SA-UBA: Automatically Privileged User Behavior Auditing for Cloud Platforms with Securely Accounts Management

Cloud platforms allow administrators or management applications with privileged accounts to remotely perform privileged operations for specific tasks, such as deleting virtual hosts. When privileged accounts are leaked and conduct dangerous privileged operations, severe security problems will appear on cloud platforms. To solve these problems, researchers focus on auditing privileged users' behaviors. However, it is difficult to automatically audit fine-grained privileged behaviors for graphical operating systems. Moreover, it is hard to prevent users from bypassing the audit system or to prevent hackers from attacking audit system. In this paper, we propose a Secure and Automatic Behavior Audit system named SA-UBA. It provides advanced deep learning models to automatically achieve fine-grained user behavior audits for graphical operating systems. Furthermore, it adopts cryptography-based account storage and sharing methods to securely manage privileged accounts. In particular, privileged accounts cannot be leaked even if SA-UBA is compromised by attackers. We built a threat model of a cloud platform to evaluate the security of the SA-UBA and conduct extensive experiments with SA-UBA in real scenarios. The results show SA-UBA introduces a small overhead on securely managing privileged accounts and accurately recognizes fine-grained user behaviors.