Faux Insider Hazard Investigation on Non-Public Cloud Computing by Using ADAM’s Technique

Cloud computing is a service system mechanism that businesses and organizations use to perform computerized and integrated transactions over computer networks. The service system must, of course, be”matched”with a”certain amount”of security. It is applied to” forecast the probability of cybercrime. A Cloud Service Provider (CSP) often offers cloud-based services with a basic level of security. Typically, CSPs are set up to offer their services on the open internet. Data security-focused organizations strive to shield their systems from a wide range of attackers. One of the alternatives is to construct a private cloud computing system. The issue is the potential for Man in the Cloud (MITC) assaults, which compromise and modify identities and are identified in cloud systems as phony insider threats. Based on the ISO 27032 standard research, the goal of this work is to undertake a threat analysis of MITC attack methodologies against private cloud computing services. With regards to risks to cloud services in a private cloud computing environment, it is intended that reporting and documenting the study' findings would lead to suggestions for more research and cybersecurity management procedures


Introduction
Companies use service system techniques known as cloud-based services to conduct automated "and integrated transactions across a computer network.The concept of cloud computing dates back to the 1950s.The mainframe Time-Sharing idea,"which is still relevant in the current industrial 4.0 age, defines this generation.Cloud service providers (CSPs) typically set up their systems so that their services may be accessible over the open internet.Cloud service providers"provide three types of services: Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS)" [1]- [4].
In cloud computing, there are four different deployment models, which are as follows: Private cloud (internal), when"the cloud infrastructure is"made exclusively available "for use by a single" company that caters to a sizable user base.Community cloud: A type of cloud computing environment wherein a certain group of customer communities from cooperating organizations have exclusive access to the cloud infrastructure.Cloud infrastructure that is made available to the broader public for open use in the public cloud."Acompany, academic institution, government agency, or a" combination of these entities may own, manage, and run it.A hybrid cloud's cloud architecture is made up of two or more distinct cloud infrastructures (private, community, and "public), each of which" is unique from the others but is connected to the others "through standard or proprietary technologies that" provide "data and application" exchange [1], [5].
Businesses that place a high priority on data security need a system that is secure from various cyberattacks.Alternative solutions like private cloud computing models are a possibility.In an effort to protect information security, especially for business and user and consumer data, a private cloud has been developed.Private cloud computing strategies in an effort to foresee potential dangers of all types.Threats made and at businesses organizations are a serious issue for and governmental agencies.Attacks that are carried out either purposefully or inadvertently against cloud systems are threats.Threats are often divided into two groups: Exider Threats, or assaults on the system by outsiders with certain goals and objectives An insider threat is an attack that targets the system from within with a specific goal [6]- [9].
The Man in the Cloud assault scenario is an imagination one to talk about because it falls under the category of an external danger, yet is widely believed "to be an insider threat."Toproperly comprehend"identity engineering,"which "hackers" exploit "to" pose "as" system "insiders," further "in-depth" study is needed.The purpose of the inquiry is to determine whether it is feasible to assess "the threat" that "the Man in the Cloud case" poses."Thevalidation's results will be useful in categorizing the threats that are" faced."Theinquiry and validation process uses the ADAM (The Advance Data Acquisition Model) method.The ADAM approach was selected since it was created from a number of earlier methods that were based on earlier investigations."It is suggested to utilize the ADAM method while performing a series of investigations utilizing "digital evidence up to the reporting stage of the investigation's conclusions since the phases are more thorough than those of other approaches" [1], [10], [11].
One issue that frequently arises is ignorance of the threat posed by cybercrime.This is a result of a lack of knowledge about cyber security procedures.To provide the best company security protection, socio-technical management processes must still be developed in order to maximize technical and non-technical security measures.Because humans continue to be the weakest link in corporate security, substantial research over the past ten years has demonstrated this.Because of this, human error or conduct is the cause of the majority of cyberattacks [12], [13].
An insider threat is a dangerous risk posed by people working for a firm, and it "typically involves intentional fraud, the theft of confidential or sensitive information for commercial gain, or the disruption of computer systems.The external threat, on the" other hand, involves the same activity but is carried out by people who are not affiliated with the organization.Technical threats that take the shape of assaults on cloud services are extremely diverse and use a variety of attack techniques.Attacking strategies include "Man in the Cloud.A brand-new attack method" called "Man in the Cloud was first observed in cloud" services in 2015.(MITC)."ThisMITC attack is" distinct "from the common Man in the Browser (MITB) and Man in" the Middle "(MITM) attacks" [10], [14]- [18].
A field called "digital forensics" was created "to gather and examine data from computer systems, networks, wireless communications, and storage devices in a way that may be used as evidence in court" [19].Four distinct phases make up the digital forensics process: Collection of artifacts that are deemed to have potential worth, including digital proof and supporting documentation.Dependable, thorough, accurate, and provable preservation of original objects.Using artifact screening analysis, valuable artifacts are either removed or added.A presentation where the investigation's supporting evidence is displayed.The two main types of"digital forensics-static digital"/ "write block" and "live forensics" are the result of forensics ability to construct and capture complicated circumstances.Analysis of static data, such as that found on hard disks retrieved by conventional formal acquisition processes, is the focus of static forensics."Liveforensics" refers to the analysis of system memory and other relevant data while the system under study is still in use [10], [19]- [22].
The technical control phases of the cyber security framework are described by internationally recognized standards.There are many companies that use ISO/IEC 27001 information security controls on their systems and follow solid cyber security procedures.If the firm complies with ISO 27001, the process of putting technical controls in place for cyber security is considerably simpler.The ISO 27032 standard offers technical measures for cyber security defense against social engineering assaults.Malicious software, hacking (malware) [4]- [7], [23], [24].Secure coding is one of the technical safeguards that must be in place to protect the data that products collect online.Network monitoring and response: To guarantee that network services continue to be dependable, secure, and available, controls must be in place.The quality of network service shouldn't be compromised by cyberspace."Toensure that servers are safely accessible from"the internet "and protected from unauthorized access and" harmful material, controls at the server level are required.Application-level security measures Put measures in place to stop unauthorized data tampering, issues with transaction recording, and handling errors.Controls must be in place to guard against known exploits and attacks on end-user infrastructure across the company [25], [26].
It is exciting to do a thorough study of cloud services in relation to threats posed by Man in the Cloud (MITC) attack tactics based on the fundamental concerns mentioned, studies from related research, as well as speculations from earlier studies.MITC's handling and how it differs from other attack methods will be explained.Describe "the types of MITC attacks" that utilize"actors from outside parties who"construct identities if the cloud service is private" [5], [10], [17], [27]- [29].The focus of the research to be conducted is decided using a number of research characteristics.The study's variables include describe on Table 1.

