Taxonomy of Security Attacks and Risk Assessment of Cloud Computing

  • M. Swathy AkshayaEmail author
  • G. Padmavathi
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 750)


Cloud Computing is an international collection of hardware and software from thousands of computer network. It permits digital information to be shared and distributed at very less cost and very fast to use. Cloud is attacked by viruses, worms, hackers, and cybercrimes. Attackers try to steal confidential information, interrupt services, and cause damage to the enterprise cloud computing network. The survey focuses on various attacks on cloud security and their countermeasures. Existing taxonomies have been widely documented in the literature. They provide a systematic way of understanding, identifying, and addressing security risks. This paper presents taxonomy of cloud security attacks and potential risk assessment with the aim of providing an in depth understanding of security requirements in the cloud environment. A review revealed that previous papers have not accounted for all the aspects of risk assessment and security attacks. The risk elements which are not dealt elaborately in other works are also identified, classified, quantified, and prioritized. This paper provides an overview of conceptual cloud attack and risk assessment taxonomy.


Cloud computing Security challenges Taxonomy Zero-day attack Risk assessment 


  1. 1.
    Iqbal, S., Kiah, L.M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M.K., Choo, K.-K.R.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)CrossRefGoogle Scholar
  2. 2.
    Symantec, Internet Security Threat Report, vol. 17 (2011). Available (2014)
  3. 3.
    Singh, R.K., Bhattacharjya, A.: Security and privacy concerns in cloud computing. In: International Journal of Engineering and Innovative Technology (IJEIT) vol. 1, Issue 6, ISSN: 2277-3754 (2012)Google Scholar
  4. 4.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing, Special Publication 800-145 NISTGoogle Scholar
  5. 5.
    Sosinsky, B.: Cloud Computing Bible. Wiley Publishing Inc., ISBN-13: 978-0470903568Google Scholar
  6. 6.
    Simmons, C., et al.: AVOIDIT: A Cyber Attack Taxonomy. Technical Report CS-09-003, University of Memphis (2009)Google Scholar
  7. 7.
    Choo, K.-K.R., Juliadotter, N.V.: Cloud attack and risk assessment taxonomy. IEEE Cloud Comput. pp. 14–20 (2015)Google Scholar
  8. 8.
    Ab Rahman, N.H., Choo, K.K.R.: Integrating Digital Forensic Practices in Cloud Incident Handling: A Conceptual Cloud Incident Handling Model, The Cloud Security Ecosystem, Imprint of Elsevier (2015)Google Scholar
  9. 9.
    Rane, P.: Securing SaaS applications: a cloud security perspective for application providers. Inf. Syst. Secur. (2010)Google Scholar
  10. 10.
    Gruschka, N., Jensen, M.: Attack surfaces: taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE, New York (2010)Google Scholar
  11. 11.
    Claycomb, W.R., Nicoll, A.: Insider threats to cloud computing: directions for new research challenges. In: 2012 IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 387–394 (2012)Google Scholar
  12. 12.
    Behl, A.: Emerging security challenges in cloud computing, pp. 217–222. IEEE, New York (2011)Google Scholar
  13. 13.
    Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud (DDoS) mitigation framework. J. Netw. Comput. Appl. (2016)Google Scholar
  14. 14.
    Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28, 833–851 (2012)CrossRefGoogle Scholar
  15. 15.
    Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005)CrossRefGoogle Scholar
  16. 16.
    Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: On technical security issues in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II) (2009)Google Scholar
  17. 17.
    Modi, C., Patel, D., Borisaniya, B., et al.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63, 561–592 (2013)CrossRefGoogle Scholar
  18. 18.
    Deshpande, P., Sharma, S., Peddoju, S.: Implementation of a private cloud: a case study. Adv. Intell. Syst. Comp. 259, 635–647 (2014)CrossRefGoogle Scholar
  19. 19.
    Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)CrossRefGoogle Scholar
  20. 20.
    Khan, S., et al.: Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66, 214–235 (2016)CrossRefGoogle Scholar
  21. 21.
    Brown, E.: NIST issues cloud computing guidelines for managing security and privacy. National Institute of Standards and Technology Special Publication, pp. 800–144 (2012)Google Scholar
