A Distributed Secured Cloud Architecture to Provide Data Mining Services

166 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 Available at http://www.ijcsonline.com/

A Distributed Secured Cloud Architecture to Provide Data Mining Services

Department of Computer Science and Information Technology Suresh Gyan Vihar University,

Jaipur, India.

Abstract

Data safety and way in control are the most demanding investigate work going on, at present, in cloud computing. This is for the reason that of the users sending their sensitive data to the cloud providers for acquiring their services. In cloud computing, the data is going to be stored in storage area provided by the service providers. The service providers must have an appropriate method to defend their client’s sensitive data, particularly to defend the data from illegal access. A familiar method of information privacy protection is to store the client’s data in encrypted form. If the cloud system is accountable for both storage space and encryption/decryption of the data, the system administrators may concurrently acquire encrypted data and the decryption keys. This will permit them to access the information of the client without any approval. This leads to the risk of sensitive information disclose and the method involved of storage and encryption/decryption is expensive too. Therefore, to rise above these troubles, a model (cloud architecture) is proposed in this research which accepts only those data which are essential in an encoded form, performs the service opted by the client and sends the result in the encoded format to be implicit by the particular client.

Keywords: cloud computing, data mining, apriori algorithm, k-means algorithm, cloud server, XML, web services, GlassFish, SaaS.

I. INTRODUCTION

Data mining in Cloud Computing Data mining techniques and applications are very much needed in the cloud computing paradigm. As cloud computing is penetrating more and more in all ranges of business and scientific computing, it becomes a great area to be focused by data mining. “Cloud computing denotes the new trend in Internet services that rely on clouds of servers to handle tasks. Data mining in cloud computing is the process of extracting structured information from unstructured or semi-structured web data sources. The data mining in Cloud Computing allows organizations to centralize the management of software and data storage, with assurance of efficient, reliable and secure services for their users.” [6] As Cloud computing refers to software and hardware delivered as services over the Internet, in Cloud computing data mining software is also provided in this way. The main effects of data mining tools being delivered by the Cloud are:

• The customer only pays for the data mining tools that he needs – that reduces his costs since he doesn‟t have to pay for complex data mining suites that he is not using exhaustive;

• The customer doesn‟t have to maintain a hardware infrastructure, as he can apply data mining through a browser – this means that he has to pay only the costs that are generated by using Cloud computing.

Using data mining through Cloud computing reduces the barriers that keep small companies from benefiting of the data mining instruments. “Cloud Computing denotes the new trend in Internet services that rely on clouds of

servers to handle tasks. Data mining in cloud computing is the process of extracting structured information from unstructured or semi-structured web data sources. The data mining in Cloud Computing allows organizations to centralize the management of software and data storage, with assurance of efficient, reliable and secure services for their users.” [6] The implementation of data mining techniques through Cloud computing will allow the users to retrieve meaningful information from virtually integrated data warehouse that reduces the costs of infrastructure and storage.

167 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 The major fields which are being talked about in this

paper are: Cloud Computing and Data Mining. In the recent years, cloud computing has become a hot topic in the global technology industry. Cloud computing also faces the data security challenges like any other communication model. As the data owners store their data on external servers, there have been reportedly increasing demands and concerns for data confidentiality, authentication and access control. In addition to confidentiality and privacy breaks, the external servers could also use part or whole of the data for their financial gain. Therefore, ruining the data owners market or even bringing economic loss to the data owners. These concerns start off from the fact that cloud servers are usually operated by commercial providers which are probably from outside of the trusted domain of users.[1]

Earlier to the expansion of the concept of cloud computing, crucial industrial data used to be stored internally on the storage media, protected by security measures including firewalls, to avoid external access to the data and including organizational policy to ban unauthorized internal access.

