Your search keyword '"cloud security"' showing total 901 results

1. Towards privacy-preserving compressed sensing reconstruction in cloud

Author

Xu, Kaidi, Yu, Jia, and Gao, Wenjing

Published

2025

2. A novel framework to identify cybersecurity challenges and opportunities for organizational digital transformation in the cloud

Author

Liang, Xueping and Xu, Yilin

Published

2025

3. A proposed biometric authentication hybrid approach using iris recognition for improving cloud security

Author

El-Sofany, Hosam, Bouallegue, Belgacem, and Abd El-Latif, Yasser M.

Published

2024

4. Privacy-preserving Boolean range query with verifiability and forward security over spatio-textual data

Author

Ge, Xinrui, Yu, Jia, and Kong, Fanyu

Published

2024

5. ACE: A Consent-Embedded privacy-preserving search on genomic database

Author

Jafarbeiki, Sara, Sakzad, Amin, Steinfeld, Ron, Kasra Kermanshahi, Shabnam, Thapa, Chandra, and Kume, Yuki

Published

2024

6. Detection and mitigation of TCP-based DDoS attacks in cloud environments using a self-attention and intersample attention transformer model: Detection and mitigation...: K. G. et al.

Author

Kirubavathi, G., Sumathi, I. R., Mahalakshmi, J., and Srivastava, Durgesh

Abstract

TCP-based Distributed Denial of Service (DDoS) attacks pose a significant danger to cloud infrastructures because they can imitate genuine traffic patterns, making them difficult to detect using standard approaches. This study introduces the Self-Attention and Intersample Attention Transformer (SAINT) model, a unique deep learning architecture that incorporates Sparse Logistic Regression to address these issues. The SAINT framework uses dual attention mechanisms-self-attention for capturing complicated intraflow dependencies and intersample attention for assessing interflow relationships-to provide enhanced detection of malicious traffic. SAINT, unlike existing methodologies, prioritizes scalability, interpretability, and computational efficiency, distinguishing it from traditional models such as CNNs, RNNs, and ensemble techniques. The model’s efficacy was evaluated using the BCCC-cPacket-Cloud-DDoS-2024 dataset, which included 700,000 traffic flows across 17 advanced attack scenarios, with state-of-the-art metrics: 95% precision, 95% recall, 96% F1 score, and 97% accuracy. Furthermore, studies on the CICDDoS2019 dataset confirmed SAINT’s resilience and flexibility to a variety of network conditions. SAINT addresses real-world issues in cloud-based DDoS detection, such as temporal and spatial traffic complexities, to provide a viable, high performance solution for protecting current cloud infrastructures. This work establishes the groundwork for scalable, adaptable, and efficient cloud-native security frameworks, paving the path for enhanced countermeasures to changing cyber threats. [ABSTRACT FROM AUTHOR]

Published

2025

7. Integrating blockchain, internet of things, and cloud for secure healthcare.

Author

Kumaran, K. Senthur, Khekare, Ganesh, M., Thanu Athitya, Arulmozhivarman, Aakash, M., Arvind Pranav, and N., Hiritish Chidambaram

Subjects

REMOTE patient monitoring, DATA privacy, MEDICAL personnel, INTERNET of things, INFORMATION architecture, BLOCKCHAINS

Abstract

This research paper shows a decentralized healthcare architecture using the integration of internet of things (IoT), blockchain, and cloud to improve speed up tuple broken security as well as scalability. Real time health information (e.g., pulse rate, sugar level) from patients is captured by IoT devices and preprocessed at the fog computing layer to securely send them to a cloud platform. Immutability and transparency Patient health records recorded by blockchain solutions are highly irreversible due to the underlying technology, while smart contracts take care of data integrity and privacy. The cloud layer delivers storage that scales and works, also including real-time analytics to access patient data from anywhere for healthcare providers while the core helps manage long-term information architecture. It does so by automating healthcare workflows and taking some of the manual interventional processes out such that care delivery becomes even more efficient. Together, these technologies provide a secure, efficient, patient-centered healthcare system whose architecture can easily support future needs in remote patient monitoring and inter-institutional collaboration, responding to emerging demands from modern healthcare systems. [ABSTRACT FROM AUTHOR]

Published

2025

8. ADVANCED SECURITY AND PRIVACY IN CLOUD COMPUTING: ENHANCING DATA PROTECTION WITH MULTIKEYWORD RANKED SEARCH IN ENCRYPTED ENVIRONMENTS.

Author

JOSHI, NARENDRA SHYAM, SAMBREKAR, KULDEEP P., PATANKAR, ABHIJIT J., RAJAWAT, ANAND SINGH, and MUQEEM, MOHD

Subjects

CLOUD computing security measures, SEARCH algorithms, INFORMATION retrieval, CLOUD storage, DATA protection

Abstract

As cloud services become more popular, encryption becomes more important for user privacy. Establishing reliable solutions for secure and fast data retrieval is crucial. This research article proposes a novel way to search encrypted cloud data. The suggested method optimises queries with multiple terms and synonyms using a greedy depth-first search (DFS) algorithm and a sophisticated rating system. The suggested architecture assumes users would search using many keywords, some of which may be synonyms for article terms. A search algorithm that uses user query synonyms was created to solve this problem. Despite the constant increase of the search universe, greedy methods help us find the most relevant information. Our depth-first search strategy improves the likelihood of finding relevant information. Our study also uses a unique ranking system that considers keyword frequency, synonym precision, and keyword proximity to determine a text's relevance to a search query. Our suggested methodology outperforms state-of-the-art methods in simulated cloud architecture experiments using encrypted datasets and industry-standard protocols. Runtime, accuracy, and recall show this superiority. The greedy Depth-First Search (DFS) algorithm optimises resources, improving efficiency. A grading method helps users quickly find the most relevant publications by naturally arranging the results. This synonym-enhanced search strategy in encrypted cloud storage systems may improve privacy and usability today. [ABSTRACT FROM AUTHOR]

Published

2025

9. Implementing Identity-based Signature Schemes for Secure Data Transfer in Cloud Computing Environments

Author

Paul Osinuga, Ji-Jian Chin, and Terry Shue Chien Lau

Subjects

cha-cheon ibs, cloud security, elliptic curve cryptography, amazon web services, public key infrastructure, key management, Electronic computers. Computer science, QA75.5-76.95, Information technology, T58.5-58.64

Abstract

In this paper, we present the implementation of the Cha-Cheon Identity-Based Signature (IBS) scheme to enhance secure data transfer in cloud computing environments. Cloud computing rely on traditional Public Key Infrastructure (PKI) systems, which is burdened by certificate management infrastructure. The primary focus of this research to simplify key and certificate management by leveraging identity-based elliptic curve cryptography (ECC) within the Cha-Cheon IBS framework. We show that the proposed IBS solution integrates seamlessly with Amazon Web Services (AWS), utilizing services like S3 for secure data storage and KMS for key management. By applying ECC, the Cha-Cheon scheme achieves efficient cryptographic operations with smaller key sizes, resulting in reduced computational overhead, faster key generation, signature creation, and verification times compared to RSA-based systems. We conducted extensive performance evaluations to compare the Cha-Cheon IBS scheme with traditional PKI-based systems. The results demonstrate that our implementation significantly outperforms RSA in terms of key generation, encryption, and signature verification times, especially under increased user loads and data sizes. Moreover, the security analysis confirms the robustness of the Cha-Cheon IBS against key compromise, offering strong resistance to unauthorized access and key revocation issues. The scheme also scales efficiently as the number of users increases, making it ideal for large-scale cloud infrastructures. This research highlights the potential of IBS as a viable alternative to PKI systems, providing a more streamlined and efficient approach to secure data transfers in cloud environments.

