On insider attack in distributed file systems

Abstract

Due to heavy use of internet, mobiles, sensors etc. Data is growing rapidly day-by-day. However traditional database systems fail to store such a huge semi structured or unstructured data which raises the need for distributed file systems. Distributed file system is a client server based architecture that can store massive amount of data in any format and provide faster access. However in this kind of systems, security is a major concern as user needs to store their sensitive data away from them. Most of the security solutions available for this kind of systems focus on the detection and prevention of outsider attack but according to recent surveys, insider attack is more frequent than outsider attack in this kind of systems. However there is not much available about the detection of insider attack in the literature. In this work, we've designed an approach to detect the insider attack in distributed file systems. The proposed solution is based on the client-server architecture and data replication property of distributed file systems. As an example of distributed file systems, HDFS is considered. We've designed two algorithms namely process profiling algorithm that run on the datanode and replica and give some output to namenode, attack detection algorithm that run on the namenode which confirms the attack from the information received from the datanode and replica. The proposed solution is simulated and analyzed it in terms of the time complexity.