Abstract
A single name for dynamic scalability and elasticity of resources is nothing but a cloud. Cloud computing is the latest business buzz in the corporate world. The benefits like capital cost reduction, globalization of the workforce, and remote accessibility attract people to introduce their business through the cloud. The nefarious users can scan, exploit, and identify different vulnerabilities and loopholes in the system because of the ease of accessing and acquiring cloud services. Data breaches and cloud service abuse are the top threats identified by Cloud Security Alliance. The major attacks are insider attacks, malware and worm attack, DOS attack, and DDOS attack. This paper analyzes major attacks in cloud and comparison of corresponding prevention methods, which are effective in different platforms along with DDoS attack implementation results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ahmed, M., Xiang Y.: Trust ticket deployment: a notion of a data owner’s trust in cloud computing. In: 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11
Bradai, A., Afifi, H.: Enforcing trust-based intrusion detection in cloud computing using algebraic methods. In: 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover
Rajagopal, R., Chitra, M.: Trust based interoperability security protocol for grid and cloud computing. In: ICCCNT’12 26–28 July 2012, Coimbatore, India
Kanwal, A., Masood, R., Ghazia, U.E., Shibli, M.A., Abbasi, A.G.: Assessment criteria for trust models in cloud computing. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing
Duncan, A., Creese, S., Goldsmith, M.: Insider attacks in cloud computing. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications
Khorshed, M.T., Shawkat Ali, A.B.M., Wasimi, S.A.: Monitoring insiders activities in cloud computing using rule based learning. In: 2011 International Joint Conference of IEEE
Guo, Q., Sun, D., Chang, G., Sun, L., Wang, X.: Modeling and evaluation of trust in cloud computing environments. In: 2011 3rd International Conference on Advanced Computer Control (ICACC 2011)
Nkosi, L., Tarwireyi, P., Adigun, M.O.: Detecting a malicious insider in the cloud environment using sequential rule mining. In: 2013 IEEE International Conference on Adaptive Science and Technology (ICAST)
Bisong, A., Rahman, M.: An overview of the security concerns in enterprise cloud computing. Int. J. Netw. Secur. Appl. (IJNSA) 3(1) (January 2011)
Yang, Z., Qin, X., Yang, Y., Yagnik, T.: A hybrid trust service architecture for cloud computing. In: 2013 International Conference on Computer Sciences and Applications
Habib, S.M., Hauke, S., Ries, S., Muhlhauser, M.: Trust as a facilitator in cloud computing: a survey. J. Cloud Comput. Adv. Syst. Appl. (2012)
Noor, T.H., Sheng, Q.Z.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), Article 12, Publication date: October 2013
Watson, M.R.: Malware detection in the context of cloud computing. In: The 13th Annual Postgraduate Symposium on the Convergence of Telecommunications, Networking, and Broadcasting
More, A., Tapaswi, S.: Dynamic malware detection and recording using virtual machine introspection. In: Best Practices Meet, 2013 DSCI IEEE
Biedermann, S., Katzenbeisser, S.: Detecting computer worms in the cloud. In: iNetSec’11 Proceedings of the 2011 IFIP WG 11.4 International Conference on Open Problems in Network Security
Harrison, K., Bordbar, B., Ali, S.T.T., Dalton, C.I., Norman, A.: A framework for detecting malware in cloud by identifying symptoms. In: 2012 IEEE 16th International Enterprise Distributed Object Computing Conference
Rameshbabu, J., Sam Balaji, B., Wesley Daniel, R., Malathi, K.: A prevention of DDoS attacks in cloud using NEIF techniques. Int. J. Sci. Res. Publ. 4(4) (April 2014) ISSN 2250-3153
Ismail, M.N., Aborujilah, A., Musa, S., Shahzad, A.: New framework to detect and prevent denial of service attack in cloud computing environment. Int. J. Comput. Sci. Secur. (IJCSS) 6(4)
Sattar, I., Shahid, M., Abbas, Y.: A review of techniques to detect and prevent distributed denial of service (DDoS) attack in cloud computing environment. Int. J. Comput. Appl. 115(8), 0975–8887 (2015)
Syed Navaz, A.S., Sangeetha, V., Prabhadevi, C.: Entropy based anomaly detection system to prevent DDoS attacks in cloud. Int. J. Comput. Appl. 62(15), 0975–8887 (2013)
