The History Of Different Behavior Abnormal

Published Date: 02 Nov 2017

ABSTRACT

Cloud computing is used in various places due to its various features. As it is widely used there is also some threats to cloud computing in which security and creditability always have a major concern. In cloud computing, users directly use and operate software of cloud service providers, operating system, even programming environment and network infrastructure, so the impact and breakage users caused for cloud software and hardware resources more serious than the current Internet users to share resources. Here the user will login to cloud by using his user name and password. Once he login to his account he will have full access to is account. We will not ensure the creditability of the user after he had been authenticated. There are some situations where false authentication is possible due to password leak. In this situation we cannot stop the intruder to access the account without any restrictions. So we need some additional mechanism to ensure the creditability of the user. Hence this paper presents the concept of user behavior authentication, discusses how to authenticate and control user behavior in the cloud computing environment according to the user's behavior, include establishment of behavior authentication set, mechanisms of behavior authentication and control, corresponding mode of Stochastic Petri Nets, False Negative rates and algorithm performance etc.

Keywords: Cloud Computing, Behavior Authentication, Authentication Mode, Property Analysis, Re-authentication.

INTRODUCTION

The cloud is the next stage in the evolution of the Internet. It provides the means through which everything from computing power to business processes to personal collaboration is delivered to you as a service wherever and whenever you need it.Cloud computing has various features such as low investment, easy maintenance, Flexibility and fast deployment, reliable service. At the same time, cloud computing can also reduce operating costs, improve operational efficiency.So many countries invest financial amd material for cloud computing. It has its applications in all the areas. The growth rate of the cloud computing will be around 40% from 2010-2015.There is no uniform definition of cloud computing, according to Wikipedia, Cloud computing is Internet-based computing, whereby shared resources, software, and information are provided to computers and other devices on demand, like the electricity grid. There are three kinds of cloud services model, namely, Software as a Service (SaaS), Platform as a Service (PaaS) and Cloud Infrastructure as a Service (IaaS). The basic structure of the cloud computing model as shown in Figure 1, it divided into five levels, from top to bottom is resources provide layer, cloud services provide layer, information transport layer, professional service provider layer, end user layer. The cloud service providers (CSP) use the resources provided by resources layer and their technology (such as Virtualization Technology) to integrate the cloud services, and through the information transport layer to provide these services to users.

This is the basic structure of cloud in various applications. It also have various issues need to be solved of which authentication will have a major concern.Particularly in some significant and security-related network applications, such as cloud computing, electronic commerce, network engineering of government, and military etc. For the moment the authentication is fairly mature technology, however, no matter how perfect, it cannot hold back the phenomenon of failed authentication which because of some users’ subjective reasons, such as password leak. There are several reasons of the password leak: 1)Users leak their password for mismanagement. 2)The password is too simple to guess it by others. 3)Obtained by others through public relations. 4)It was stolen by some special program. 5)It was gained by the phishing site. 6)Some user lost their cell phones which they were used to connect internet, moreover, the setup of username and password is auto-completion. All of these can result in failed authentication. So the mechanism of authentication is perfect, but it also cannot fully resolve the issueâ€"whether user’s behavior is in accord with user’s real identity. This is a tremendous and potential safety problem for the network application, especially, like cloud computing, its operation mode is thin client. So we must base on user authentication and combine with user behavior for checking whether or not it belongs to the lawful owner. We call this confirmation process that whether the behavior is consistent with the legal status is Behavior Body Accreditation. Even if successfully authenticated user behavior body, there is no guarantee in itself is credible [2]. For instance, the digital electronic resources based on cloud computing, some users (such as the students in university) often use the download tools to download the purchase of electronic resources in large quantities, or secretly set up a proxy server to reap illegal gains. Here, the behavior body is ok (Usually based on IP addresses to confirm the identity of user), but the user behavior is not necessarily credible.We often see some users using electronic resources because of inappropriate behavior were given a warning or account closed. Every year, Tsinghua University Library published a group of students in the list of violations and penalties provisions. Other persons caused incredible behavior include the officer left the company but did not lift the authorized, the staff which is not satisfied their own company, business competitors, user which was infected with malware etc, these are called by a joint nameâ€"Not Trust User(NTU). In addition, some legal users’ behaviors are incredible, but these are not users’ subjective intent, maybe it is because of that carelessness, lack of expertise or Trojan virus invasion. Therefore, the credibility of user behavior itself also need for certification, it is called Behavior Credible Certification.