Research Methods
"Table 1. Variable Indicator of Research" "Independent Variable" "Dependent Variable" • "Cloud Computing" • "Private Cloud Computing Scheme" • "Threat" • "Man in the Cloud attack tecqhnique" • "Investigation" • "Acquisition with ADAM Method" • "Security" • "Standard Cyber Security Analysis" • "Cyber Security Framework Analysis" The next stage is to decide on the method of doing research after creating a mind map and outlining how forensics and security disciplines relate to cloud services.This process is a sequence of actions that will be taken and turned into a methodology for conducting research.One of this study's contributions is the suggested technique.To implement "the case scenarios and simulations in this study, private cloud computing services that were" drawn from instances"that happened in the Tasikmalaya City Diskominfo environment"were employed.The identities and locations were masked as "XYZ Organization" to safeguard privacy.The private cloud service infrastructure system's names and services have been modified for the field's conditions.Using the ADAM method to gather information and the cyber security framework to analyze it.During the investigation and analysis phases of the cyber security process, the results of the two procedures will be analyzed and confirmed for the kind of danger.

Results and Analysis
By using the Man in the Cloud simulation and case scenario, the investigation procedure for the stage of cyber security analysis is carried out (MITC).Digital evidence is gathered during the investigating process.
Analyses carried out with the ADAM Method"(Initial Planning, On-site Planning, Digital Data Acquisition).
The"NIST Cyber Security Framework's Steps and ISO 27032 Cyber Security Guidelines were then used to examine the examination of the Man in the Cloud (MITC)"attack scenarios and simulations as a"danger to cloud systems on "XYZ Organization."Data Acquisition: Digital Tables 4 and 5 provide descriptions of the phases the study reached and the outcomes.As a result, it is easy to locate the error that is dangerous.The ADAM's method approach is then used for investigation after the simulation has gone well.Investigations were conducted to find digital proof in the cloud server and router logs.Once the data has been collected, packet tracking is done on the access log on the cloud server as well as the network traffic log on the cloud "router.Figure 5, Figure 6 and Figure 7 all provide"descriptions of these stages.Mr. X as "P" repeats uploading files up to 1.000.000times.
• The investigation was carried out independently Figure 6.ADAM Stage 2 The Onsite Plan [30] Based on Figure 6 described for Stage 2 of The Onsite Plan, the results obtained are described in Table 3.
"Table 3. Investigation Results Based on Stage 2 The Onsite Plan" No. STAGE 2 -The Onsite Plan Results 1.
• Attend Site • Private laboratory for simulations and case scenarios 2.
• Address Safety Issue • Do not give permission to unauthorized parties to enter the laboratory 3.
• Maintain Documentation of Activities • Documentation is not distributed without permission 4.
• Carry Out Preliminary Survey • The survey was conducted by taking into account the provisions and limitations of Stage 1 Initial Planning 5.
• Update Outline Plan • Investigations are carried out independently and using equipment in a private laboratory Based on Figure 7 described for ADAM Stage 3 Acquisitions, the results are described in Table 4.In Table 4 it is explained for the results of the acquisition of digital evidence for evidence that has been confiscated.In Stage 3, it is the investigator's choice to be able to cut the process chain according to the condition of the device.If the device has not been confiscated then the process must be carried out from the confiscation of the device first.If the device has been confiscated, you can immediately proceed to the data acquisition stage on the device.

3.
• Acquire master copy of data • Monitoring and capturing data traffic packets when Mr. X performs a file upload loop 4.
• Return and store seized equipment • After investigating the cloud server and cloud router, the device is secured from access by unauthorized parties 5.
• Create working copies of data The findings of the ADAM Method inquiry are in the form of digital traces, and a validation process is then carried out to demonstrate that the culprit is an outsider who enters the system using a login and password of a registered user.Figure 8 provide descriptions of the resulting screenshots of the user data that was entered into the system.After keeping an eye on the cloud router for logged-in, users, keep an eye on it for threats.Then it is explained how the cloud server monitors for threats such as looping upload files 1.000.000times.Figure 9 and Figure 10 show how monitoring is done from the cloud router side when the loop upload file occurs to determine who is looping file uploads and track data information in the form of device name and MAC addresses.The steps used to gather the data are shown in Figure 5, Figure 6, and Figure 7, and the results are summarized and explained in Table 5.The steps outlined in Figure 8, Figure 9, and Figure 10 were used to gather the data, which is then summarized and discussed in Table 6.

Figure 3 .
Figure 3. Man in the Cloud (MITC) Case Scenarios

Table 2 .
Investigation Results Based on Stage 1 Initial Planning

Table 5 .
Registered Cloud Users

Table 6 .
Threat Detection from Cloud Users