International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
A comparative analysis of attacks carried out in cloud technologies, the main methods and methods of information protection, the possibilities of using hardware and software, and methods to combat threats when eliminating them, ensuring data protection were carried out by Mamarajabov Odil Elmurzayevich 2020. Cloud technology to ensure the protection of fundamental methods and use of information. International Journal on Integrated Education. 3, 10 (Oct. 2020), 313-315. DOI:https://doi.org/10.31149/ijie.v3i10.780 https://journals.researchparks.org/index.php/IJIE/article/view/780/750 https://journals.researchparks.org/index.php/IJIE/article/view/780
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
A comparative analysis of attacks carried out in cloud technologies, the main methods and methods of information protection, the possibilities of using hardware and software, and methods to combat threats when eliminating them, ensuring data protection were carried out by Mamarajabov Odil Elmurzayevich 2020. Cloud technology to ensure the protection of fundamental methods and use of information. International Journal on Integrated Education. 3, 10 (Oct. 2020), 313-315. DOI:https://doi.org/10.31149/ijie.v3i10.780 https://journals.researchparks.org/index.php/IJIE/article/view/780/750 https://journals.researchparks.org/index.php/IJIE/article/view/780
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentIJTET Journal
Abstract— Cloud computing is so named for the reason that the information being accessed is found in the "clouds", it
does not entail a user to be in a precise place. Organizations found that cloud computing allows them to diminish the cost
of information management, in view of the fact that they are not obligatory to own their own servers. They can use
capacity leased from third parties. It is more important to store and to secure the data in the cloud. It plays a vital role in
the cloud. The data that can be secured by implementing SVAC (Security Virtualization Architecture for Cloud) Firewall
in the virtual environment. An effectual firewall security has been implemented for jamming and filtering the superfluous
requests coming from the clients prior to the request move towards the virtual machine. Next step is to secure the users.
During the demand dispensation, if the abuser requests the sophisticated of information from the cloud, then based on the
compensation prepared by the cloud client, they can access the data from the cloud server. This paper shows the
architecture and the unwanted request can be restricted through SVAC firewall also how the high level of data that can be
accessed by the highly authorized user.
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...Deenuji Loganathan
Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation of which is very hard especially when it comes to highly distributed botnet-based attacks. The early discovery of these attacks, although challenging, is necessary to protect end-users as well as the expensive network infrastructure resources. In this paper, we address the problem of DDoS attacks and present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection rings around the hosts to defend and collaborate by exchanging selected traffic information. The evaluation of FireCol using extensive simulations and a real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for incremental deployment in real networks.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
A review of security attacks and intrusion detection schemes in wireless sens...ijwmn
Wireless sensor networks are currently the greatest innovation in the field of telecommunications. WSNs
have a wide range of potential applications, including security and surveillance, control, actuation and
maintenance of complex systems and fine-grain monitoring of indoor and outdoor environments. However
security is one of the major aspects of Wireless sensor networks due to the resource limitations of sensor
nodes. Those networks are facing several threats that affect their functioning and their life. In this paper we
present security attacks in wireless sensor networks, and we focus on comparison and analysis of recent
Intrusion Detection schemes in WSNs.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
Software weaknesses in design, architecture, code and deployment have led to software vulnerability exploited by the perpetrators. Although counter measure tools have been developed such as patch management systems, firewalls and antivirus, but the perpetrators have advance sophisticated tools such malware with crypto-lock and crypto-wall technologies. The current counter measures technologies are based on detection and respond model or risk management framework, which are no match to the attacker’s technologies based on speed technologies such as machine generated malwares and precision or stealth technologies such as command-andcontrol node malwares. Although lots of ink has been poured on advances in measuring and preventing software weakness on the detection and respond concept,this study is motivated to explore the state-of-art advances specifically on the novel concept of Continuous Trust Restoration (CTR). The Continuous Trust Restoration is a process of breaking down attacker’s activities kill chain and restoring the system trust. The CTR concept deploys speed, precision and stealth technologies on random route mutation, random host mutation, hypervisors, trust boot, software identities and software define infrastructure. Moreover, to deploy these technologies the study further explores a common security architectural framework with software metrics such as CVE (Common Vulnerability and Exposure), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), CWSS (Common Weakness Scoring System), and CAPEC (Common Attack Pattern Enumeration and Classification). Finally, the study recommends a software security counter measures research paradigm shift from the current detection and respond models to Continuous Trust Restoration concept and from risk management frameworks to a Common Security Architectural Framework.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentIJTET Journal
Abstract— Cloud computing is so named for the reason that the information being accessed is found in the "clouds", it
does not entail a user to be in a precise place. Organizations found that cloud computing allows them to diminish the cost
of information management, in view of the fact that they are not obligatory to own their own servers. They can use
capacity leased from third parties. It is more important to store and to secure the data in the cloud. It plays a vital role in
the cloud. The data that can be secured by implementing SVAC (Security Virtualization Architecture for Cloud) Firewall
in the virtual environment. An effectual firewall security has been implemented for jamming and filtering the superfluous
requests coming from the clients prior to the request move towards the virtual machine. Next step is to secure the users.