Published

2025

10. Exploring Security Enhancements in Kubernetes CNI: A Deep Dive Into Network Policies

Author

Bom Kim, Jinwoo Kim, and Seungsoo Lee

Subjects

Container network interface, cloud security, container security, network policy, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the explosive growth of Kubernetes adoption, Container Network Interfaces (CNIs) have become critical components for configuring and securing container networks, but a comprehensive analysis of their security capabilities and performance impact is noticeably lacking. Our study conducts a comprehensive security analysis of the major CNI plugins (Cilium, Calico, WeaveNet, Kube-router, and Antrea) in cloud-native environments with Kubernetes through extensive evaluation of Layer 3/4 policy processing, policy complexity scaling, pod scalability, and Layer 7 policy processing. The experimental results show that eBPF-based Cilium maintains 8.9K Mbps throughput under complex L3/4 policies, but drops to 94 Mbps with L7 processing, while Antrea achieves 6.6K Mbps at L7 through HTTP filtering, with performance degrading as policy complexity increases. Under high concurrent pod loads, iptables-based CNIs show a 60-70% reduction in throughput, while Cilium maintains performance within 10% of baseline. These results reveal critical trade-offs between architectural choices and security capabilities, and provide practical guidelines for CNI selection based on specific operational and security requirements in cloud-native environments.

Published

2025

11. Memory management of firewall filtering rules using modified tree rule approach.

Author

Hakani, Dhwani and Mann, Palvinder Singh

Abstract

Firewalls are essential for safety and are used for protecting a great deal of private networks. A firewall's goal is to examine every incoming and outgoing data before granting access. A notable kind of conventional firewall is the rule-based firewall. However, when it comes to job performance, traditional listed-rule firewalls are limited, and they become useless when utilized with some networks that have extremely big firewall rule sets. This study proposes a model firewall architecture called "Tree-Rule Firewall," which has benefits and functions effectively in large-scale networks like "cloud." In order to improve cloud network security, this study suggests a modified tree rule firewall (MTRF cloud) that eliminates rule discrepancies. For the matching firewall policy, this work creates a tree rule firewall. There are no duplicate rules created by the proposed improved tree rule firewall. Also, memory utilization of different size rules is compared [ABSTRACT FROM AUTHOR]

Published

2025

12. Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative Study

Author

Swatisipra Das, Rojalina Priyadarshini, Minati Mishra, and Rabindra Kumar Barik

Subjects

access control, IDM, data integrity, cloud security, blockchain, Technology (General), T1-995

Abstract

Today, IT organizations largely rely on cloud computing services to meet their infrastructure needs, making it the backbone of the industry. However, several challenges remain that need to be effectively addressed. Data breaches, identity and access management problems, unsafe interfaces and APIs, data loss, shared technology vulnerabilities, compliance and legal issues, inadequate data encryption, lack of visibility and control, delayed security patching, and the requirement to have faith in the cloud service provider’s security procedures are the primary security challenges in cloud computing. Blockchain technology has emerged as a promising technology to address many of these security issues. In this paper, an extensive study is carried out to analyze the security issues in the cloud and the categorization of gathered security issues in terms of security requirements, such as confidentiality, integrity, availability, authenticity, and privacy. Research questions are framed to dig deeper into the different blockchain-enabled solutions present to resolve cloud security issues, such as access control, identity management (IDM), and data integrity verification, along with their analysis. In-detail comparative analysis of the above blockchain-assisted solutions is also presented along with the future research directions.

Published

2024

13. I-MPaFS: enhancing EDoS attack detection in cloud computing through a data-driven approach

Author

Md. Sharafat Hossain, Md. Alamgir Hossain, and Md. Saiful Islam

Subjects

Economic denial of sustainability (EDoS), Machine learning in cloud security, Financial impact of cyberattacks, EDoS detection framework, Cloud security, Cloud service economic safety, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Cloud computing offers cost-effective IT solutions but is susceptible to security threats, particularly the Economic Denial of Sustainability (EDoS) attack. EDoS exploits cloud elasticity and the pay-per-use billing model, forcing users to incur unnecessary costs. This research introduces the Integrated Model Prediction and Feature Selection (I-MPaFS) framework to address EDoS attacks. I-MPaFS framework enhances an existing dataset to improve performance, using the generated data to build a Random Forest model for EDoS detection. Our investigation employs the UNSW-NB15, CSE-CIC-IDS18 and NSL-KDD datasets, demonstrating the proposed method’s superiority over existing techniques. The model achieved recall scores of 99.45% on the UNSW-NB15 dataset, 98.19% on the CSE-CIC-IDS18 dataset, and 99.82% on the NSL-KDD dataset, highlighting its reliability and efficacy in safeguarding cloud users from financial exploitation. This study contributes to the field by evaluating current EDoS detection methods, introducing the I-MPaFS framework, validating its performance with benchmark datasets, and comparing its effectiveness against state-of-the-art techniques. The findings affirm the significant potential of I-MPaFS in enhancing cloud security and protecting users from EDoS attacks.

Published

2024

14. Optimizing encrypted search in the cloud using autoencoder-based query approximation.

Author

Mohamed, Mahmoud and Alosman, Khaled

Subjects

EVIDENCE gaps, COMMUNICATION infrastructure, AUTOENCODER, VECTOR data, SCALABILITY

Abstract

Copyright of Baghdad Science Journal is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

15. Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative Study.

Author

Das, Swatisipra, Priyadarshini, Rojalina, Mishra, Minati, and Barik, Rabindra Kumar

Subjects

CLOUD computing security measures, DATA integrity, DATA security failures, BLOCKCHAINS, RESEARCH questions, DATA encryption, ACCESS control, CLOUD computing

Abstract

Today, IT organizations largely rely on cloud computing services to meet their infrastructure needs, making it the backbone of the industry. However, several challenges remain that need to be effectively addressed. Data breaches, identity and access management problems, unsafe interfaces and APIs, data loss, shared technology vulnerabilities, compliance and legal issues, inadequate data encryption, lack of visibility and control, delayed security patching, and the requirement to have faith in the cloud service provider's security procedures are the primary security challenges in cloud computing. Blockchain technology has emerged as a promising technology to address many of these security issues. In this paper, an extensive study is carried out to analyze the security issues in the cloud and the categorization of gathered security issues in terms of security requirements, such as confidentiality, integrity, availability, authenticity, and privacy. Research questions are framed to dig deeper into the different blockchain-enabled solutions present to resolve cloud security issues, such as access control, identity management (IDM), and data integrity verification, along with their analysis. In-detail comparative analysis of the above blockchain-assisted solutions is also presented along with the future research directions. [ABSTRACT FROM AUTHOR]

Published

2024

16. Forensic Investigation Capabilities of Microsoft Azure: A Comprehensive Analysis and Its Significance in Advancing Cloud Cyber Forensics.

Author

Morić, Zlatan, Dakić, Vedran, Kapulica, Ana, and Regvart, Damir

Subjects

DIGITAL forensics, FORENSIC sciences, VIRTUAL machine systems, CYBERTERRORISM, COMPUTER network security

Abstract

This article delves into Microsoft Azure's cyber forensic capabilities, focusing on the unique challenges in cloud security incident investigation. Cloud services are growing in popularity, and Azure's shared responsibility model, multi-tenant nature, and dynamically scalable resources offer unique advantages and complexities for digital forensics. These factors complicate forensic evidence collection, preservation, and analysis. Data collection, logging, and virtual machine analysis are covered, considering physical infrastructure restrictions and cloud data transience. It evaluates Azure-native and third-party forensic tools and recommends methods that ensure effective investigations while adhering to legal and regulatory standards. It also describes how AI and machine learning automate data analysis in forensic investigations, improving speed and accuracy. This integration advances cyber forensic methods and sets new standards for future innovations. Unified Audit Logs (UALs) in Azure are examined, focusing on how Azure Data Explorer and Kusto Query Language (KQL) can effectively parse and query large datasets and unstructured data to detect sophisticated cyber threats. The findings provide a framework for other organizations to improve forensic analysis, advancing cloud cyber forensics while bridging theoretical practices and practical applications, enhancing organizations' ability to combat increasingly sophisticated cybercrime. [ABSTRACT FROM AUTHOR]

Published

2024

17. Securing IoMT Applications: An Approach for Enhancing the Reliability of Security Policies within Cloud Databases.

Author

KSIBI, SONDES, JAIDI, FAOUZI, and BOUHOULA, ADEL

Subjects

DATABASES, ACCESS control, DATA warehousing, ELECTRONIC data processing, DATA security failures, INTERNET of medical things