2. Behavior Authentication Set

Definition 1: User Behavior Authentication is validation process of user behavior and user subject

based on user behavior when user use network resources. In this process,service provider first gets

behavior evidence by interaction with users, then submit them to the authentication server, the latter will

do authentication check between behavior evidences and authentication sets of user behavior stored in the database. according the comparison result,the authentication server confirms the credibility of user

behavior, the reality of user subject.

The probability of successful behavior authentication depends on the division of behavior certification

collections, definition and the coverage rate of collection which it is relate to behavior, so it is one of the

most important parts that determine the behavior certification collection. As the cheater fear that the real

user will use other legal channels (such as phone and e-mail, etc.) to recover their username and password from a service provider, the "rational" cheaters as soon as possible to get maximize benefits, at the same time, NTU also achieve their purpose as soon as possible, because of these, the following behaviors will result in abnormal:

2.1.Different Behavior abnormal

(1) Behavioral state abnormal: If authentication failed, the behavioral state may change, for instance, the stolen passwords were used to operate by the theft of passwords people in other place and another computer, and then the operating system version, login Internet time, location, IP address may be inconsistent with the original. So in the behavior certification process, before the user accesses the system, user should be checked the behavioral state. If the behavioral state changes require re-authentication identity. We call this set of behavioral state as the behavioral state authentication set T;

(2) Behavioral content abnormal: The behavioral contents are not same among the different users. For example, order the electronic resources, teachers and students of different professional usually download the digital resources related their subjects. If the subject has a large change, need to check this behavior; in the e-commerce, users often purchase what kind, what price range of goods is also based on different people in the relatively fixed. If the users suddenly purchase bulk commodities which are unconventional in the past, at this time, need to authenticate users’ behaviors. We call this set of behavioral content as behavioral content authentication set C.

(3) Behavioral habit abnormal: Each user has its own unique operating habit when they use clouding computing resources. It include different operational command sequence, operational processes and program, for example, the old user that they are quite familiar with their own resources, their operational processes maybe is that directly click the resources used in the past, and then use these resources, finally, release resources, etc. For the cheater, the habit of using network may be different from the original real users. Such as the operational process, the cheater may be to click query, and then use the resources, not be the normal way to exit, etc. At this time, need to authenticate users’ behaviors. We call this set it’s used to check behavioral habit abnormal as behavioral habit authentication set H

(4) Behavioral security abnormal: This abnormal behavior may bring a huge security risk to the system, and cause system failure. According to the current intrusion detection rules, we can gain the behavioral security authentication set S.

(5) Behavioral contract abnormal: For the important network service, service providers and users have a service contract. It includes service content, service time, prohibited behaviors and charges etc. For unauthorized users or some malicious legitimate users will violate the contract in their behaviors. At this

time, we also need to authenticate the behaviors, we call this set it’s used to check behavioral contract abnormal as behavioral contract authentication set Q. In these collections, only the behavioral security certification collection is generic for any user, others are for individual users, so they can be used as evidence of behavioral body authentication. For new registered users, they don’t have historical record of behavior, so the behavior authentication set T, C and H are empty sets.

Definition 2: Set of sufficient behavior authentication (SU),If authentication fails based on a authentication set SU, which certainly results in user behavior authentication failure, but, If that user behavior authentication failure is not necessarily due to authentication failure based on the authentication set,then we call SU Set of sufficient behavior authentication, in the above authentication sets, S and Q isSU.

Definition 3: Set of necessary behavior authentication(NE),If authentication failure based on a authentication set NE, which not certainly results in user behavior authentication failure, but, If want to behavior authentication success,which must ensure authentication success based on the authentication set NE,then we call NE Set of sufficient behavior authentication, in the above authentication sets, T, C and H is NE.