In the cloud computing environment, storage service providers should have prepared data security practices to make sure that their clients‟ data is safe from unauthorized access and disclosure. Essentially, the rules and measures for preventing privileged users such as system administrators from unauthorized access must be strictly established and implemented. Service providers track specific policies and practices to protect their users‟ data, and these policies are usually fixed in the service contract. For example, a Gmail user should read the service contract online and show his/her consent to the service contract before he/she can use the webmail service. The substance of the service contract covers definitions of service items, service scope, service change notification, scope of privacy protection, regulations on user data collection, use, sharing and release, and statements regarding user responsibilities.

In a cloud computing environment, the service content presented by service providers can be accustomed according to the needs of the user. For example, the candidate can ask for different amounts of storage, transmission speeds, levels of data encryption and other services. Adding together to defining the service items, the agreement usually also states the time, quality and performance requirements provided with the service. Generally, these service agreements are referred to as Service Level Agreements (SLA). By signing an SLA, the user shows that he/she has understood and approved to the contents of the application service, and are in accord with the provider‟s data privacy and protection policies.

A general way to protect user data is that user data is encrypted before it is stored. In a cloud computing environment, a user‟s data can also be stored after performing additional encryption, but if the storage and encryption of a given user‟s data is done by the same service provider, the service provider‟s internal staff (e.g., system administrators, authorized staff, etc) can use their decryption keys and internal access privileges to access the user data. From the user‟s point of view, this can put his/her stored data at risk of unauthorized leak. Creation of user‟s trust by the protection of the user‟s data is the key to the extensive approval of the cloud computing.

Data mining is the process of extracting useful patterns or knowledge from large databases. [2] Though, data mining also poses a risk to privacy and information protection if not done or used properly. For example, association rule analysis is an accepted tool for discovering useful associations from huge amount of data and some valuable hidden information could be simply discovered using this sort of tool. Hence, the security of sensitive hidden information has become a significant issue to be resolved. The aim of privacy preserving data mining is to hide certain information so that they cannot be exposed through data mining techniques such as association rule analysis. There have been two significant approaches for privacy preserving data mining are: output and input privacy.

The output privacy approach is to modify the data before delivery to the data miner so that real data is hidden and mining result will not reveal certain privacy. For example, blocking, merging, swapping and sampling are some methods that have been proposed for this type of output privacy. The input privacy approach, on the other hand, is to change the data using data distribution methods. In this approach, mining result is not affected or minimally affected. For example, reconstruction based and cryptography based is some techniques that have been proposed for this type of input privacy.

Data mining has also emerged as a way for identifying patterns and trends from large quantities of data. For example, shopping centers found out that male customers who buy diaper usually buy beers by analyzing consuming lists. This forms the relation between diaper and beer through rearranging these goods. This improvement of goods arrangement after analysis yields more sale. This kind of analysis can be used in many fields such as Credit Cards, Banking sectors, etc. Hence, techniques of data mining without leaking the private information are needed. Research on privacy preserving data mining is developed for this purpose. [3]

The privacy preserving data mining and knowledge discovery should be developed aiming at these problems. In order to secure an openly available system , it must be ensured that not only that private sensitive data should be trimmed out, but also to make sure that certain inference channels should also be blocked as well. Under privacy constraints, the association rule mining problem was extensively researched. Many efficient methods for privacy preserving association rule mining were found. However, most of these methods resulted in information loss and side-effects to some extent, such as non-sensitive rules falsely hidden and spurious rules falsely generated, may be formed in the sensitive rule hiding process. Sequential pattern mining can be defined as finding the complete set of frequent subsequences in a set of sequences. Sequential pattern mining can be used for discovering meaningful sequential patterns among a large quantity of data. For example, let us see the sales database of a bookstore. The revealed sequential pattern could be “70% of people who bought Twilight also bought Harry Potter at a later time”. The bookstore can make use of this information for shelf placement, promotions, etc.

168 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 II. BACKGROUND KNOWLEDGE

The elementary indication behind this paper can be suggested as "Emerging a Cloud Server for providing Data Mining Services" where in data mining services can be obtainable over cloud for anyone to use.