Abstract

Applications of the Internet-of-Things (IoT) in healthcare have a great potential since they bring, in a cost effective manner, supreme solutions to large scale medical-care. The Internet-of-Medical-Things (IoMT) connects patients to caregivers and facilitates remote healthcare capabilities. Regardless of their expansion, especially during the COVID19 pandemic, IoMT applications encounter critical types of security risks. Many research efforts were conducted to help designing reliable E-Health Systems (EHS), but compliance and privacy-preserving solutions for EHS still require a lot of work. To address this requirement, we focus on reliability enhancement of security policies in the context of EHS. We especially deal with risk management within the data processing and storage area, in IoMT systems, composed mainly of cloud/private databases that store confidential medical data. Malicious users and attackers can discover and leak unauthorized data via exploiting authorized information and may expand their rights by using advanced features such as database functional dependencies. In such critical systems, identifying and evaluating risks associated to non authorized accesses and policies misconfigurations is highly required. We address, in this paper, the analysis and the management of the compliance of concrete security policies based on appropriate risk metrics. Our solution enhances a well-established formal verification and validation approach that allows identifying non-compliance anomalies in concrete policies with a quantified risk-assessment approach for evaluating risks. A case of application is presented as an example to illustrate the relevance of our proposal. [ABSTRACT FROM AUTHOR]

Published

2024

18. Enhancing network security using unsupervised learning approach to combat zero-day attack.

Author

Perumal, Rajakumar, Karuppiah, Tamilarasi, Panneerselvam, Uppiliraja, Annamalai, Venkatesan, and Kaliyaperumal, Prabu

Subjects

SUPPORT vector machines, DEEP learning, MACHINE learning, COMPUTER network security

Abstract

Machine learning (ML) and advanced neural network methodologies like deep learning (DL) techniques have been increasingly utilized in developing intrusion detection systems (IDS). However, the growing quantity and diversity of cyber-attacks pose a significant challenge for IDS solutions reliant on historical attack signatures. This highlights the industry's need for resilient IDSs that can identify zero-day attacks. Current studies focusing on outlier-based zero-day detection are hindered by elevated false-negative rates, thereby constraining their practical efficacy. This paper suggests utilizing an autoencoder (AE) approach for zero-day attack detection, aiming to achieve high recall while minimizing false negatives. Evaluation is conducted using well-established IDS datasets, CICIDS2017 and CSECICIDS2018. The model's efficacy is demonstrated by contrasting its performance with that of a one-class support vector machine (OCSVM). The research underscores the OCSVM's capability in distinguishing zero-day attacks from normal behavior. Leveraging the encoding-decoding capabilities of AEs, the proposed model exhibits promising results in detecting complex zero-day attacks, achieving accuracies ranging from 93% to 99% across datasets. Finally, the paper discusses the balance between recall and fallout, offering valuable insights into model performance. [ABSTRACT FROM AUTHOR]

Published

2024

19. I-MPaFS: enhancing EDoS attack detection in cloud computing through a data-driven approach.

Author

Hossain, Md. Sharafat, Hossain, Md. Alamgir, and Islam, Md. Saiful

Subjects

SUSTAINABLE development, INFORMATION technology, FEATURE selection, RANDOM forest algorithms, MACHINE learning

Abstract

Cloud computing offers cost-effective IT solutions but is susceptible to security threats, particularly the Economic Denial of Sustainability (EDoS) attack. EDoS exploits cloud elasticity and the pay-per-use billing model, forcing users to incur unnecessary costs. This research introduces the Integrated Model Prediction and Feature Selection (I-MPaFS) framework to address EDoS attacks. I-MPaFS framework enhances an existing dataset to improve performance, using the generated data to build a Random Forest model for EDoS detection. Our investigation employs the UNSW-NB15, CSE-CIC-IDS18 and NSL-KDD datasets, demonstrating the proposed method's superiority over existing techniques. The model achieved recall scores of 99.45% on the UNSW-NB15 dataset, 98.19% on the CSE-CIC-IDS18 dataset, and 99.82% on the NSL-KDD dataset, highlighting its reliability and efficacy in safeguarding cloud users from financial exploitation. This study contributes to the field by evaluating current EDoS detection methods, introducing the I-MPaFS framework, validating its performance with benchmark datasets, and comparing its effectiveness against state-of-the-art techniques. The findings affirm the significant potential of I-MPaFS in enhancing cloud security and protecting users from EDoS attacks. [ABSTRACT FROM AUTHOR]

Published

2024

20. Technical sandbox for a Global Patient co-Owned Cloud (GPOC).

Author

Davids, Joe, ElSharkawy, Mohamed, Ashrafian, Hutan, Herlenius, Eric, and Lidströmer, Niklas

Subjects

*MEDICAL records, *DIGITAL health, *TECHNOLOGICAL innovations, *ARTIFICIAL intelligence in medicine, *BLOCKCHAINS

Abstract

Background: The use of Cloud-based storage personal health records has increased globally. The GPOC series introduces the concept of a Global Patient co-Owned Cloud (GPOC) of personal health records. Technical sandboxes allow the capability to simulate different scientific concepts before making them production ready. None exist for the medical fields and cloud-based research. Methods: We constructed and tested the sandbox using open-source infrastructures (Ubuntu, Alpine Linux, and Colaboratory) and demonstrated it on a cloud platform. Data preprocessing utilised standard and in-house libraries. The Mina protocol, implementing zero-knowledge proofs, ensured secure blockchain operations, while the Ethereum smart contract protocol within Hyperledger Besu supported enterprise-grade sandbox development. Results: Here, we present the GPOC series' technical sandbox. This is to facilitate future online research and testing of the concept and its security, encryption, movability, research potential, risks and structure. It has several protocols for homomorphic encryption, decentralisation, transfers, and file management. The sandbox is openly available online and tests authorisation, transmission, access control, and integrity live. It invites all committed parties to test and improve the platform. Individual patients, clinics, organisations and regulators are invited to test and develop the concept. The sandbox displays co-ownership of personal health records. Here it is trisected between patients, clinics and clinicians. Patients can actively participate in research and control their health data. The challenges include ensuring that a unified underlying protocol is maintained for cross-border delivery of care based on data management regulations. Conclusions: The GPOC concept, as demonstrated by the GPOC Sandbox, represents an advancement in healthcare technology. By promoting patient co-ownership and utilising advanced technologies like blockchain and homomorphic encryption, the GPOC initiative enhances individual control over health data and facilitates collaborative medical research globally. The justification for this research lies in its potential to improve evidence-based medicine and AI dissemination. The significance of the GPOC initiative extends to various aspects of healthcare, patient co-ownership of health data, promoting access to resources and healthcare democratisation. The implications include better global health outcomes through continued development and collaboration, ensuring the successful adoption of the GPOC Sandbox and advancing innovation in digital health. [ABSTRACT FROM AUTHOR]

Published

2024

21. The significance of artificial intelligence in zero trust technologies: a comprehensive review

Author

Deepa Ajish

Subjects

Artificial intelligence, Cloud security, Cybersecurity, Zero trust, Electrical engineering. Electronics. Nuclear engineering, TK1-9971, Information technology, T58.5-58.64

Abstract

Abstract In the era of cloud computing, cybersecurity has assumed paramount importance. As organizations transition to cloud-based solutions, cyberattackers increasingly target cloud services as a lucrative avenue for unauthorized access to sensitive information. The traditional security perimeter, once robust, now exhibits porosity, necessitating a reevaluation of security strategies to counter these evolving threats. This paper delves into the critical role of artificial intelligence (AI) within zero trust security technologies. The convergence of AI and zero trust has garnered significant attention, particularly in the domains of security enhancement, risk mitigation, and the redefinition of trust paradigms. My exploration aims to uncover how AI actively observes and supports various technologies in zero trust model. By evaluating existing research findings, I illuminate the transformative potential of AI in fortifying security within zero trust security models. This scholarly perspective underscores the critical interplay between AI and zero trust technologies, highlighting their collective potential in safeguarding digital ecosystems.