Goyal, U., Bhatti, G., Mehmi, S.: A dual mechanism for defeating DDoS attacks in cloud computing model. Int. J. Appl. Innov. Eng. Manage. (IJAIEM)
Santhi, K.: A defense mechanism to protect cloud computing against distributed denial of service attacks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(5) (May 2013) (ISSN: 2277 128X)
Khalil, I.M., Khreishah, A., Azeem, M.: Cloud computing security: a survey. ISSN 2073-431X, 3 February 2014
Noor, T.H., Sheng, Q.Z., Zeadally, S.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), Article 12, Publication date: October 2013
Kanaker, H.M., Saudi, M.M., Marhusin, M.F.: Detecting worm attacks in cloud computing environment: proof of concept. In: 2014 IEEE 5th Control and System Graduate Research Colloquium, August 11–12, UiTM, Shah Alam, Malaysia
Praveen Kumar, P., Bhaskar Naik, K.: A survey on cloud based intrusion detection system. Int. J. Softw. Web Sci. (IJSWS), 98–102
Rahman, M., Cheung, W.M.: A novel cloud computing security model to detect and prevent DoS and DDoS attack. Int. J. Adv. Comput. Sci. Appl. 5(6) (2014)
Shahin, A.A.: Polymorphic worms collection in cloud computing. Int. J. Comput. Sci. Mob. Comput. 3(8), 645–652 (2014)
Quinton, J.S., Duncan, A., Creese, S., Goldsmith, M.: Cloud computing: insider attacks on virtual machines during migration. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Nicoll, A., Claycomb, W.R.: Insider threats to cloud computing: directions for new research challenges. In: 2012 IEEE 36th International Conference on Computer Software and Applications
Nguyen, M.-D., Chau, N.-T., Jung, S., Jung, S.: A demonstration of malicious insider attacks inside cloud IaaS Vendor. Int. J. Inf. Educ. Technol. 4(6) (December 2014)
Garkoti, G., Peddoju, S.K., Balasubramanian, R.: Detection of insider attacks in cloud based e-healthcare environment. In: 2014 13th International Conference on Information Technology
Kumar, M., Hanumanthappa, M.: Scalable intrusion detection systems log analysis using cloud computing infrastructure. In: 2013 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC)
Praveen Kumar, P., Bhaskar Naik, K.: A survey on cloud based intrusion detection system. Int. J. Softw. Web Sci. (IJSWS), ISSN (Print) 2279-0063 ISSN (Online) 2279-0071
Sun, D., Chang, G., Suna, L., Wang, X.: Surveying and analyzing security, privacy and trust issues in cloud computing environments. SciVerse Sci. Direct Procedia Eng. 15, 2852–2856 (2011)
Oktay, U., Sahingoz, O.K.: Attack types and intrusion detection systems in cloud computing. In: Proceedings of the 6th International Information Security & Cryptology Conference, Bildiriler Kitabı
Sevak, B.: Security against side channel attack in cloud computing. Int. J. Eng. Adv. Technol. (IJEAT) 2(2) (December 2012) ISSN: 2249-8958
Siva, T., Phalguna Krishna, E.S.: Controlling various network based ADoS attacks in cloud computing environment: by using port hopping technique. Int. J. Eng. Trends Technol. (IJETT) 4(5) (May 2013)
Bhandari, N.H.: Survey on DDoS attacks and its detection &defence approaches. Int. J. Sci. Modern Eng. (IJISME) 1(3) (February 2013) (ISSN: 2319-6386)
Wong, F.F., Tan, C.X.: A survey of trends in massive DDoS attacks and cloud-based mitigations. Int. J. Netw. Secur. Appl. (IJNSA) 6(3) (May 2014)
Goyal, U., Bhatti, G., Mehmi, S.: A dual Mechanism for defeating DDoS attacks in cloud computing model. Int. J. Appl. Innov. Eng. Manage. (IJAIEM) 2(3) (March 2013) ISSN 2319-4847
Bhandari, N.H.: Survey on DDoS attacks and its detection &defence approaches. Int. J. Sci. Modern Eng. (IJISME) 1(3) February ISSN: 2319-6386
Santhi, K.: A defense mechanism to protect cloud computing against distributed denial of service attacks. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(5) (May 2013) ISSN: 2277-128 X
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
John, J., Norman, J. (2019). Major Vulnerabilities and Their Prevention Methods in Cloud Computing. In: Peter, J., Alavi, A., Javadi, B. (eds) Advances in Big Data and Cloud Computing. Advances in Intelligent Systems and Computing, vol 750. Springer, Singapore. https://doi.org/10.1007/978-981-13-1882-5_2
Download citation
DOI: https://doi.org/10.1007/978-981-13-1882-5_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1881-8
Online ISBN: 978-981-13-1882-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)