Advertisement

Major Vulnerabilities and Their Prevention Methods in Cloud Computing

  • Jomina JohnEmail author
  • Jasmine Norman
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 750)

Abstract

A single name for dynamic scalability and elasticity of resources is nothing but a cloud. Cloud computing is the latest business buzz in the corporate world. The benefits like capital cost reduction, globalization of the workforce, and remote accessibility attract people to introduce their business through the cloud. The nefarious users can scan, exploit, and identify different vulnerabilities and loopholes in the system because of the ease of accessing and acquiring cloud services. Data breaches and cloud service abuse are the top threats identified by Cloud Security Alliance. The major attacks are insider attacks, malware and worm attack, DOS attack, and DDOS attack. This paper analyzes major attacks in cloud and comparison of corresponding prevention methods, which are effective in different platforms along with DDoS attack implementation results.

Keywords

Cloud computing Worm attack Insider attack DDOS attack XML DDOS attack Forensic virtual machine 

References

  1. 1.
    Ahmed, M., Xiang Y.: Trust ticket deployment: a notion of a data owner’s trust in cloud computing. In: 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11Google Scholar
  2. 2.
    Bradai, A., Afifi, H.: Enforcing trust-based intrusion detection in cloud computing using algebraic methods. In: 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge DiscoverGoogle Scholar
  3. 3.
    Rajagopal, R., Chitra, M.: Trust based interoperability security protocol for grid and cloud computing. In: ICCCNT’12 26–28 July 2012, Coimbatore, IndiaGoogle Scholar
  4. 4.
    Kanwal, A., Masood, R., Ghazia, U.E., Shibli, M.A., Abbasi, A.G.: Assessment criteria for trust models in cloud computing. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social ComputingGoogle Scholar
  5. 5.
    Duncan, A., Creese, S., Goldsmith, M.: Insider attacks in cloud computing. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsGoogle Scholar
  6. 6.
    Khorshed, M.T., Shawkat Ali, A.B.M., Wasimi, S.A.: Monitoring insiders activities in cloud computing using rule based learning. In: 2011 International Joint Conference of IEEEGoogle Scholar
  7. 7.
    Guo, Q., Sun, D., Chang, G., Sun, L., Wang, X.: Modeling and evaluation of trust in cloud computing environments. In: 2011 3rd International Conference on Advanced Computer Control (ICACC 2011)Google Scholar
  8. 8.
    Nkosi, L., Tarwireyi, P., Adigun, M.O.: Detecting a malicious insider in the cloud environment using sequential rule mining. In: 2013 IEEE International Conference on Adaptive Science and Technology (ICAST)Google Scholar
  9. 9.
    Bisong, A., Rahman, M.: An overview of the security concerns in enterprise cloud computing. Int. J. Netw. Secur. Appl. (IJNSA) 3(1) (January 2011)Google Scholar
  10. 10.
    Yang, Z., Qin, X., Yang, Y., Yagnik, T.: A hybrid trust service architecture for cloud computing. In: 2013 International Conference on Computer Sciences and ApplicationsGoogle Scholar
  11. 11.
    Habib, S.M., Hauke, S., Ries, S., Muhlhauser, M.: Trust as a facilitator in cloud computing: a survey. J. Cloud Comput. Adv. Syst. Appl. (2012)Google Scholar
  12. 12.
    Noor, T.H., Sheng, Q.Z.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), Article 12, Publication date: October 2013Google Scholar
  13. 13.
    Watson, M.R.: Malware detection in the context of cloud computing. In: The 13th Annual Postgraduate Symposium on the Convergence of Telecommunications, Networking, and BroadcastingGoogle Scholar
  14. 14.
    More, A., Tapaswi, S.: Dynamic malware detection and recording using virtual machine introspection. In: Best Practices Meet, 2013 DSCI IEEEGoogle Scholar
  15. 15.
    Biedermann, S., Katzenbeisser, S.: Detecting computer worms in the cloud. In: iNetSec’11 Proceedings of the 2011 IFIP WG 11.4 International Conference on Open Problems in Network SecurityGoogle Scholar
  16. 16.
    Harrison, K., Bordbar, B., Ali, S.T.T., Dalton, C.I., Norman, A.: A framework for detecting malware in cloud by identifying symptoms. In: 2012 IEEE 16th International Enterprise Distributed Object Computing ConferenceGoogle Scholar
  17. 17.
    Rameshbabu, J., Sam Balaji, B., Wesley Daniel, R., Malathi, K.: A prevention of DDoS attacks in cloud using NEIF techniques. Int. J. Sci. Res. Publ. 4(4) (April 2014) ISSN 2250-3153Google Scholar
  18. 18.
    Ismail, M.N., Aborujilah, A., Musa, S., Shahzad, A.: New framework to detect and prevent denial of service attack in cloud computing environment. Int. J. Comput. Sci. Secur. (IJCSS) 6(4)Google Scholar
  19. 19.
    Sattar, I., Shahid, M., Abbas, Y.: A review of techniques to detect and prevent distributed denial of service (DDoS) attack in cloud computing environment. Int. J. Comput. Appl. 115(8), 0975–8887 (2015)Google Scholar