Published

2024

22. Trust value evaluation of cloud service providers using fuzzy inference based analytical process

Author

Jomina John and K. John Singh

Subjects

Fuzzy logic, Cloud computing, Trust model, Cloud service provider, Cloud security, Trust parameters, Medicine, Science

Abstract

Abstract Users can purchase virtualized computer resources using the cloud computing concept, which is a novel and innovative way of computing. It offers numerous advantages for IT and healthcare industries over traditional methods. However, a lack of trust between CSUs and CSPs is hindering the widespread adoption of cloud computing across industries. Since cloud computing offers a wide range of trust models and strategies, it is essential to analyze the service using a detailed methodology in order to choose the appropriate cloud service for various user types. Finding a wide variety of comprehensive elements that are both required and sufficient for evaluating any cloud service is vital in order to achieve that. As a result, this study suggests an accurate, fuzzy logic-based trust evaluation model for evaluating the trustworthiness of a cloud service provider. Here, we examine how fuzzy logic raises the efficiency of trust evaluation. Trust is assessed using Quality of Service (QoS) characteristics like security, privacy, dynamicity, data integrity, and performance. The outcomes of a MATLAB simulation demonstrate the viability of the suggested strategy in a cloud setting.

Published

2024

23. Optimizing data retrieval for enhanced data integrity verification in cloud environments

Author

KC Akshay, Muniyal Balachandra, and Parashar Vikalp

Subjects

cloud security, information security, cloud auditing, cloud computing, cryptography, elliptic curve encryption, data integrity verification, Engineering (General). Civil engineering (General), TA1-2040

Abstract

In today’s rapidly evolving digital landscape, the urgency to secure data within expansive cloud storage systems has reached unprecedented levels. Conventional remote storage methods, while widely used, are inherently vulnerable to security breaches, corruption, and tampering. Recognizing this critical challenge, a state-of-the-art protocol has emerged to address these vulnerabilities head-on. This innovative solution integrates a sophisticated binary search tree (BST) structure with elliptic curve cryptography, ensuring not only efficient data retrieval but also robust encryption mechanisms. The protocol goes further by meticulously computing secure hashing algorithm hash values to verify the integrity of files, leaving no room for unauthorized modifications or tampering attempts. A thorough comprehensive benchmarking analysis has been conducted comparing this protocol with established techniques such as Rivest, Shamir, Adleman encryption and doubly linked list-based index table structures. The findings reveal that the proposed protocol outperforms these conventional methods, showcasing superior security features and computational efficiency. Remarkably, the proposed method reduces overheads by an impressive 5%, making it a highly favorable choice for both businesses and academic institutions. This marks a significant advancement toward fortified data security in cloud environments, contributing substantially to the ongoing discourse on secure data storage and management.

Published

2024

24. An Improved Co-Resident Attack Defense Strategy Based on Multi-Level Tenant Classification in Public Cloud Platforms.

Author

Peng, Yuxi, Jiang, Xinchen, Wang, Shaoming, Xiang, Yanping, and Xing, Liudong

Subjects

VIRTUAL machine systems, CLOUD computing, PROBLEM solving, CLASSIFICATION, ALGORITHMS, CLASSIFICATION algorithms

Abstract

Co-resident attacks are serious security threats in multi-tenant public cloud platforms. They are often implemented by building side channels between virtual machines (VMs) hosted on the same cloud server. Traditional defense methods are troubled by the deployment cost. The existing tenant classification methods can hardly cope with the real dataset that is quite large and extremely unevenly distributed, and may have problems in the processing speed considering the computation complexity of the DBSCAN algorithm. In this paper, we propose a novel co-resident attack defense strategy which solve these problems through an improved and efficient multi-level clustering algorithm and semi-supervised classification method. We propose a novel multi-level clustering algorithm which can efficiently reduce the complexity, since only a few parameter adjustments are required. Built on the proposed clustering algorithm, a semi-supervised classification model is designed. The experimental results of the classification effect and training speed show that our model achieves F-scores of over 85% and is significantly faster than traditional SVM classification methods. Based on the classification of unlabeled tenants into different security groups, the cloud service provider may modify the VM placement policy to achieve physical isolation among different groups, reducing the co-residency probability between attackers and target tenants. Experiments are conducted on a large-scale dataset collected from Azure Cloud Platform. The results show that the proposed model achieves 97.86% accuracy and an average 96.06% F-score, proving the effectiveness and feasibility of the proposed defense strategy. [ABSTRACT FROM AUTHOR]

Published

2024

25. Trust value evaluation of cloud service providers using fuzzy inference based analytical process.

Author

John, Jomina and John Singh, K.

Subjects

CLOUD computing security measures, TRUST, FUZZY logic, DATA integrity, QUALITY of service

Abstract

Users can purchase virtualized computer resources using the cloud computing concept, which is a novel and innovative way of computing. It offers numerous advantages for IT and healthcare industries over traditional methods. However, a lack of trust between CSUs and CSPs is hindering the widespread adoption of cloud computing across industries. Since cloud computing offers a wide range of trust models and strategies, it is essential to analyze the service using a detailed methodology in order to choose the appropriate cloud service for various user types. Finding a wide variety of comprehensive elements that are both required and sufficient for evaluating any cloud service is vital in order to achieve that. As a result, this study suggests an accurate, fuzzy logic-based trust evaluation model for evaluating the trustworthiness of a cloud service provider. Here, we examine how fuzzy logic raises the efficiency of trust evaluation. Trust is assessed using Quality of Service (QoS) characteristics like security, privacy, dynamicity, data integrity, and performance. The outcomes of a MATLAB simulation demonstrate the viability of the suggested strategy in a cloud setting. [ABSTRACT FROM AUTHOR]

Published

2024

26. The significance of artificial intelligence in zero trust technologies: a comprehensive review.

Author

Ajish, Deepa

Subjects

DIGITAL technology, TRUST, ARTIFICIAL intelligence, CLOUD computing, ACCESS to information

Abstract

In the era of cloud computing, cybersecurity has assumed paramount importance. As organizations transition to cloud-based solutions, cyberattackers increasingly target cloud services as a lucrative avenue for unauthorized access to sensitive information. The traditional security perimeter, once robust, now exhibits porosity, necessitating a reevaluation of security strategies to counter these evolving threats. This paper delves into the critical role of artificial intelligence (AI) within zero trust security technologies. The convergence of AI and zero trust has garnered significant attention, particularly in the domains of security enhancement, risk mitigation, and the redefinition of trust paradigms. My exploration aims to uncover how AI actively observes and supports various technologies in zero trust model. By evaluating existing research findings, I illuminate the transformative potential of AI in fortifying security within zero trust security models. This scholarly perspective underscores the critical interplay between AI and zero trust technologies, highlighting their collective potential in safeguarding digital ecosystems. [ABSTRACT FROM AUTHOR]

Published

2024

27. Forensic Investigation, Challenges, and Issues of Cloud Data: A Systematic Literature Review.

Author

Alshabibi, Munirah Maher, Bu dookhi, Alanood Khaled, and Hafizur Rahman, M. M.

Subjects

FORENSIC sciences, DIGITAL forensics, COMPUTER systems, LAW enforcement, LEGAL evidence

Abstract

Cloud computing technology delivers services, resources, and computer systems over the internet, enabling the easy modification of resources. Each field has its challenges, and the challenges of data transfer in the cloud pose unique obstacles for forensic analysts, making it necessary for them to investigate and adjust the evolving landscape of cloud computing. This is where cloud forensics emerges as a critical component. Cloud forensics, a specialized field within digital forensics, focuses on uncovering evidence of exploitation, conducting thorough investigations, and presenting findings to law enforcement for legal action against perpetrators. This paper examines the primary challenges encountered in cloud forensics, reviews the relevant literature, and analyzes the strategies implemented to address these obstacles. [ABSTRACT FROM AUTHOR]

Published

2024

28. IoT Collected Health Data to Store in Cloud and Access with PCMAE.

Author

Ivanglin, M. Reena and Pragaladan, R.