The Internet quickly instigated to cultivate up in the 1990s and, the increasingly more difficult network organization and enflamed bandwidth industrialized in the topical years have significantly better-quality the asset of various application facilities accessible to users through the Internet, hence, marking the commencement of cloud computing network facilities. Cloud computing facilities use the Internet as a announcement intermediate and change information technology resources into amenities for end-users, counting software services, computing platform services, expansion platform services, and basic arrangement letting.

The uncommon features of cloud computing comprise the storing of operator data in the cloud and the nonexistence of slightly essential for software setting up on the client side. Delivered that the handler is talented to connect to the Internet, all of the hardware resources in the cloud can be used as client-side infrastructure. Generally, cloud computing applications are demand-driven, provided that various filling station according to user necessities and service suppliers charge by metered time, instances of use, or defined period.

Cloud computing can be defined as “a type of parallel and distributed system which consists of a collection of interconnected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the service provider and consumers”.[1]

The cloud computing concept can be understood in a more better way by following the below given figure:[4] The architecture of cloud services can be divided into three levels: infrastructure, platform, and application software. Application software builds the user interface and shows the application system‟s functions. To build a cloud computing application as a service requires infrastructure, platform and application software which can be obtained from a single provider or from different service providers. If the income for cloud services mainly comes from charging for infrastructure, this business model can be referred to as Infrastructure as a Service (IaaS). If income comes mainly from charging for the platform, the business model can be referred to as Platform as a Service (PaaS). If income mainly comes from charging for applications or an operating system, the business model can be referred to as Software as a Service (SaaS). The model being proposed in this paper uses SaaS concept.

A. Basis and meaning of Data Mining

Data mining is to invention knowledge and knowledge is characterized finished definite configurations. Association rule is the most frequently used technique in data mining, which finds out the connotation amongst data and numerous substances by conclusion the possible requirement among data. Organization and gathering can be used to sort out things by characterizing the common

meaning among different things. The difficulty of data mining in centralized database, normally have the numerous following points: network traffic is measured less, mining productivity is low and the degree of spatial complication is high. The most typical classification data mining is classification methods based on distance, classification methods based on decision tree, Bayesian classification and so on.

Data mining techniques have been extensively used in various applications. However, the mistreat of these techniques may lead to the discovery of sensitive information. Researchers have recently made efforts at hiding sensitive association rules. However, undesired side effects, e.g., non-sensitive rules falsely hidden and spurious rules falsely generated may be formed in the rule hiding process. [5]

Privacy has become a significant issue in Data Mining. Many methods have been brought out to solve this problem. The basic aspect which we are concerned about in this paper is of association rule mining which preserves the confidentiality of each database. In order to find the association rule, each participant has to share their own data. Thus, a lot of privacy information may be put out or been illegally used. [6] Data mining can be defined as "the process that attempts to discover patterns in large data sets". The overall goal of the data mining process is to extract information from a data set and transform it into an understandable structure for further use.

B. Applications

In this paper, a distributed Cloud Server model is projected. Exhausting this model, the clients or users can benefit different data mining services which the cloud providers promise to provide. As stated in the paper, the essential to progress this kind of model is the problem of sensitive data disclosure and expensive facilities which are come through when a general client-server model is used or when the client‟s sensitive data is sent to the cloud while availing its services. By means of this model, these difficulties will not be challenged any more in the forthcoming. General client-server model is being used while communicating between a server and a client, both the client and the server need to share a common shared library so that they use the same constructs and formats to communicate.

This formed problematic since all the clients wanted to be complete conscious of this library if they are not. This twisted out to be costly, more time captivating and wasting of resources. Another aim why this model is being projected is that when a client wants to avail some of the services provided by the cloud, he/she needs to send their whole database to the cloud. This is done because for using the cloud‟s services the database of client is considered as input to the service routine. This leads to the sensitive information leak. Even if the database is encrypted in the cloud, then also the system administers and other officials can manage the decryption key. Hence, this technique also revolved out to be insecure and did not work.