  22. 22.
    Hunt, R., Slay, J.: A new approach to developing attack taxonomies for network security-including case studies, pp. 281–286. IEEE, New York (2011)Google Scholar
  23. 23.
    Asma, A.S.: Attacks on cloud computing and its countermeasures. In: International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 748–752. IEEE, New York (2016)Google Scholar
  24. 24.
    Deshpande, P., Sharma, S.C., Sateeshkumar, P.: Security threats in cloud computing. In: International Conference on Computing, Communication and Automation (ICCCA), pp. 632–636. IEEE, New York (2015)Google Scholar
  25. 25.
    Sabahi, F.: Cloud computing threats and responses, 978–1-61284-486-2/111. IEEE, New York (2011)Google Scholar
  26. 26.
    Tep, K.S., Martini, B., Hunt, R., Choo, K.-K.R.: A taxonomy of cloud attack consequences and mitigation strategies, pp. 1073–1080. IEEE, New York (2015)Google Scholar
  27. 27.
    Los, R., Gray, D., Shackleford, D., Sullivan, B.: The notorious nine cloud computing top threats in 2013. Top Threats Working Group, Cloud Security Alliance (2013)Google Scholar
  28. 28.
    Khan, S., et al.: SIDNFF: source identification network forensics framework for cloud computing. In: Proceedings of the IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW) (2015)Google Scholar
  29. 29.
    Shen, Z., Liu, S.: Security threats and security policy in wireless sensor networks. AISS 4(10), 166–173 (2012)CrossRefGoogle Scholar
  30. 30.
    Alva, A., Caleff, O., Elkins, G., et al.: The notorious nine cloud computing top threats in 2013. Cloud Secur. Alliance (2013)Google Scholar
  31. 31.
    Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 375–379. IEEE, New York (2015)Google Scholar
  32. 32.
    Baddar, S., Merlo, A., Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wireless Mobile Netw. Ubiquit. Comput. Dependable Appl. 5(4), 29–64 (2014)Google Scholar
  33. 33.
    Xiao, S., Hariri, T., Yousif, M.: An efficient network intrusion detection method based on information theory and genetic algorithm. In: 24th IEEE International Performance, Computing, and Communications Conference, pp. 11–17 (2005)Google Scholar
  34. 34.
    Amin, A., Anwar, S., Adnan, A.: Classification of cyber attacks based on rough set theory. IEEE, New York (2015)Google Scholar
  35. 35.
    Murtaza, S.S., Couture, M., et al.: A host-based anomaly detection approach by representing system calls as states of kernel modules. In: Proceedings of 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431–440 (2013)Google Scholar
  36. 36.
    Vieira, K., Schulter, A., Westphall, C.: Intrusion detection techniques for grid and cloud computing environment. IT Prof. 12(4), 38–43 (2010)CrossRefGoogle Scholar
  37. 37.
    Deshpande, P., Sharma, S., Sateeshkumar, P., Junaid, S.: HIDS: an host based intrusion detection system. Int. J. Syst. Assur. Eng. Manage. pp. 1–12 (2014)Google Scholar
  38. 38.
    Kaur, H., Gill, N.: Host based anomaly detection using fuzzy genetic approach (FGA). Int. J. Comput. Appl. 74(20), 5–9 (2013)Google Scholar
  39. 39.
    Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland (2010)Google Scholar
  40. 40.
    Chen, C., Guan, D., Huang, Y., Ou, Y.: State-based attack detection for cloud. In: IEEE International Symposium on Next-Generation Electronics, Kaohsiung, pp. 177–180 (2013)Google Scholar
  41. 41.
    Khan, S., et al.: Cloud log forensics: foundations, state of the art, and future directions. ACM Comput. Surv. (CSUR) 49(1), 7 (2016)CrossRefGoogle Scholar
  42. 42.
    Juliadotter, N., Choo, K.K.R.: CATRA: Conceptual Cloud Attack Taxonomy and Risk Assessment Framework, The Cloud Security Ecosystem. Imprint of Elsevier (2015)Google Scholar
  43. 43.
    Peake, C.: Security in the cloud: understanding the risks of Cloud-as-a-Service. In: Proceedings of IEEE Conference on Technologies for Homeland Security (HST 12), pp. 336–340 (2012)Google Scholar
  44. 44.
    OWASP, OWASP Risk Rating Methodology, OWASP Testing Guide v4, Open Web Application Security Project. OWASP Risk Rating Methodology (2013)
  45. 45.
    Bakshi, A., Dujodwala, Y.B.: Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceeding ICCSN ’10 Proceedings of 2010 Second International Conference on Communication Software Networks, pp. 260–264 (2010)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceAvinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University)CoimbatoreIndia

Personalised recommendations