  20. 20.
    Syed Navaz, A.S., Sangeetha, V., Prabhadevi, C.: Entropy based anomaly detection system to prevent DDoS attacks in cloud. Int. J. Comput. Appl. 62(15), 0975–8887 (2013)Google Scholar
  21. 21.
    Goyal, U., Bhatti, G., Mehmi, S.: A dual mechanism for defeating DDoS attacks in cloud computing model. Int. J. Appl. Innov. Eng. Manage. (IJAIEM)Google Scholar
  22. 22.
    Santhi, K.: A defense mechanism to protect cloud computing against distributed denial of service attacks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(5) (May 2013) (ISSN: 2277 128X)Google Scholar
  23. 23.
    Khalil, I.M., Khreishah, A., Azeem, M.: Cloud computing security: a survey. ISSN 2073-431X, 3 February 2014Google Scholar
  24. 24.
    Noor, T.H., Sheng, Q.Z., Zeadally, S.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), Article 12, Publication date: October 2013Google Scholar
  25. 25.
    Kanaker, H.M., Saudi, M.M., Marhusin, M.F.: Detecting worm attacks in cloud computing environment: proof of concept. In: 2014 IEEE 5th Control and System Graduate Research Colloquium, August 11–12, UiTM, Shah Alam, MalaysiaGoogle Scholar
  26. 26.
    Praveen Kumar, P., Bhaskar Naik, K.: A survey on cloud based intrusion detection system. Int. J. Softw. Web Sci. (IJSWS), 98–102Google Scholar
  27. 27.
    Rahman, M., Cheung, W.M.: A novel cloud computing security model to detect and prevent DoS and DDoS attack. Int. J. Adv. Comput. Sci. Appl. 5(6) (2014)Google Scholar
  28. 28.
    Shahin, A.A.: Polymorphic worms collection in cloud computing. Int. J. Comput. Sci. Mob. Comput. 3(8), 645–652 (2014)Google Scholar
  29. 29.
    Quinton, J.S., Duncan, A., Creese, S., Goldsmith, M.: Cloud computing: insider attacks on virtual machines during migration. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and CommunicationsGoogle Scholar
  30. 30.
    Nicoll, A., Claycomb, W.R.: Insider threats to cloud computing: directions for new research challenges. In: 2012 IEEE 36th International Conference on Computer Software and ApplicationsGoogle Scholar
  31. 31.
    Nguyen, M.-D., Chau, N.-T., Jung, S., Jung, S.: A demonstration of malicious insider attacks inside cloud IaaS Vendor. Int. J. Inf. Educ. Technol. 4(6) (December 2014)Google Scholar
  32. 32.
    Garkoti, G., Peddoju, S.K., Balasubramanian, R.: Detection of insider attacks in cloud based e-healthcare environment. In: 2014 13th International Conference on Information TechnologyGoogle Scholar
  33. 33.
    Kumar, M., Hanumanthappa, M.: Scalable intrusion detection systems log analysis using cloud computing infrastructure. In: 2013 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC)Google Scholar
  34. 34.
    Praveen Kumar, P., Bhaskar Naik, K.: A survey on cloud based intrusion detection system. Int. J. Softw. Web Sci. (IJSWS), ISSN (Print) 2279-0063 ISSN (Online) 2279-0071Google Scholar
  35. 35.
    Sun, D., Chang, G., Suna, L., Wang, X.: Surveying and analyzing security, privacy and trust issues in cloud computing environments. SciVerse Sci. Direct Procedia Eng. 15, 2852–2856 (2011)Google Scholar
  36. 36.
    Oktay, U., Sahingoz, O.K.: Attack types and intrusion detection systems in cloud computing. In: Proceedings of the 6th International Information Security & Cryptology Conference, Bildiriler KitabıGoogle Scholar
  37. 37.
    Sevak, B.: Security against side channel attack in cloud computing. Int. J. Eng. Adv. Technol. (IJEAT) 2(2) (December 2012) ISSN: 2249-8958Google Scholar
  38. 38.
    Siva, T., Phalguna Krishna, E.S.: Controlling various network based ADoS attacks in cloud computing environment: by using port hopping technique. Int. J. Eng. Trends Technol. (IJETT) 4(5) (May 2013)Google Scholar
  39. 39.
    Bhandari, N.H.: Survey on DDoS attacks and its detection &defence approaches. Int. J. Sci. Modern Eng. (IJISME) 1(3) (February 2013) (ISSN: 2319-6386)Google Scholar
  40. 40.
    Wong, F.F., Tan, C.X.: A survey of trends in massive DDoS attacks and cloud-based mitigations. Int. J. Netw. Secur. Appl. (IJNSA) 6(3) (May 2014)Google Scholar
  41. 41.
    Goyal, U., Bhatti, G., Mehmi, S.: A dual Mechanism for defeating DDoS attacks in cloud computing model. Int. J. Appl. Innov. Eng. Manage. (IJAIEM) 2(3) (March 2013) ISSN 2319-4847Google Scholar
  42. 42.
    Bhandari, N.H.: Survey on DDoS attacks and its detection &defence approaches. Int. J. Sci. Modern Eng. (IJISME) 1(3) February ISSN: 2319-6386Google Scholar
  43. 43.
    Santhi, K.: A defense mechanism to protect cloud computing against distributed denial of service attacks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(5) (May 2013) ISSN: 2277-128 XGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Information TechnologyVIT VelloreVelloreIndia
  2. 2.VIT UniversityVelloreIndia

Personalised recommendations