Web service is a method of communication over a network between two electronic devices. These were intended to solve three main problems such as Firewall Traversal, Complexity, and Interoperability.

169 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 Figure 2: General Cloud Server Architecture

The database represents the client‟s database which consists of the details about the transactions on the client‟s side. Software as a Service (SaaS) can be defined as a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, normally the Internet. It is becoming a gradually more widespread delivery model as underlying technologies that support Web services and service-oriented architecture (SOA) mature and new developmental approaches, such as Ajax, become popular. SaaS is closely related to the ASP (application service provider) and on demand computing software delivery models. Benefits of the SaaS model include: easier administration, automatic updates and patch management, compatibility, easier collaboration, and global accessibility. The term "software as a service" (SaaS) is considered to be part of the classification of cloud computing, together with infrastructure as a service (IaaS) and platform as a service (PaaS). Most of SaaS solutions are based on a multi-tenant architecture. Using this model, a single version of the application, with a single configuration (hardware, network, operating system), can be used for all customers, i.e, tenants. To support scalability, the application is installed on multiple machines. Saas has an exception that some of its solutions do not use multi-tenancy, or use other mechanisms such as virtualization, to cost-effectively manage a large number of customers in place of multitenancy.

GlassFish is a project started by Sun Microsystems which is an open-source application server for the Java EE platform. It is now sponsored by Oracle Corporation. The supported version of GlassFish is known as Oracle GlassFish Server. It is a free software. It is the reference implementation of Java EE and also supports Enterprise JavaBeans, JPA, JavaServer Faces, JMS, RMI, JavaServer Pages, servlets, etc. This also allow developers to develop enterprise applications that are portable and scalable, and that combine with legacy technologies.

The proposed model can be used to provide any data mining service, but in this paper, I am concerned about only 2 services. The first service provides information about only those entities which occur frequently in the database and the second service issued to group together those entities from the client database, which have common characteristics between them. The first service uses Apriori algorithm to find out the frequent itemsets and the second service uses K-means algorithm.

Apriori [7] is an influential algorithm proposed by R. Agrawal and R. Srikant in 1994 for the purpose of mining frequent itemsets for Boolean association rules. The name of this algorithm has been derived by the fact that the algorithm uses prior knowledge of frequent itemset properties. The algorithm uses iterative approach which is called level-wise search. In this algorithm, k-itemsets are used to find out (k+1)-itemsets. At first, the set of frequent 1-itemsets is obtained by scanning the database to accumulate the count for each item, and collecting the items that satisfy minimum support count for each item, and accumulating only those items that that have minimum support count.

K-means [8]algorithm takes „k‟ as the input parameter and divides a set of „n‟ objects into „k‟ clusters. This will result into high similarity in the intra cluster whereas low similarity in inter clusters. Cluster similarity can be measured by the mean value of the objects in a cluster

III. PROPOSED MODEL

The present cloud storage system is a defenseless one because data stay under a single cloud provider. This can guide to data loss in case of proceedings like network outage, the cloud provider going out of business, malware attack etc. The present system also gives a huge benefit to the attackers as they have fixed targets in the forms of cloud providers. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud provider, attempt to have way in to the client‟s data and examine it. This eases the job of the attackers. As long as the complete data belonging to a client remain under a single cloud provider, both inside and outside attackers get the benefit of using data mining to a great extent. Inside attackers in this context refers to malicious workers at a cloud provider. Data mining models frequently necessitate large number of comments and single provider structural design is a great benefit suiting the case as all the samples remain under the provider. Thus single provider architecture is the biggest security threat regarding data mining on cloud.

