Skip to main content
SpringerLink
Log in

Taxonomy of Security Attacks and Risk Assessment of Cloud Computing

  • Conference paper
  • First Online:
Advances in Big Data and Cloud Computing

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 750))

Abstract

Cloud Computing is an international collection of hardware and software from thousands of computer network. It permits digital information to be shared and distributed at very less cost and very fast to use. Cloud is attacked by viruses, worms, hackers, and cybercrimes. Attackers try to steal confidential information, interrupt services, and cause damage to the enterprise cloud computing network. The survey focuses on various attacks on cloud security and their countermeasures. Existing taxonomies have been widely documented in the literature. They provide a systematic way of understanding, identifying, and addressing security risks. This paper presents taxonomy of cloud security attacks and potential risk assessment with the aim of providing an in depth understanding of security requirements in the cloud environment. A review revealed that previous papers have not accounted for all the aspects of risk assessment and security attacks. The risk elements which are not dealt elaborately in other works are also identified, classified, quantified, and prioritized. This paper provides an overview of conceptual cloud attack and risk assessment taxonomy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Iqbal, S., Kiah, L.M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M.K., Choo, K.-K.R.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)

    Article  Google Scholar 

  2. Symantec, Internet Security Threat Report, vol. 17 (2011). Available http://www.symantec.com/threatreport/ (2014)

  3. Singh, R.K., Bhattacharjya, A.: Security and privacy concerns in cloud computing. In: International Journal of Engineering and Innovative Technology (IJEIT) vol. 1, Issue 6, ISSN: 2277-3754 (2012)

    Google Scholar 

  4. Mell, P., Grance, T.: The NIST Definition of Cloud Computing, Special Publication 800-145 NIST

    Google Scholar 

  5. Sosinsky, B.: Cloud Computing Bible. Wiley Publishing Inc., ISBN-13: 978-0470903568

    Google Scholar 

  6. Simmons, C., et al.: AVOIDIT: A Cyber Attack Taxonomy. Technical Report CS-09-003, University of Memphis (2009)

    Google Scholar 

  7. Choo, K.-K.R., Juliadotter, N.V.: Cloud attack and risk assessment taxonomy. IEEE Cloud Comput. pp. 14–20 (2015)

    Google Scholar 

  8. Ab Rahman, N.H., Choo, K.K.R.: Integrating Digital Forensic Practices in Cloud Incident Handling: A Conceptual Cloud Incident Handling Model, The Cloud Security Ecosystem, Imprint of Elsevier (2015)

    Google Scholar 

  9. Rane, P.: Securing SaaS applications: a cloud security perspective for application providers. Inf. Syst. Secur. (2010)

    Google Scholar 

  10. Gruschka, N., Jensen, M.: Attack surfaces: taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE, New York (2010)

    Google Scholar 

  11. Claycomb, W.R., Nicoll, A.: Insider threats to cloud computing: directions for new research challenges. In: 2012 IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 387–394 (2012)

    Google Scholar 

  12. Behl, A.: Emerging security challenges in cloud computing, pp. 217–222. IEEE, New York (2011)

    Google Scholar 

  13. Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud (DDoS) mitigation framework. J. Netw. Comput. Appl. (2016)

    Google Scholar 

  14. Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28, 833–851 (2012)

    Article  Google Scholar 

  15. Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005)

    Article  Google Scholar 

  16. Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: On technical security issues in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II) (2009)

    Google Scholar 

  17. Modi, C., Patel, D., Borisaniya, B., et al.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63, 561–592 (2013)

    Article  Google Scholar 

  18. Deshpande, P., Sharma, S., Peddoju, S.: Implementation of a private cloud: a case study. Adv. Intell. Syst. Comp. 259, 635–647 (2014)

    Article  Google Scholar 

  19. Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)

    Article  Google Scholar 

  20. Khan, S., et al.: Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66, 214–235 (2016)

    Article  Google Scholar 

  21. Brown, E.: NIST issues cloud computing guidelines for managing security and privacy. National Institute of Standards and Technology Special Publication, pp. 800–144 (2012)

    Google Scholar 

  22. Hunt, R., Slay, J.: A new approach to developing attack taxonomies for network security-including case studies, pp. 281–286. IEEE, New York (2011)

    Google Scholar 

  23. Asma, A.S.: Attacks on cloud computing and its countermeasures. In: International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 748–752. IEEE, New York (2016)

    Google Scholar 

  24. Deshpande, P., Sharma, S.C., Sateeshkumar, P.: Security threats in cloud computing. In: International Conference on Computing, Communication and Automation (ICCCA), pp. 632–636. IEEE, New York (2015)

    Google Scholar 

  25. Sabahi, F.: Cloud computing threats and responses, 978–1-61284-486-2/111. IEEE, New York (2011)

    Google Scholar 

  26. Tep, K.S., Martini, B., Hunt, R., Choo, K.-K.R.: A taxonomy of cloud attack consequences and mitigation strategies, pp. 1073–1080. IEEE, New York (2015)

