Abstract
Cloud Computing is an international collection of hardware and software from thousands of computer network. It permits digital information to be shared and distributed at very less cost and very fast to use. Cloud is attacked by viruses, worms, hackers, and cybercrimes. Attackers try to steal confidential information, interrupt services, and cause damage to the enterprise cloud computing network. The survey focuses on various attacks on cloud security and their countermeasures. Existing taxonomies have been widely documented in the literature. They provide a systematic way of understanding, identifying, and addressing security risks. This paper presents taxonomy of cloud security attacks and potential risk assessment with the aim of providing an in depth understanding of security requirements in the cloud environment. A review revealed that previous papers have not accounted for all the aspects of risk assessment and security attacks. The risk elements which are not dealt elaborately in other works are also identified, classified, quantified, and prioritized. This paper provides an overview of conceptual cloud attack and risk assessment taxonomy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Iqbal, S., Kiah, L.M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M.K., Choo, K.-K.R.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)
Symantec, Internet Security Threat Report, vol. 17 (2011). Available http://www.symantec.com/threatreport/ (2014)
Singh, R.K., Bhattacharjya, A.: Security and privacy concerns in cloud computing. In: International Journal of Engineering and Innovative Technology (IJEIT) vol. 1, Issue 6, ISSN: 2277-3754 (2012)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing, Special Publication 800-145 NIST
Sosinsky, B.: Cloud Computing Bible. Wiley Publishing Inc., ISBN-13: 978-0470903568
Simmons, C., et al.: AVOIDIT: A Cyber Attack Taxonomy. Technical Report CS-09-003, University of Memphis (2009)
Choo, K.-K.R., Juliadotter, N.V.: Cloud attack and risk assessment taxonomy. IEEE Cloud Comput. pp. 14–20 (2015)
Ab Rahman, N.H., Choo, K.K.R.: Integrating Digital Forensic Practices in Cloud Incident Handling: A Conceptual Cloud Incident Handling Model, The Cloud Security Ecosystem, Imprint of Elsevier (2015)
Rane, P.: Securing SaaS applications: a cloud security perspective for application providers. Inf. Syst. Secur. (2010)
Gruschka, N., Jensen, M.: Attack surfaces: taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE, New York (2010)
Claycomb, W.R., Nicoll, A.: Insider threats to cloud computing: directions for new research challenges. In: 2012 IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 387–394 (2012)
Behl, A.: Emerging security challenges in cloud computing, pp. 217–222. IEEE, New York (2011)
Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud (DDoS) mitigation framework. J. Netw. Comput. Appl. (2016)
Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28, 833–851 (2012)
Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005)
Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: On technical security issues in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II) (2009)
Modi, C., Patel, D., Borisaniya, B., et al.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63, 561–592 (2013)
Deshpande, P., Sharma, S., Peddoju, S.: Implementation of a private cloud: a case study. Adv. Intell. Syst. Comp. 259, 635–647 (2014)
Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)
Khan, S., et al.: Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66, 214–235 (2016)
Brown, E.: NIST issues cloud computing guidelines for managing security and privacy. National Institute of Standards and Technology Special Publication, pp. 800–144 (2012)
Hunt, R., Slay, J.: A new approach to developing attack taxonomies for network security-including case studies, pp. 281–286. IEEE, New York (2011)
Asma, A.S.: Attacks on cloud computing and its countermeasures. In: International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 748–752. IEEE, New York (2016)
Deshpande, P., Sharma, S.C., Sateeshkumar, P.: Security threats in cloud computing. In: International Conference on Computing, Communication and Automation (ICCCA), pp. 632–636. IEEE, New York (2015)
Sabahi, F.: Cloud computing threats and responses, 978–1-61284-486-2/111. IEEE, New York (2011)
Tep, K.S., Martini, B., Hunt, R., Choo, K.-K.R.: A taxonomy of cloud attack consequences and mitigation strategies, pp. 1073–1080. IEEE, New York (2015)
Los, R., Gray, D., Shackleford, D., Sullivan, B.: The notorious nine cloud computing top threats in 2013. Top Threats Working Group, Cloud Security Alliance (2013)
Khan, S., et al.: SIDNFF: source identification network forensics framework for cloud computing. In: Proceedings of the IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW) (2015)
Shen, Z., Liu, S.: Security threats and security policy in wireless sensor networks. AISS 4(10), 166–173 (2012)
Alva, A., Caleff, O., Elkins, G., et al.: The notorious nine cloud computing top threats in 2013. Cloud Secur. Alliance (2013)
Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 375–379. IEEE, New York (2015)
Baddar, S., Merlo, A., Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wireless Mobile Netw. Ubiquit. Comput. Dependable Appl. 5(4), 29–64 (2014)
Xiao, S., Hariri, T., Yousif, M.: An efficient network intrusion detection method based on information theory and genetic algorithm. In: 24th IEEE International Performance, Computing, and Communications Conference, pp. 11–17 (2005)
Amin, A., Anwar, S., Adnan, A.: Classification of cyber attacks based on rough set theory. IEEE, New York (2015)
Murtaza, S.S., Couture, M., et al.: A host-based anomaly detection approach by representing system calls as states of kernel modules. In: Proceedings of 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431–440 (2013)
Vieira, K., Schulter, A., Westphall, C.: Intrusion detection techniques for grid and cloud computing environment. IT Prof. 12(4), 38–43 (2010)
Deshpande, P., Sharma, S., Sateeshkumar, P., Junaid, S.: HIDS: an host based intrusion detection system. Int. J. Syst. Assur. Eng. Manage. pp. 1–12 (2014)
Kaur, H., Gill, N.: Host based anomaly detection using fuzzy genetic approach (FGA). Int. J. Comput. Appl. 74(20), 5–9 (2013)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland (2010)
Chen, C., Guan, D., Huang, Y., Ou, Y.: State-based attack detection for cloud. In: IEEE International Symposium on Next-Generation Electronics, Kaohsiung, pp. 177–180 (2013)
Khan, S., et al.: Cloud log forensics: foundations, state of the art, and future directions. ACM Comput. Surv. (CSUR) 49(1), 7 (2016)
Juliadotter, N., Choo, K.K.R.: CATRA: Conceptual Cloud Attack Taxonomy and Risk Assessment Framework, The Cloud Security Ecosystem. Imprint of Elsevier (2015)
Peake, C.: Security in the cloud: understanding the risks of Cloud-as-a-Service. In: Proceedings of IEEE Conference on Technologies for Homeland Security (HST 12), pp. 336–340 (2012)
OWASP, OWASP Risk Rating Methodology, OWASP Testing Guide v4, Open Web Application Security Project. www.owasp.org/index.php/ OWASP Risk Rating Methodology (2013)
Bakshi, A., Dujodwala, Y.B.: Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceeding ICCSN ’10 Proceedings of 2010 Second International Conference on Communication Software Networks, pp. 260–264 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Swathy Akshaya, M., Padmavathi, G. (2019). Taxonomy of Security Attacks and Risk Assessment of Cloud Computing. In: Peter, J., Alavi, A., Javadi, B. (eds) Advances in Big Data and Cloud Computing. Advances in Intelligent Systems and Computing, vol 750. Springer, Singapore. https://doi.org/10.1007/978-981-13-1882-5_4
Download citation
DOI: https://doi.org/10.1007/978-981-13-1882-5_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1881-8
Online ISBN: 978-981-13-1882-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)