Distributed advance to the Cloud to get rid of the difficulty of storing all data of a customer to the same provider, data can be dividing into chunks and distributed between numerous cloud providers. The benefit of this distributed system can be visualized when an attacker chooses a specific but the distribution of data obliges him to target multiple cloud providers, making his job increasingly difficult. Mining based attacks on cloud involves attackers of two categories: malicious employees inside provider and outside attackers. Distribution of data chunks between multiple providers restricts a cloud provider from accessing all chunks of a client. Even if the cloud provider performs mining on chunks provided to the provider, the extracted knowledge remains incomplete. Once more, taking out data from dispersed sources is demanding [8]. Particularly correlating data from various sources is cumbersome [10] and often leads to ineffective mining. So outside attackers managing access to various providers can‟t use mining efficiently.

The distributed approach can take the form of Redundant Array of Independent Disks (RAID) technique used for traditional databases. RACS [4] uses the RAID perception to decrease the cost of maintaining the data on

170 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 the cloud. It considers each cloud provider as a take a part

disk. RACS exploits the benefit of RAID on the cloud. One can choose a different RAID level for each client depending on the client‟s demand. For instance, RAID level 6 can be used to ensure high guarantee of data. It guarantees successful reclamation of data in case of a cloud provider being blocked by any unlikely event or going out of business. In summing up, the distributed approach exploits two major benefits. First, it improves solitude by making the attacker‟s job problematical by increasing the number of targets and lessening amount of data obtainable at each target. Second, it ensures the greater ease of use of data.

A. SYSTEM ARCHITECTURE

In this section we talk about our proposed system architecture that prevents data mining based privacy attacks on the cloud. Our scheme consists of two major mechanism:

1. Cloud Data Distributor and 2. Cloud Providers.

The Cloud Data Distributor receives data in the form of files from clients, splits each file into chunks and distributes these chunks among cloud providers.

Figure 3: Distributed Cloud Server Architecture Cloud Providers store chunks and responds to chunk requests by providing the chunks.

Cloud Data Distributor is the entity that receives data (files) from clients, performs fragmentation of data (splits files into chunks) and distributes these fragments (chunks) among Cloud Providers. It also participates in data retrieving procedure by receiving chunk requests from clients and forwarding them to Cloud Providers. Clients do not interact with Cloud Providers directly rather via Cloud Data Distributor. This entity deals with Cloud Providers as an agent of clients.

To upload data, clients deliver files to the Cloud Data Distributor. Each file is given a privacy level chosen by the

client indicating its mining sensitivity. Here mining sensitivity of a file refers to the significance of information that can be leaked through mining the data in the file. The proposed system suggests 4 sensitivity levels of privacy: PL 0, 1, 2, 3. These 4 levels indicate public data (data accessible to everyone including the adversary), low sensitive data (data that do not reveal any private or protected information but can be used to find patterns), moderately sensitive data (protected data that can be used to extract non-trivial financial, legal, health information of a company or an individual), highly sensitive data or private data (data that can be used to extract personal information of an individual or private information of a company, revealing which can prove disastrous) respectively. The higher the privacy level of a file, the more sensitive the data inside the file. After receiving files from clients, the Cloud Data Distributor partitions each file into chunks with each chunk having the same privacy level of the parent file. The total number of chunks for each file is notified to the client so that any chunk can be asked by the client by mentioning the filename and serial no. Serial no. corresponds to the position of the chunk within the file.

Inside the Cloud Data Distributor each chunk is given a unique virtual id and this id is used to identify the chunk within the Cloud Data Distributor and Cloud Providers. This virtualization conceals the identity of a client from the provider. After assigning id, the Cloud Data Distributor distributes chunks among Cloud Providers. A provider storing a particular chunk with a virtual id has no idea about the real owner (client) of the chunk. Cloud Data Distributor maintains privacy level (4 level privacy similar to files) for each provider. Privacy level of a provider indicates its reliability. The higher the privacy level, the more trustworthy the provider. A chunk is given to a provider having equal or higher privacy level compared to the privacy level of the chunk. While distributing chunks, the distributor applies Redundant Array of Independent Disks (RAID) strategy [4]. This ensures availability and integrity of data in case of outages. The default choice is RAID level 5. In case of higher assurance, RAID level 6 is used. The cloud data distributor also maintains a cost level (4 cost levels and the higher the cost level, the more costly the provider) for each cloud provider indicating its storage cost (cost of data stored per GB-Month) and in case of equal privacy level, the one with a lower cost level is given preference.