3. Main Idea of user behavior authentication and control

3.1. The process of user behavior authentication

process of behavior authentication includes the following three major process:

(1)Before user accessing the ISP,there have three behavior authentications,namely the user Identity authentication(AI), behavior state authentication(AT) and behavior authentication predictions based on historic authentication(AP). If the behavior authentication prediction is successful, it would allow user continue accessing, If the behavior authentication prediction is failure, whether to continue to access through the subsequent game risk analysis for decision-making. Prediction is based on the principle of Bayesian networks, the following prediction formula is an example of security behavior authentication:

Where T and S respectively represent the results of overall behavior authentication and behavior

security authentication, n is the number of statistics.

(2) In user accessing the ISP,there have four real-time behavior authentications,namely behavior habit authentication(AH), behavior security authentication(AS), behavior content authentication(AC) and behavior contract authentication(AQ).

(3) After user accessing the ISP, here has total behavior authentications(AA)and updating of

authentication grade, which make preparation for the future behavior authentication and game control of accessing. Result of behavior authentication and identity authentication is different, identity authentication has only success and fail two results, but behavior authentication has another result,namely uncertainty state. The following figure represents the basic real-time strategy of behavior authentication.

3.2. strategy of Behavioral control Behavioral control takes control measures according three different authentication results. (1) For user of authentication failure, ISP break through the TCP connection and other methods to interrupt the user's continued access to server. (2) For user of authentication success, ISP allow user continue access to server.

(3) For user of authentication uncertainty, If no re-authentication for behavior subject, ISP first to further confirm the behavior subject, namely, First of all, by secure way (such as email or mobile phone) send a pseudo-random number to the user to make identity re-authentication,we use pseudo-random number is to prevent replay attacks and phishing Web sites to use re-authentication information. If had made re-authentication for behavior subject before, ISP determine whether allow user continue to accessing based on status of historical behavior authentication. If the history of behavioral

authentication state trust, then continue to access, otherwise the game risk decision to be needed to decide whether to allow user continue to access. Basis of game making[4] is: if ISP’s benefits obtained:

Then allow user continue to access, else refuse to access. wherey * and 1−y * is respectively the

mixed Nash equilibrium strategy of users do not deceiving and deceiving, dec0acc Slossis average loss

when ISP receiving the user's cheat accessing, n _ decaccSincomeis average normal earnings when ISP

receiving the user's no cheat accessing.

4. Model of user behavior authentication and control

4.1. Stochastic Petri Net model of user behavior authentication and control

As the user's behavior is random, authentication process is concurrent,so we select SPN to describe

user behavior. The SPN model of user behavior authentication step and the corresponding control process

shown in Figure 3, where three different colors represents three different time authentication periods.

Green represents authentication before the behavior; purple represents authentication in the behavior;

orange represents authentication after the behavior. Description of transition and status see Table 1.

1. User accesses with the transition t1 to denote In the SPN model;

2. System accept user accesses with the transition t2 to denote In the SPN model;

3. User identity authentication with the transition t3 to denote In the SPN model

If identity authentication fail, then end users access the system,

If identity authentication success, then gain user behavior state with the transition t 6to denote;

4. Full behavior authentication after the behavior, including gain user behavior evidence t50,make behavior authentication

concurrently t51---t5n;

5. Determine trust of behavior authentication with the transition t22 to denote, If successful update trust authentication set or

don’t update it with the transition t23to denote;

6. Behavior state authentication with the transition t7 to denote In the SPN model

(1)If behavior state authentication fail, then make identity re-authentication, including

â‘ by secure way (such as email or mobile phone) send a pseudo-random number to the user with the transition t8 to

denote In the SPN model;

â‘¡identity re-authentication with the transition t9 to denote, If identity re-authentication is fail, then stop accessing, else

whether to continue to access through the game risk analysis for decision-making and turn to t10;

(2)If behavior state authentication success, then make behavior authentication prediction with t24 denotes to get historical

authentication results, t25 denotes authentication prediction.