    Google Scholar 

  27. Los, R., Gray, D., Shackleford, D., Sullivan, B.: The notorious nine cloud computing top threats in 2013. Top Threats Working Group, Cloud Security Alliance (2013)

    Google Scholar 

  28. Khan, S., et al.: SIDNFF: source identification network forensics framework for cloud computing. In: Proceedings of the IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW) (2015)

    Google Scholar 

  29. Shen, Z., Liu, S.: Security threats and security policy in wireless sensor networks. AISS 4(10), 166–173 (2012)

    Article  Google Scholar 

  30. Alva, A., Caleff, O., Elkins, G., et al.: The notorious nine cloud computing top threats in 2013. Cloud Secur. Alliance (2013)

    Google Scholar 

  31. Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 375–379. IEEE, New York (2015)

    Google Scholar 

  32. Baddar, S., Merlo, A., Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wireless Mobile Netw. Ubiquit. Comput. Dependable Appl. 5(4), 29–64 (2014)

    Google Scholar 

  33. Xiao, S., Hariri, T., Yousif, M.: An efficient network intrusion detection method based on information theory and genetic algorithm. In: 24th IEEE International Performance, Computing, and Communications Conference, pp. 11–17 (2005)

    Google Scholar 

  34. Amin, A., Anwar, S., Adnan, A.: Classification of cyber attacks based on rough set theory. IEEE, New York (2015)

    Google Scholar 

  35. Murtaza, S.S., Couture, M., et al.: A host-based anomaly detection approach by representing system calls as states of kernel modules. In: Proceedings of 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431–440 (2013)

    Google Scholar 

  36. Vieira, K., Schulter, A., Westphall, C.: Intrusion detection techniques for grid and cloud computing environment. IT Prof. 12(4), 38–43 (2010)

    Article  Google Scholar 

  37. Deshpande, P., Sharma, S., Sateeshkumar, P., Junaid, S.: HIDS: an host based intrusion detection system. Int. J. Syst. Assur. Eng. Manage. pp. 1–12 (2014)

    Google Scholar 

  38. Kaur, H., Gill, N.: Host based anomaly detection using fuzzy genetic approach (FGA). Int. J. Comput. Appl. 74(20), 5–9 (2013)

    Google Scholar 

  39. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland (2010)

    Google Scholar 

  40. Chen, C., Guan, D., Huang, Y., Ou, Y.: State-based attack detection for cloud. In: IEEE International Symposium on Next-Generation Electronics, Kaohsiung, pp. 177–180 (2013)

    Google Scholar 

  41. Khan, S., et al.: Cloud log forensics: foundations, state of the art, and future directions. ACM Comput. Surv. (CSUR) 49(1), 7 (2016)

    Article  Google Scholar 

  42. Juliadotter, N., Choo, K.K.R.: CATRA: Conceptual Cloud Attack Taxonomy and Risk Assessment Framework, The Cloud Security Ecosystem. Imprint of Elsevier (2015)

    Google Scholar 

  43. Peake, C.: Security in the cloud: understanding the risks of Cloud-as-a-Service. In: Proceedings of IEEE Conference on Technologies for Homeland Security (HST 12), pp. 336–340 (2012)

    Google Scholar 

  44. OWASP, OWASP Risk Rating Methodology, OWASP Testing Guide v4, Open Web Application Security Project. www.owasp.org/index.php/ OWASP Risk Rating Methodology (2013)

  45. Bakshi, A., Dujodwala, Y.B.: Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceeding ICCSN ’10 Proceedings of 2010 Second International Conference on Communication Software Networks, pp. 260–264 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University), Coimbatore, Tamil Nadu, India

    M. Swathy Akshaya & G. Padmavathi

Authors
  1. M. Swathy Akshaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. Padmavathi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Swathy Akshaya .

Editor information

Editors and Affiliations

  1. Department of Computer Sciences Technology, Karunya Institute of Technology & Sciences, Coimbatore, Tamil Nadu, India

    J. Dinesh Peter

  2. Department of Civil and Environmental Engineering, University of Missouri, Columbia, MO, USA

    Amir H. Alavi

  3. School of Computing, Engineering and Mathematics, University of Western Sydney, Sydney, NSW, Australia

    Bahman Javadi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Swathy Akshaya, M., Padmavathi, G. (2019). Taxonomy of Security Attacks and Risk Assessment of Cloud Computing. In: Peter, J., Alavi, A., Javadi, B. (eds) Advances in Big Data and Cloud Computing. Advances in Intelligent Systems and Computing, vol 750. Springer, Singapore. https://doi.org/10.1007/978-981-13-1882-5_4

Download citation

Publish with us

Policies and ethics

Search

Navigation