Towards provenance cloud security auditing based on association rule mining

Abstract

Cloud storage provides external data storage services by combining and coordinating different types of devices in a network to work collectively. However, there is always a trust relationship between users and service providers, therefore, an effective security auditing of cloud data and operational processes is necessary. We propose a trusted cloud framework based on a Cloud Accountability Life Cycle (CALC). We suggest that auditing provenance data in cloud servers is a practical and efficient method to log data, being relatively stable and easy to collect type of provenance data. Furthermore, we suggest a scheme based on user behaviour (UB) by analysing the log data from cloud servers. We present a description of rules for a UB operating system log, and put forward an association rule mining algorithm based on the Long Sequence Frequent Pattern (LSFP) to extract the UB. Finally, the results of our experiment prove that our solution can be implemented to track and forensically inspect the data leakage in an efficient manner for cloud security auditing.