Protecting sensitive data from theft, exfiltration, and other kinds of abuses by malicious insiders is a challenging problem. While access control mechanisms cannot always prevent the insiders from misusing sensitive data (since, in most of the cases, authorized users within organizations are granted access permissions), malicious outsiders also pose severe threats due to different security vulnerabilities in the systems, e.g., phishing attacks, memory corruptions, etc., which enable them to steal the credentials of the authorized users who have access to the data. To protect sensitive data from such attackers, anomaly detection techniques are often combined with other existing security measures, e.g., access control and encryption. An anomaly detection technique for identifying anomalies in file system accesses is based on the key idea that there should be significant differences between the file access behaviors of a benign user and an attacker. In this paper, we propose an approach to create fine-grained profiles of the users’ regular file access activities while extensively analyzing the timestamp information of the file accesses. According to our observation, even if a user’s access to a file seems benign, only a fine-grained analysis of the access (such as the size of access, the timestamp of access) can determine the original intention of the user. We exploit the users’ file access information at the block level to model their regular file access behaviors (user profiles) which are then securely stored and used for identifying anomalous file system accesses in the detection phase. We are also able to automatically profile new files and new users added to the system dynamically. Finally, our performance evaluations demonstrate that our proposed approach has an accuracy of 98.7% in detecting anomalies while incurring an overhead of only 2%.
At present, Bluetooth Low Energy (BLE) is dominantly used in commercially available Internet of Things (IoT) devices-such as smart watches, fitness trackers, and smart appliances. Compared to classic Bluetooth, BLE has been simplified in many ways that include its connection establishment, data exchange, and encryption processes. Unfortunately, this simplification comes at a cost. For example, only a star topology is supported in BLE environments and a peripheral (an IoT device) can communicate with only one gateway (e.g., a smartphone, or a BLE hub) at any given set time. When a peripheral goes out of range and thus loses connectivity to a gateway, it cannot connect and seamlessly communicate with another gateway without user interventions. In other words, BLE connections are not automatically migrated or handed-off to another gateway. In this paper, we propose SeamBlue1, which brings secure seamless connectivity to BLE-capable mobile IoT devices in an environment that consists of a network of gateways. Our framework ensures that unmodified, commercial off-the-shelf BLE devices seamlessly and securely connect to a nearby gateway without any user intervention.