7. Real-time behavior authentication with the transition t11 to denote, regularly gain user behavior evidence with the transition

t12to denote

8. Make real-time behavior authentication can concurrently do following actions,including:

(1) Make real-time behavior authentication based on SU, including authentication based on behavior security and

authentication based on behavior contract, with the transition t140 and t141 respectively;

(2) Make real-time behavior authentication based on NE, including authentication based on behavior habit and authentication

based on behavior content, with the transition t130 and t131 respectively;

9. Confirm authentication based on SU with the transition t20 to denote;

If authentication fails based on one of set SU, which certainly results in user behavior authentication failure, stop user

access,turn to t4;If authentication success based on all set SU, making behavior authentication based on NE with the transition

t15to denote;

(1) If authentication success based on all set NE, allow user continue to access, turn to t16;

(2) If authentication not success based on all set NE, which show that the abnormal behavior may occur, requiring further

decision-making with the transition t18 to denote;

10. Confirm if had identity re-authentication before with the transition t19 to denote, if had it before then don’t have identity reauthentication

again and turn to t10 to make risk decision-making based on game theory. if had no it before then make identity

re-authentication and turn to t8

11. Check user access state with the transition t17 to denote, if the user does not continue to access the system, turn to t4 and end

access or turn to t12 and continue access;

12. Decision-making based on game theory with the transition t10 to denote, if result of decision-making is refusing access then

interrupt user access or turn to t16 and continue access.

4.2. Effect and Performance Analysis

With the SPN theory, we can prove the model has characters of reachability and boundedness, we also can analyze efficiency of behavior authentication and performance.

(1) Analysis of False Negative rate of behavior authentication

False Negative rate of behavior authentication refers to the ratio of no success of behavior authentication, Lead to False Negative of identity authentication may be due to subjective reasons such as losing password; False Negative of behavior state authentication may be due to two different user have same Operating System and IP address; False Negative of behavior content authentication may be due to two different user request same kind of service; False Negative of behavior habit authentication may be due to two different user have same operating sequence; False Negative of behavior security authentication may be due to user scan port, modify file permissions; False Negative of behavior contract authentication may be due to user’s excessive downloading files. As the direct control action of behavior authentication only has five, namely, identity authentication, identity re-authentication, behavior security

authentication, behavior contract authentication and risk decision based game theory. Let the five False

Negative rates of authentication control respectively is I p ,I p , S p , Q p and G p ,then False Negative

rates of behavior authentication p is:

From the above analysis we can see, when increase behavior authentication, False Negative rates of

user authentication will greatly reduce. The rate of reduction is * * * RI G Q S p ppp.

(2) Analysis and Improvement of behavior authentication performance

􀁺Analysis performance

In above model, there have two parallel processes, namely (t51-t5n) and (t130-t140 ...), we can calculate

performance equivalent using the following formula[5]:

there have one iteration process, namely (t12-t20-t15-t18-t19-t10-t16-t17-t12), we can calculate performance equivalent using the formula

;

there have ten choice processes, , we can calculate performance equivalent

using the formula

by these simplification we can be calculate total model equivalent time.

Improvement of behavior authentication mechanism.As the behavior authentication mainly through the comparison of behavior evidence and element of behavior authentication set, in order to improve performance and real-time of authentication, we further improved authentication mechanism, firstly, We standardize different scope and size of behavior authentication evidence before behavior. The evidence expression being specific value within certain

scope can be converted into new evidence expression within [0,1] by the piecewise programmingstatement:

Here max etis the largest value and min et is the smallest value among all evidences. Now all the evidences are expressed within [0,1] and increase along the positive direction. Secondly, because of the number of user behavior authentication failure is less than the number of user behavior authentication success, to improve the search speed, make ascending order according to deviation degree of abnormal behavior in set of behavior authentication. Third, in order to improve the efficiency of behavior authentication, as long as identity re-certification successful it is no longer repeated.

OVERALL MODULE:

The user behavior authentication process will consists of set of process which need to be followed in order to provide access mechanism to the user allow him to continue further.

The above figure represents the overall process of the system. Which we need to be do in the user behavior authentication process.

REAUTHENTICATION AND ALERT

In this, we need to re-authenticate the user if the user behavior has been differs from his original behavior. The preferences of the user and the security questions will be given by the user at the time of user registration. Once the user behavior differs from the original behavior the system prompts for re-authentication by means of security questions. If he answers the question he will be provided access to proceed further or else an alert message will be sent to the user and restrict him to access the server further and he will be logged off.

CONCLUSION:

The user behavior authentication will be an efficient way to find the creditability of the user and also restricts the hacker/intruder to access the account up to certain level. This method is easy to implement and also reduces the false negative authentication. This system can be added to the existing technology to provide more security to access the cloud computing environment. Hence this system will provide an efficient way to reduce the improper access to the cloud computing environment.