Subjects

CLOUD storage security measures, CLOUD storage, DATA warehousing, PATIENT monitoring, INTERNET of things

Abstract

Cloud storage is a utility where data is remotely stored cloud environment and then the data is accessible to end users over internet. It permits the client to collect the files through online and access from anywhere via internet. The main objective of the cloud storage is to store the data safely in the Cloud space and fetch the data whenever requested by the client. In this research analysis the IoT devices collected data (IoT-PCM) are store into the cloud and access the data from the cloud. Here we are used the private cloud (AWS) for data storage purpose and the IoT devices collects the patient health data. In proposed PCMAE (Patient Care Monitoring based Authorized Encryption) technique it provides a secured way to view the health data, decrypting with verified secret key before downloading. Main work on how the doctors retrieval the IoT-PCM health data. [ABSTRACT FROM AUTHOR]

Published

2024

29. A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT.

Author

Kaliyaperumal, Prabu, Periyasamy, Sudhakar, Thirumalaisamy, Manikandan, Balusamy, Balamurugan, and Benedetto, Francesco

Subjects

COMPUTER network traffic, SUPPORT vector machines, CYBERTERRORISM, KERNEL functions, BLENDED learning, BOTNETS

Abstract

The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoders (bAEs) for dimensionality reduction and encompasses a three-stage detection model: one-class support vector machine (OCSVM) and deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering of applications with noise (DBSCAN) for attack clustering. Accurately delineated clusters aid in mapping attack tactics. The MITRE ATT&CK framework establishes a "Cyber Threat Repository", cataloging attacks and tactics, enabling immediate response based on priority. Leveraging preprocessed and unlabeled normal network traffic data, this approach enables the identification of novel attacks while mitigating the impact of imbalanced training data on model performance. The autoencoder method utilizes reconstruction error, OCSVM employs a kernel function to establish a hyperplane for anomaly detection, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, and minimizing false positives and false negatives. Evaluated on standard datasets such as CIC-IDS2017 and CSECIC-IDS2018, the proposed model outperforms existing state of art methods. Our approach achieves accuracies exceeding 98% for the two datasets, thus confirming its efficacy and effectiveness for application in efficient intrusion detection systems. [ABSTRACT FROM AUTHOR]

Published

2024

30. A bizarre synthesized cascaded optimized predictor (BizSCOP) model for enhancing security in cloud systems

Author

R. Julian Menezes, P. Jesu Jayarin, and A. Chandra Sekar

Subjects

Cloud Security, Intrusion detection system (IDS), Amazon web services (AWS), Deep Learning, Hybrid optimization, Bizarre synthesized cascaded optimized predictor (BizSCOP), Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Due to growing network data dissemination in cloud, the elasticity, pay as you go options, globally accessible facilities, and security of networks have become increasingly important in today's world. Cloud service providers, including AWS, Azure, GCP, and others, facilitate worldwide expansion within minutes by offering decentralized communication network functions, hence providing security to cloud is still remains a challenging task. This paper aims to introduce and evaluate the Biz-SCOP model, a novel intrusion detection system developed for cloud security. The research addresses the pressing need for effective intrusion detection in cloud environments by combining hybrid optimization techniques and advanced deep learning methodologies. The study employs prominent intrusion datasets, including CSE-CIC-IDS 2018, CIC-IDS 2017, and a cloud intrusion dataset, to assess the proposed model's performance. The study's design involves implementing the Biz-SCOP model using Matlab 2019 software on a Windows 10 OS platform, utilizing 8 GB RAM and an Intel core i3 processor. The hybrid optimization approach, termed HyPSM, is employed for feature selection, enhancing the model's efficiency. Additionally, an intelligent deep learning model, C2AE, is introduced to discern friendly and hostile communication, contributing to accurate intrusion detection. Key findings indicate that the Biz-SCOP model outperforms existing intrusion detection systems, achieving notable accuracy (99.8%), precision (99.7%), F1-score (99.8%), and GEO (99.9%). The model excels in identifying various attack types, as demonstrated by robust ROC analysis. Interpretations and conclusions emphasize the significance of hybrid optimization and advanced deep learning techniques in enhancing intrusion detection system performance. The proposed model exhibits lower computational load, reduced false positives, ease of implementation, and improved accuracy, positioning it as a promising solution for cloud security.

Published

2024

31. A bizarre synthesized cascaded optimized predictor (BizSCOP) model for enhancing security in cloud systems.

Author

Menezes, R. Julian, Jayarin, P. Jesu, and Sekar, A. Chandra

Subjects

INTRUSION detection systems (Computer security), SECURITY systems, DEEP learning, FEATURE selection, CLOUD computing, MATHEMATICAL optimization

Abstract

Due to growing network data dissemination in cloud, the elasticity, pay as you go options, globally accessible facilities, and security of networks have become increasingly important in today's world. Cloud service providers, including AWS, Azure, GCP, and others, facilitate worldwide expansion within minutes by offering decentralized communication network functions, hence providing security to cloud is still remains a challenging task. This paper aims to introduce and evaluate the Biz-SCOP model, a novel intrusion detection system developed for cloud security. The research addresses the pressing need for effective intrusion detection in cloud environments by combining hybrid optimization techniques and advanced deep learning methodologies. The study employs prominent intrusion datasets, including CSE-CIC-IDS 2018, CIC-IDS 2017, and a cloud intrusion dataset, to assess the proposed model's performance. The study's design involves implementing the Biz-SCOP model using Matlab 2019 software on a Windows 10 OS platform, utilizing 8 GB RAM and an Intel core i3 processor. The hybrid optimization approach, termed HyPSM, is employed for feature selection, enhancing the model's efficiency. Additionally, an intelligent deep learning model, C2AE, is introduced to discern friendly and hostile communication, contributing to accurate intrusion detection. Key findings indicate that the Biz-SCOP model outperforms existing intrusion detection systems, achieving notable accuracy (99.8%), precision (99.7%), F1-score (99.8%), and GEO (99.9%). The model excels in identifying various attack types, as demonstrated by robust ROC analysis. Interpretations and conclusions emphasize the significance of hybrid optimization and advanced deep learning techniques in enhancing intrusion detection system performance. The proposed model exhibits lower computational load, reduced false positives, ease of implementation, and improved accuracy, positioning it as a promising solution for cloud security. [ABSTRACT FROM AUTHOR]

Published

2024

32. A Survey on Searchable Symmetric Encryption.

Author

Li, Feng, Ma, Jianfeng, Miao, Yinbin, Liu, Ximeng, Ning, Jianting, and Deng, Robert H.

Subjects

*DATA privacy, *INFORMATION technology, *LOSSLESS data compression, *DATA structures, *HIGH performance computing, *DOCUMENT clustering, *PUBLIC key cryptography

Published

2024

33. Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure.

Author

Dawood, Muhammad, Xiao, Chunagbai, Tu, Shanshan, Alotaibi, Faiz Abdullah, Alnfiai, Mrim M., and Farhan, Muhammad

Subjects

COMPUTER network traffic, COMMUNICATION infrastructure, INTERNET domain naming system, SECURE Sockets Layer (Computer network protocol), RADIAL basis functions, INTELLIGENT transportation systems, COMPUTER networks

Abstract

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic. [ABSTRACT FROM AUTHOR]

Published

2024

34. Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing.

Author

Radanliev, Petar

Subjects

ARTIFICIAL intelligence, SHARED virtual environments, CLOUD computing, BLOCKCHAINS, TECHNOLOGICAL innovations

Abstract

In the ever-evolving realm of cybersecurity, the increasing integration of Metaverse systems with cutting-edge technologies such as Artificial Intelligence (AI), Blockchain, and Cloud Computing presents a host of new opportunities alongside significant challenges. This article employs a methodological approach that combines an extensive literature review with focused case study analyses to examine the changing cybersecurity landscape within these intersecting domains. The emphasis is particularly on the Metaverse, exploring its current state of cybersecurity, potential future developments, and the influential roles of AI, blockchain, and cloud technologies. Our thorough investigation assesses a range of cybersecurity standards and frameworks to determine their effectiveness in managing the risks associated with these emerging technologies. Special focus is directed towards the rapidly evolving digital economy of the Metaverse, investigating how AI and blockchain can enhance its cybersecurity infrastructure whilst acknowledging the complexities introduced by cloud computing. The results highlight significant gaps in existing standards and a clear necessity for regulatory advancements, particularly concerning blockchain's capability for self-governance and the earlystage development of the Metaverse. The article underscores the need for proactive regulatory involvement, stressing the importance of cybersecurity experts and policymakers adapting and preparing for the swift advancement of these technologies. Ultimately, this study offers a comprehensive overview of the current scenario, foresees future challenges, and suggests strategic directions for integrated cybersecurity within Metaverse systems utilising AI, blockchain, and cloud computing. [ABSTRACT FROM AUTHOR]

Published

2024

35. Cloud Security Using Fine-Grained Efficient Information Flow Tracking.

Author

Alqahtani, Fahad, Almutairi, Mohammed, and Sheldon, Frederick T.