During the demand dispensation, if the abuser requests the sophisticated of information from the cloud, then based on the
compensation prepared by the cloud client, they can access the data from the cloud server. This paper shows the
architecture and the unwanted request can be restricted through SVAC firewall also how the high level of data that can be
accessed by the highly authorized user.
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...Deenuji Loganathan
Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation of which is very hard especially when it comes to highly distributed botnet-based attacks. The early discovery of these attacks, although challenging, is necessary to protect end-users as well as the expensive network infrastructure resources. In this paper, we address the problem of DDoS attacks and present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection rings around the hosts to defend and collaborate by exchanging selected traffic information. The evaluation of FireCol using extensive simulations and a real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for incremental deployment in real networks.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
A review of security attacks and intrusion detection schemes in wireless sens...ijwmn
Wireless sensor networks are currently the greatest innovation in the field of telecommunications. WSNs
have a wide range of potential applications, including security and surveillance, control, actuation and
maintenance of complex systems and fine-grain monitoring of indoor and outdoor environments. However
security is one of the major aspects of Wireless sensor networks due to the resource limitations of sensor
nodes. Those networks are facing several threats that affect their functioning and their life. In this paper we
present security attacks in wireless sensor networks, and we focus on comparison and analysis of recent
Intrusion Detection schemes in WSNs.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
Software weaknesses in design, architecture, code and deployment have led to software vulnerability exploited by the perpetrators. Although counter measure tools have been developed such as patch management systems, firewalls and antivirus, but the perpetrators have advance sophisticated tools such malware with crypto-lock and crypto-wall technologies. The current counter measures technologies are based on detection and respond model or risk management framework, which are no match to the attacker’s technologies based on speed technologies such as machine generated malwares and precision or stealth technologies such as command-andcontrol node malwares. Although lots of ink has been poured on advances in measuring and preventing software weakness on the detection and respond concept,this study is motivated to explore the state-of-art advances specifically on the novel concept of Continuous Trust Restoration (CTR). The Continuous Trust Restoration is a process of breaking down attacker’s activities kill chain and restoring the system trust. The CTR concept deploys speed, precision and stealth technologies on random route mutation, random host mutation, hypervisors, trust boot, software identities and software define infrastructure. Moreover, to deploy these technologies the study further explores a common security architectural framework with software metrics such as CVE (Common Vulnerability and Exposure), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), CWSS (Common Weakness Scoring System), and CAPEC (Common Attack Pattern Enumeration and Classification). Finally, the study recommends a software security counter measures research paradigm shift from the current detection and respond models to Continuous Trust Restoration concept and from risk management frameworks to a Common Security Architectural Framework.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
Incredible and amazing growths in the meadow of extranet, internet, intranet and its users have developed an innovative period of great global competition and contention. Denial of service attack by several computers is accomplished of distressing the services of competitor servers. The attack can be done for various reasons. So it is a key threat for cloud environment. Distributed-Denial of Service (DDoS) is a key intimidation to network and cloud computing security. Cloud computing Network is a group of nodes that interrelate with each other for switch over the information. So security is the major issue. There are several security attacks in cloud computing. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviours they may happen obviously or it may due to some attackers.
