Inferring User Actions from Provenance Logs
Li, X., Joshi, C., Tan, A. Y. S., & Ko, R. K. L. (2015). Inferring User Actions from Provenance Logs. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2015 14th IEEE International Conference on. Helsinki, Finland: IEEE.
Permanent Research Commons link: https://hdl.handle.net/10289/9505
Progger, a kernel-spaced cloud data provenance logger which provides fine-grained data activity records, was recently developed to empower cloud stakeholders to trace data life cycles within and across clouds. Progger logs have the potential to allow analysts to infer user actions and create a data-centric behaviour history in a cloud computing environment. However, the Progger logs are complex and noisy and therefore, currently this potential can not be met. This paper proposes a statistical approach to efficiently infer the user actions from the Progger logs. Inferring logs which capture activities at kernel-level granularity is not a straightforward endeavour. This paper overcomes this challenge through an approach which shows a high level of accuracy. The key aspects of this approach are identifying the data preprocessing steps and attribute selection. We then use four standard classification models and identify the model which provides the most accurate inference on user actions. To our best knowledge, this is the first work of its kind. We also discuss a number of possible extensions to this work. Possible future applications include the ability to predict an anomalous security activity before it occurs.
This is an author’s accepted version of an article published in the Proceedings of 2015 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.