Preserving Privacy in Cloud Services by Using an Explainable Deep-Learning Model for Anomaly Detection

Sammanfattning: As cloud services become increasingly popular, ensuring their privacy and security has become a significant concern for users. Cloud computing involves Data Service Outsourcing and Computation Outsourcing, which require additional security considerations compared to traditional computing. Detecting hazardous user data in the cloud is challenging, as cloud service providers must also protect user data privacy. Many researchers have proposed deep learning models for anomaly detection in cloud services, with LSTM networks being particularly effective at detecting timely anomalies through sample reconstruction. This project aims to detect anomalies in time series cloud data to help maintain the availability of cloud services and produce timely alerts. Due to the specification of cloud data, this model only analyzes basic timely traffic data as input without digging into the sensitive content generated by users. To protect privacy, we experimentally deploy a homomorphic encryption mechanism that enables classification without reading plaintext. The homomorphic encryption mechanism is a novel privacy-preserving scheme utilized in machine learning which can preserve information distribution while fully encrypted. If widely deployed, this scheme benefits the tackling of Machine Learning as A Service privacy issues. Furthermore, by using feature importance as weights for multivariate integration, we explain the decision-making process of our LSTM-based model, thus enhancing its transparency and trustworthiness. To evaluate the feasibility of our model, we conduct several experiments on two datasets using accuracy as the primary evaluation metric. The first is a plain time series with individual anomalies, where our model successfully detects all anomalies without accessing privacy features and outputs reconstruction errors as anomaly scores. The second is a real-world network traffic dataset with DoS attacks, where our model can effectively detect attack periods. Our approach shows promise in improving cloud security and can be helpful for cybersecurity departments, network security companies, and cloud service providers. Lastly, this project is individual work which suggests that there can be further enhancements. Researchers interested in similar topics can further apply and improve the model. Also, this model is not independent, which can be integrated into security systems more extensively.