Subjects

DATA security failures, CLOUD computing security measures, ACCESS to information

Abstract

This study provides a comprehensive review and comparative analysis of existing Information Flow Tracking (IFT) tools which underscores the imperative for mitigating data leakage in complex cloud systems. Traditional methods impose significant overhead on Cloud Service Providers (CSPs) and management activities, prompting the exploration of alternatives such as IFT. By augmenting consumer data subsets with security tags and deploying a network of monitors, IFT facilitates the detection and prevention of data leaks among cloud tenants. The research here has focused on preventing misuse, such as the exfiltration and/or extrusion of sensitive data in the cloud as well as the role of anonymization. The CloudMonitor framework was envisioned and developed to study and design mechanisms for transparent and efficient IFT (eIFT). The framework enables the experimentation, analysis, and validation of innovative methods for providing greater control to cloud service consumers (CSCs) over their data. Moreover, eIFT enables enhanced visibility to assess data conveyances by third-party services toward avoiding security risks (e.g., data exfiltration). Our implementation and validation of the framework uses both a centralized and dynamic IFT approach to achieve these goals. We measured the balance between dynamism and granularity of the data being tracked versus efficiency. To establish a security and performance baseline for better defense in depth, this work focuses primarily on unique Dynamic IFT tracking capabilities using e.g., Infrastructure as a Service (IaaS). Consumers and service providers can negotiate specific security enforcement standards using our framework. Thus, this study orchestrates and assesses, using a series of real-world experiments, how distinct monitoring capabilities combine to provide a comparatively higher level of security. Input/output performance was evaluated for execution time and resource utilization using several experiments. The results show that the performance is unaffected by the magnitude of the input/output data that is tracked. In other words, as the volume of data increases, we notice that the execution time grows linearly. However, this increase occurs at a rate that is notably slower than what would be anticipated in a strictly proportional relationship. The system achieves an average CPU and memory consumption overhead profile of 8% and 37% while completing less than one second for all of the validation test runs. The results establish a performance efficiency baseline for a better measure and understanding of the cost of preserving confidentiality, integrity, and availability (CIA) for cloud Consumers and Providers (C&P). Consumers can scrutinize the benefits (i.e., security) and tradeoffs (memory usage, bandwidth, CPU usage, and throughput) and the cost of ensuring CIA can be established, monitored, and controlled. This work provides the primary use-cases, formula for enforcing the rules of data isolation, data tracking policy framework, and the basis for managing confidential data flow and data leak prevention using the CloudMonitor framework. [ABSTRACT FROM AUTHOR]

Published

2024

36. A Survey of Security Challenges in Cloud-Based SCADA Systems.

Author

Wali, Arwa and Alshehry, Fatimah

Subjects

SUPERVISORY control & data acquisition systems, SUPERVISORY control systems, REAL-time computing, INDUSTRIAL costs, CYBERTERRORISM

Abstract

Supervisory control and data acquisition (SCADA) systems enable industrial organizations to control and monitor real-time data and industrial processes. Migrating SCADA systems to cloud environments can enhance the performance of traditional systems by improving storage capacity, reliability, and availability while reducing technical and industrial costs. However, the increasing frequency of cloud cyberattacks poses a significant challenge to such systems. In addition, current research on cloud-based SCADA systems often focuses on a limited range of attack types, with findings scattered across various studies. This research comprehensively surveys the most common cybersecurity vulnerabilities and attacks facing cloud-based SCADA systems. It identifies four primary vulnerability factors: connectivity with cloud services, shared infrastructure, malicious insiders, and the security of SCADA protocols. This study categorizes cyberattacks targeting these systems into five main groups: hardware, software, communication and protocol-specific, control process, and insider attacks. In addition, this study proposes security solutions to mitigate the impact of cyberattacks on these control systems. [ABSTRACT FROM AUTHOR]

Published

2024

37. Advancements in detecting, preventing, and mitigating DDoS attacks in cloud environments: A comprehensive systematic review of state-of-the-art approaches

Author

Mohamed Ouhssini, Karim Afdel, Mohamed Akouhar, Elhafed Agherrabi, and Abdallah Abarda

Subjects

DDoS attacks, Cloud environments, Effective strategies, Systematic review, Cloud security, Defense mechanisms, Electronic computers. Computer science, QA75.5-76.95

Abstract

This comprehensive study examines cutting-edge strategies for combating Distributed Denial of Service (DDoS) attacks in cloud environments, addressing a critical gap in recent literature. Through a systematic review of the latest advancements, we propose a framework for identifying, preventing, and mitigating DDoS threats specifically tailored to cloud infrastructures. Our research highlights the urgent need for robust defense mechanisms to enhance cloud security, minimize service disruptions, and safeguard against data breaches. By analyzing the strengths and limitations of current models, we underscore the importance of continued innovation in this rapidly evolving field. This study provides essential insights for academics and industry professionals aiming to enhance the resilience of cloud infrastructure against the ongoing and adaptive menace of DDoS attacks.

Published

2024

38. SECURITY PRINCIPLES IN CLOUD COMPUTING.

Author

Josic, Damir, Basic, Matej, and Zgrablic, Luka

Subjects

*CLOUD computing security measures, *MULTI-factor authentication, *INFORMATION resources management, *EMPLOYEE training, *USER experience, *ACCESS control

Abstract

This paper provides a comprehensive overview of cloud security principles, highlighting the critical areas of data confidentiality, identity security, access controls, and the role of monitoring and event logging in maintaining secure cloud environments. It addresses organizations' everyday challenges, such as improper identity and access management, insecure APIs, and potential unauthorized access risks. The discussion includes detailed strategies for mitigating these issues, such as implementing robust authentication protocols, network segmentation, continuous security assessments, and robust employee training programs. The paper also highlights the importance of multifactor authentication (MFA) and the innovative use of passwordless authentication to enhance security and user experience. It explores using SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automation and Response) technologies to bolster cybersecurity through real-time analysis and automated incident response. [ABSTRACT FROM AUTHOR]

Published

2024

39. Biometric Fusion for Enhanced Authentication in Cloud Computing Environments

Author

Chiyo Miyazawa and Ryosuke Sato

Subjects

cloud security, multimodal biometrics, authentication, cryptographic, data protection, biometric fusion, Computer software, QA76.75-76.765, Mining engineering. Metallurgy, TN1-997

Abstract

In the realm of cloud computing, ensuring robust data security is of utmost importance. Authentication, a cornerstone of safeguarding information, continuously evolves to counter escalating threats. This paper introduces MultiFusionGuard, an innovative multimodal biometric authentication framework aimed at bolstering cloud security. By leveraging diverse biometric traits like fingerprints, iris scans, and palm prints, MultiFusionGuard utilizes their unique patterns to enhance security measures. Each trait undergoes meticulous image processing stages, encompassing pre-processing, normalization, and feature extraction. The fusion of these distinct biometric features at multiple levels results in a robust authentication framework. Integration of these features establishes a comprehensive and intricate authentication system, thereby amplifying the complexity and effectiveness of security measures. The system's efficacy is evaluated using indicators such as incorrect rejection ratio, incorrect acceptance ratio, and execution time to ensure reliability and resilience against illegal access attempts. MultiFusionGuard offers a promising solution to fortify data protection within cloud environments, providing advanced defense mechanisms against potential security breaches.