To ensure greater dimension of privacy, the Cloud Data Distributor may add misleading data into chunks depending on the demand of clients. The positions of misleading data bytes are also maintained by the distributor and these misleading bytes are removed while providing the chunks to the clients.

IV. CONCLUSION

In this research, a Cloud Server model is planned. Using this model, the clients or users can avail different data mining services which the cloud providers promise to provide. If the cloud system is accountable for both storage space and encryption/decryption of the data, the system administrators may concurrently acquire encrypted data and the decryption keys. This will permit them to access the information of the client without any approval. This leads to the risk of sensitive information disclose and the

171 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 02, Issue 05, May, 2015 method involved of storage and encryption/decryption is

expensive too. Therefore, to rise above these troubles, a model (cloud architecture) is proposed in this research which accepts only those data which are essential in an encoded form, performs the service opted by the client and sends the result in the encoded format to be implicit by the particular client. Using this model, these problems will not be faced any more in the future.

REFERENCES

[1] Sunil Sanka, ChittaranjanHota, MuttukrishnanRajarajan, “Secure Data Access in Cloud Computing,” in IMSAA ‟10, 2010, p. 1-6. [2] S. M. Mahajan and A. K. Reshamwala, “Data Mining Ethics in

Privacy Preservation - A Survey ” in International Journal of Computer Theory and Engineering, Vol. 3, No. 4, August 2011. [3] Manoj Gupta and R. C. Joshi, “Privacy Preserving Fuzzy

Association Rules Hiding in Quantitative Data” in International Journal of Computer Theory and Engineering, Vol. 1, No. 4, October, 2009.

[4] Jing-Jang Hwang and Hung-Kai Chuang, YiChang Hsu and Chien-Hsing Wu, “A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service,” in ICISA ‟11, 2011, p. 1-7.

[5] Yi-Hung Wu, Chia-Ming Chiang, and Arbee L.P. Chen, “Hiding Sensitive Association Rules with Limited Side Effects,” in IEEE Transactions on Knowledge and Data engineering, Vol. 19, No. 1,pp. 29-42, January 2007.

[6] Tinghuai Ma, Sainan Wang, ZhongLiu, “Privacy Preserving Based on Association Rule Mining,” in Advanced Computer Theory and Engineering (ICACTE), Vol. 1, pp. 637-640, August 2010. [7] Jiawei Han, MichelineKambe. Data Mining, Concepts and

Techniques , 2nd Ed. CA: Morgan Kaufmann Publishers, 2006,pp. 234-239.

[8] Jiawei Han, MichelineKambe. Data Mining, Concepts and Techniques , 2nd Ed. CA: Morgan Kaufmann Pub

[9] Building Data Mining Applications for CRM [Paperback] by Alex Berson (Author), StephenJ.Smith (Author), Berson (Author), KurtThearling (Author).

[10] Data-Driven Marketing: The 15 Metrics Everyone in... by Mark Jeffery.

[11] Cloud Computing with the Windows Azure Platform By Roger Jennings

[12] Moving To The Cloud: Developing Apps in the New World of Cloud Computing, ByDinkarSitaram, GeethaManjunath

[13] The Cloud Computing Handbook - Everything You Need to Know about Cloud Computing, By Todd Arias

[14] http://searchsqlserver.techtarget.com/definition/datamining [15] http://www.ijcaonline.org/volume15/number7/pxc387 2623.pdf [16] http://www.waset.org/journals/waset/v39/v39-72.pdf [17] http://www.estard.com/data_mining_marketing/data_ mining_campaign.asp [18] http://dssresources.com/books/contents/berry97.html [19] http://www.marketingprofs.com/articles/2010/3567/th e-nine-most-common-data-mining-techniques-usedin-predictive-analytics. [20] http://www.thearling.com/