which do not have any time patterns, which indicate that not all log types have logs which adhere to a fixed time pattern. The interviews conducted with system experts on the outlier logs yield promising results, indicating that the log frequency analysis is indeed helpful in reducing manual effort involved in log analysis for error detection and root cause analysis. Conclusions: The results of the Thesis show that most of the logs in the given cloud environment adhere to time frequency patterns, and analysing these patterns and their outliers will lead to easier error detection and root cause analysis in the given cloud environment.

Log Analysis

Log Frequency Patterns

anomaly detection

machine learning

cloud environments

Software Engineering

Programvaruteknik

Analytics-as-a-Service in a Multi-Cloud Environment through Semantically-enabled Hierarchical Data Processing

Jayaraman, P.P., Perera, C., Georgakopoulos, D., Dustdar, S., Thakker, Dhaval, Ranjan, R.

16 August 2016

yes / A large number of cloud middleware platforms and tools are deployed to support a variety of Internet of Things (IoT) data analytics tasks. It is a common practice that such cloud platforms are only used by its owners to achieve their primary and predefined objectives, where raw and processed data are only consumed by them. However, allowing third parties to access processed data to achieve their own objectives significantly increases intergation, cooperation, and can also lead to innovative use of the data. Multicloud, privacy-aware environments facilitate such data access, allowing different parties to share processed data to reduce computation resource consumption collectively. However, there are interoperability issues in such environments that involve heterogeneous data and analytics-as-a-service providers. There is a lack of both - architectural blueprints that can support such diverse, multi-cloud environments, and corresponding empirical studies that show feasibility of such architectures. In this paper, we have outlined an innovative hierarchical data processing architecture that utilises semantics at all the levels of IoT stack in multicloud environments. We demonstrate the feasibility of such architecture by building a system based on this architecture using OpenIoT as a middleware, and Google Cloud and Microsoft Azure as cloud environments. The evaluation shows that the system is scalable and has no significant limitations or overheads.

A Qualitative Comparative Analysis of Data Breaches at Companies with Air-Gap Cloud Security and Multi-Cloud Environments

T Richard Stroupe Jr. (17420145)

20 November 2023

<p dir="ltr">The purpose of this qualitative case study was to describe how multi-cloud and cloud-based air gapped system security breaches occurred, how organizations responded, the kinds of data that were breached, and what security measures were implemented after the breach to prevent and repel future attacks. Qualitative research methods and secondary survey data were combined to answer the research questions. Due to the limited information available on successful unauthorized breaches to multi-cloud and cloud-based air gapped systems and corresponding data, the study was focused on the discovery of variables from several trustworthily sources of secondary data, including breach reports, press releases, public interviews, and news articles from the last five years and qualitative survey data. The sample included highly trained cloud professionals with air-gapped cloud experience from Amazon Web Services, Microsoft, Google and Oracle. The study utilized unstructured interviews with open-ended questions and observations to record and document data and analyze results.</p><p dir="ltr">By describing instances of multi-cloud and cloud-based air gapped system breaches in the last five years this study could add to the body of literature related to best practices for securing cloud-based data, preventing data breach on such systems, and for recovering from breach once it has occurred. This study would have significance to companies aiming to protect secure data from cyber attackers. It would also be significant to individuals who have provided their confidential data to companies who utilize such systems. In the primary data, 12 themes emerged. The themes were Air Gap Weaknesses Same as Other Systems, Misconfiguration of Cloud Settings, Insider Threat as Attack Vector, Phishing as Attack Vector, Software as Attack Vector, and Physical Media as Attack Vector, Lack of Reaction to Breaches, Better Authentication to Prevent Breaches, Communications, and Training in Response to Breach, Specific Responses to Specific Problems, Greater Separation of Risk from User End, and Greater Separation of Risk from Service End. For secondary data, AWS had four themes, Microsoft Azure had two, and both Google Cloud and Oracle had three.</p>

Cloud computing

air-gapped systems

cloud-based air-gapped systems

cybersecurity

cybersecurity breach

multi-cloud environments

security measures

cybersecurity attack

Amazon Web Services (AWS)

Google Cloud Platform

Microsoft Azure Cloud

oracle cloud infrastructure