Published

2024

40. Securing cloud-enabled smart cities by detecting intrusion using spark-based stacking ensemble of machine learning algorithms

Author

Mohd. Rehan Ghazi and N. S. Raghava

Subjects

smart cities, cloud security, spark, pigeon-inspired optimizer, pso, ids, Mathematics, QA1-939, Applied mathematics. Quantitative methods, T57-57.97

Abstract

With the use of cloud computing, which provides the infrastructure necessary for the efficient delivery of smart city services to every citizen over the internet, intelligent systems may be readily integrated into smart cities and communicate with one another. Any smart system at home, in a car, or in the workplace can be remotely controlled and directed by the individual at any time. Continuous cloud service availability is becoming a critical subscriber requirement within smart cities. However, these cost-cutting measures and service improvements will make smart city cloud networks more vulnerable and at risk. The primary function of Intrusion Detection Systems (IDS) has gotten increasingly challenging due to the enormous proliferation of data created in cloud networks of smart cities. To alleviate these concerns, we provide a framework for automatic, reliable, and uninterrupted cloud availability of services for the network data security of intelligent connected devices. This framework enables IDS to defend against security threats and to provide services that meet the users' Quality of Service (QoS) expectations. This study's intrusion detection solution for cloud network data from smart cities employed Spark and Waikato Environment for Knowledge Analysis (WEKA). WEKA and Spark are linked and made scalable and distributed. The Hadoop Distributed File System (HDFS) storage advantages are combined with WEKA's Knowledge flow for processing cloud network data for smart cities. Utilizing HDFS components, WEKA's machine learning algorithms receive cloud network data from smart cities. This research utilizes the wrapper-based Feature Selection (FS) approach for IDS, employing both the Pigeon Inspired Optimizer (PIO) and the Particle Swarm Optimization (PSO). For classifying the cloud network traffic of smart cities, the tree-based Stacking Ensemble Method (SEM) of J48, Random Forest (RF), and eXtreme Gradient Boosting (XGBoost) are applied. Performance evaluations of our system were conducted using the UNSW-NB15 and NSL-KDD datasets. Our technique is superior to previous works in terms of sensitivity, specificity, precision, false positive rate (FPR), accuracy, F1 Score, and Matthews correlation coefficient (MCC).

Published

2024

41. Robustness of Workload Forecasting Models in Cloud Data Centers: A White-Box Adversarial Attack Perspective

Author

Nosin Ibna Mahbub, Md. Delowar Hossain, Sharmen Akhter, Md. Imtiaz Hossain, Kimoon Jeong, and Eui-Nam Huh

Subjects

Cloud computing, workload prediction, cloud security, deep learning, adversarial attack, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cloud computing has become the cornerstone of modern technology, propelling industries to unprecedented heights with its remarkable and recent advances. However, the fundamental challenge for cloud service providers is real-time workload prediction and management for optimal resource allocation. Cloud workloads are characterized by their heterogeneous, unpredictable, and fluctuating nature, making this task even more challenging. As a result of the remarkable achievements of deep learning (DL) algorithms across diverse fields, scholars have begun to embrace this approach to addressing such challenges. It has become the defacto standard for cloud workload prediction. Unfortunately, DL algorithms have been widely recognized for their vulnerability to adversarial examples, which poses a significant challenge to DL-based forecasting models. In this study, we utilize established white-box adversarial attack generation methods from the field of computer vision to construct adversarial cloud workload examples for four cutting-edge deep learning regression models, including Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), 1D Convolutional Neural Network (1D-CNN) and attention-based models. We evaluate our study with three widely recognized cloud benchmark datasets: Google trace, Alibaba trace, and Bitbrain. The findings of our analysis unequivocally indicate that DL-based cloud workload forecasting models are highly vulnerable to adversarial attacks. To the best of our knowledge, we are the first to conduct systematic research exploring the vulnerability of DL-based models for workload forecasting in the cloud data center, highlighting the inherent hazards to both security and cost-effectiveness in cloud data centers. By raising awareness of these vulnerabilities, we advocate the urgent development of robust defensive mechanisms to enhance the security of cloud workload forecasting in a constantly evolving technical landscape.

Published

2024

42. Converging Technologies for Health Prediction and Intrusion Detection in Internet of Healthcare Things With Matrix- Valued Neural Coordinated Federated Intelligence

Author

Sarah A. Alzakari, Arindam Sarkar, Mohammad Zubair Khan, and Amel Ali Alhussan

Subjects

Federated learning, blockchain, cloud security, Internet of Health Things (IoHT), Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

This paper introduces Matrix-Valued Neural Coordinated Federated Deep Extreme Machine Learning, a novel approach for enhancing health prediction and intrusion detection on the Internet of Healthcare Things (IoHT). By leveraging Machine Learning (ML), blockchain, and Intrusion Detection Systems (IDS), this technique ensures the security of medical data while enabling predictive health analytics. The IoHT, characterized by its vast network of interconnected devices, poses significant challenges in security and confidentiality. However, the integration of proposed technique empowers healthcare systems to proactively address these concerns while enhancing patient outcomes and reducing healthcare costs. Smart healthcare, enabled by ML and blockchain, is revolutionizing healthcare 5.0. Healthcare systems may employ IoHTs’ intelligent and interactive characteristics using proposed approach. Despite its benefits, medical data aggregation poses security, ownership, and regulatory compliance challenges. Federated Learning (FL) is a key technique for distributed learning that protects data. The proposed architecture has several unique benefits like 1) it provides a thorough examination of the incorporation of blockchain technology with FL for healthcare 5.0; 2) it takes the lead in creating a robust healthcare monitoring system that utilizes blockchain technology and IDS to identify and prevent harmful actions; 3) the development of crucial blockchain elements by means of mutual neuronal synchronization of Artificial Neural Networks (ANNs) showcases pioneering progress in safeguarding medical data; and 4) the framework underwent a thorough empirical assessment and outperformed existing methods in accurately predicting intrusion detection and disease prediction, achieving an impressive efficiency rate of 97.75% and 98% respectively. This development represents a major step forward in improving security and predictive abilities within the IoHT ecosystem, offering the potential for revolutionary advancements in healthcare delivery and patient care.

Published

2024

43. Selection of Cloud Security by Employing MABAC Technique in the Environment of Hesitant Bipolar Complex Fuzzy Information

Author

Hafiz Muhammad Waqas, Walid Emam, Tahir Mahmood, Ubaid Ur Rehman, and Shi Yin

Subjects

Cloud security, hesitant bipolar complex fuzzy set, aggregation operators, MABAC technique, MAGDM, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The term “cloud security (CS)” describes the collection of procedures and tools intended to defend networks, data, apps, and systems used in cloud computing from possible security risks and unauthorized access. Data breaches, identity and access management, network security, adherence to industry and governmental standards, and the security of third-party services and apps are a few of the major issues with CS. Selecting the best CS becomes critical for resolving all these problems. Within the context of hesitant bipolar complex fuzzy sets (HBCFSs) theory, we address in this study optimal selection utilizing various conceptions of aggregation operators (AOs). The notion of HBCFSs gives us a valuable framework by providing the hesitancy nature of any object along with its positive and negative aspects. Moreover, HBCFSs are a valuable tool to eliminate the vagueness and uncertainty of any given information. In this manuscript, by utilizing the framework of HBCFSs we developed some new AOs which are obliging to convert the set of information into a singleton value. Then by utilizing these AOs we calculate and aggregate all the numerical significance of CS. To handle our supposed problem of CS the mainly developed AOs are hesitant bipolar complex fuzzy (HBCF) weighted averaging (HBCFWA), HBCF ordered weighted averaging (HBCFOWA), HBCF weighted geometric (HBCFWG), HBCF ordered weighted geometric (HBCFOWG), generalized HBCF weighted averaging (GHBCFWA), generalized HBCF weighted geometric (GHBCFWG) operators. Furthermore, we develop the multi-attributive border approximation area comparison (MABAC) method to address our multi-attribute group decision-making (MAGDM) problem of CS. Moreover, in this manuscript, we propose and analyze a CS-related numerical case study to identify the optimal CS. Lastly; to demonstrate the advantages and superiority of the interpretive work, we compared our suggested methodology with other extant ideas.

Published

2024

44. Secure Healthcare Access Control System (SHACS) for Anomaly Detection and Enhanced Security in Cloud-Based Healthcare Applications

Author

S. K. B. Sangeetha, C. Selvarathi, Sandeep Kumar Mathivanan, Jaehyuk Cho, and Sathishkumar Veerappampalayam Easwaramoorthy

Subjects

Healthcare access control, attribute-based access control (ABAC), cloud security, electronic health records (EHR), authentication efficiency, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The growing reliance on distributed cloud technology in mobile healthcare applications has introduced critical challenges in ensuring secure and efficient access to Electronic Health Records (EHR). Traditional methods have prolonged authentication times and access delays, compromising both the efficiency and security of healthcare systems. To address these issues, this study proposes the Secure Healthcare Access Control System (SHACS), a robust framework specifically designed to enhance security and efficiency in healthcare environments. SHACS provides a sophisticated combination of role-based access control, attribute-based policies, and dynamic rules to streamline authentication processes and safeguard data access. SHACS architecture provides the central authority and system authorities, responsible for enforcing access control policies and verifying the authenticity of users requesting access to medical records. SHACS also integrates real-time anomaly detection capabilities, utilizing the MIMIC-III dataset to identify and respond to unusual access patterns, thereby mitigating potential security breaches. Following successful authentication, SHACS generates secure decryption tokens and keys, enabling swift and secure access to EHRs while continuously updating a dynamic access list to monitor and reduce access delays. Experimental results demonstrate that SHACS significantly improves system performance, reducing authentication times by 30% and access delays by 25% compared to traditional methods. For instance, SHACS decreased the average authentication time from 40 seconds to 28 seconds and enhanced system responsiveness, lowering average access delays from 15 seconds to 11 seconds. The implementation of SHACS underscores the importance of privacy-enhancing technologies in safeguarding medical records, ensuring that only authorized personnel access sensitive data. Through rigorous testing and analysis, SHACS proves its efficacy in strengthening the security posture of cloud-based healthcare systems, ultimately contributing to the quality and accessibility of remote healthcare services.

Published

2024

45. Cloud computing : technologies and strategies of the ubiquitous data center.

Author

Chee, Brian J. S. and Franklin, Curtis

Subjects

Cloud computing, Cloud security, Ubiquitous computing

Abstract

Summary: Modern computing is no longer about devices but is all about providing services, a natural progression that both consumers and enterprises are eager to embrace. As it can deliver those services, efficiently and with quality, at compelling price levels, cloud computing is with us to stay. Ubiquitously and quite definitively, cloud computing is answering the demand for sophisticated, flexible services. Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center looks at cloud computing from an IT manager's perspective.

Published

2010

46. The Information Richness Assessment of Information Security Awareness in Iranian Cloud Storage Users: Case Study of iCloud

Author

Mahnam Zamani Kalajahi, Soulmaz Zardary, and Shima Mardi

Subjects

information security awareness, information security management, icloud, cloud security, iran, Information resources (General), ZA3040-5185, Transportation and communications, HE1-9990

Abstract

Cloud storage technology is attracting more attention due to the increasing implementation of technology in everyday life. The present study aims to assess Iranian iCloud users' richness of information security awareness at the three levels of knowledge, attitude, and behavior, based on six aspects required for adhering to information security policies. Accordingly, in this study, the self-reported data of 384 Iranian users of Apple products (IUAP) were investigated using a questionnaire designed by a researcher. Then, the data were analyzed using Microsoft Excel software. This research showed that the average information security awareness of IUAP is 3.22 out of 5, a slightly higher than average score using a quantitative approach and descriptive statistics,. Almost three-quarters of them use iCloud, mainly because of its easy access to information. It also assesses various aspects and examples of information security awareness and behaviors that indicate compliance with information security policies. Finally, the general knowledge of Iranian iCloud users about the components of information security awareness is estimated to be 73.83, which is relatively low and unsatisfactory, showing that more attention and training are needed. Moreover, this study prioritizes different components of information security awareness.

Published

2023

47. Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Author

Muhammad Dawood, Chunagbai Xiao, Shanshan Tu, Faiz Abdullah Alotaibi, Mrim M. Alnfiai, and Muhammad Farhan

Subjects

Cloud security, Traffic classification, Intelligent model, Machine learning, SDN, Electronic computers. Computer science, QA75.5-76.95

Abstract

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic.

Published

2024

48. A Multilayered Approach to Enhance Cloud Security using Homomorphic, AES, and Hashgraph

Author

Ayush Verma, Tanuj Chandela, and Geetanjali Rathee

Subjects

homomorphic encryption, advanced encryption standard, hashgraph, cloud security, cryptography, cyber security, elliptic curve diffie hellman, blockchain, privacy, data protection, cloud computing, blockchain system, double-spending, security risk management, blockchain emerging challenges, smart contracts, hedera hashgraph, semantic security, Telecommunication, TK5101-6720

Abstract

The rise of cloud technology is a big deal for how we share and access data together. It makes working together easier and opens up a ton of new possibilities. But with all this sharing, we need to make sure our information stays safe and that everyone follows the rules we've agreed upon for how services should work. Blockchain technology seems like a good way to keep track of these rules by recording everything in a secure and unchangeable way. However, the usual blockchain systems have some weaknesses. They can still be attacked in ways that could disrupt services, like with DDoS attacks. Plus, the way blockchain reaches agreements can slow things down. However, managing SLAs itself does not ensure the security of the data and user's privacy. Various solutions have been proposed, but none comprehensively address all the issues associated cloud environment. This paper introduces a framework constructed using Hashgraph-based distributed ledger technology to enhance scalability, security, and performance in the tamper-proof logging of all events through smart contracts. This structure aids in detecting points of failure and is applicable for automatic Service Level Agreement (SLA) verification. To safeguard user privacy, protect data from intruders, and ensure semantic security, we have implemented double-layer encryption. A homomorphic encryption technique is employed to preserve user privacy, allowing computations to be performed on the encrypted data. Additionally, AES (Advanced Encryption Standard) is used for secure transportation over an open network to prevent potential attacks such as known-plain-text attacks. The performance of our framework was assessed in terms of latency, CPU usage, and memory usage, while the security aspect was conventionally analyzed.

Published

2024

49. Survey on Secure Keyword Search over Outsourced Data: From Cloud to Blockchain-assisted Architecture.

Author

HAIQIN WU, DÜDDER, BORIS, LIANGMIN WANG, ZHENFU CAO, JUN ZHOU, and XIA FENG

Subjects

*INFORMATION storage & retrieval systems, *MESSAGE authentication codes, *DISTRIBUTED databases, *DATA structures, *RECORDS management, *BLOCKCHAINS, *PUBLIC key cryptography

Published

2024

50. A hybrid deep learning approach for enhanced network intrusion detection.

Author

Prabu, K. and Sudhakar, P.

Subjects

PARTICLE swarm optimization, DEEP learning, COMPUTER network security, PRINCIPAL components analysis

Abstract

The contemporary era places paramount importance on network security and cloud environments, driven by increased data transmission demands, the flexibility of cloud services, and the prevalence of global resources. Addressing the escalating threat of computer malware, the development of efficient intrusion detection systems (IDS) is imperative. This research focuses on the challenges posed by imbalanced datasets and the necessity for unsupervised learning to enhance network security. The proposed hybrid deep learning method utilizes raw data from the CSE-CIC-IDS-2018 dataset, integrating imbalanced and unsupervised learning techniques. After preprocessing and normalization, feature extraction through principal component analysis (PCA) reduces dimensionality from seventy-eight fields to ten essential features. Clustering, employing the density-based spatial clustering of applications with noise (DBSCAN) algorithm optimized with particle swarm optimization (PSO), is applied to the extracted features, distinguishing between attack and non-attack packets. Addressing dataset imbalances, imbalanced learning techniques are employed, and unsupervised learning is exemplified through the AutoEncoder (AE) algorithm. The attack cluster's data is input into AE, a deep learning-based approach, yielding outputs for attack classification. The proposed technique (PCA+DBSCANPSO+ AE) achieves an impressive 99.19% accuracy in intrusion detection, surpassing contemporary methodologies and five existing techniques. This research not only enhances accuracy but also addresses imbalanced learning challenges, utilizing the power of unsupervised learning for robust network security. [ABSTRACT FROM AUTHOR]

Published

2024