Cloud computing challenges and solutionsIJCNCJournal
Cloud computing is an emerging area of computer technology that benefits form the processing power and
the computing resources of many connected, geographically distanced computers connected via Internet.
Cloud computing eliminates the need of having a complete infrastructure of hardware and software to meet
users requirements and applications. It can be thought of or considered as a complete or a partial
outsourcing of hardware and software resources. To access cloud applications, a good Internet connection
and a standard Internet browser are required. Cloud computing has its own drawback from the security
point of view; this paper aims to address most of these threats and their possible solutions.
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Data is now an essential resource available to Enterprises. It's no wonder that there are many criminals trying to stop Enterprise companies by stealing and damaging the data.
Data security is about protecting information from being accessed by unauthorized users, data corruption with malicious intent , and theft of data. It is possible to ask why security companies speak about protecting their network, applications, and the endpoints, and less about data. The reason is because data has a significant relationship to data as well as applications and systems. If applications and systems aren't protected from the bad guys Data security isn't feasible.
"Data has become the latest Oil This phrase describes the relationship between applications and data. Data is just like oil in its unprocessed form is not beneficial unless it's refined to be used. Software processes data and display it to users in an simple to consume fashion.
SASE's function for Data Security
Please go through the the Decoding SASE blog to learn more about SASE.
SASE plays a crucial role in securing applications that are part of the distributed workforces and distributed deployments in the cloud, On-Prem and public edges. The following sections will highlight the main security issues and the way SASE can address them.
Enterprises design and implement many applications to serve various business needs. Each application may not need access to all Enterprise data. In addition, all users of applications do not need access to all information in the application. Because of this "Least Access Privilege" and "Identity Based access Controls" constitute the keys in securing data.
Applications aren't as simple anymore. Software developers use a myriad of components, including in-house built as well as purchased and open source. This makes the software more complicated and susceptible to attack. Attackers are likely to use the threat information base and attempt to exploit the weaknesses to gain access to applications, and eventually access to the data. Therefore, securing against threat vulnerabilities is crucial for the security of data.
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
Cloud computing enables users to utilize the services of computing resources. Now days computing resources in mobile applications are being delivered with cloud computing. As there is a growing need for new mobile applications, usage of cloud computing can not be overlooked. Cloud service providers offers the services for the data request in a remote server. Virtualization aspect of cloud computing in mobile applications felicitates better utilization of resources. The industry needs to address the foremost security risk in the underlying technology. The cloud computing environment in mobile applications aggravated with various security problems. This paper addresses challenges in securing data in cloud for mobile Cloud computing and few mechanisms to overcome.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
This is a literature survey about security issues and countermeasures on cloud computing. This paper discusses about an overview of cloud computing and security issues of cloud computing.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
CMST&210 Pillow talk Position 1 Why do you think you may.docxmccormicknadine86
CMST&210 Pillow talk
Position 1
Why do you think you may be right?
Why do you think they may be wrong?
I’m right because:
You are wrong because:
Position 2
Why do you think they may be right?
Why do you think you may be wrong?
I’m wrong because:
You are right because:
Position 3
What are you BOTH right about?
What are you BOTH wrong about? Acknowledge
the strengths and weaknesses of EACH
perspective.
I’m right because:
I’m also wrong because:
You are right because:
You are also wrong because:
Position 4:
Why do you think the issue you are discussing is
NOT as important as it seems? What are your
true needs?
For me?
For you?
Position 5: There is truth in ALL FOUR
perspectives. You may not change your mind and
try to look and SEE the truth in each perspective.
For my perspective these things are true.
For your perspective these things are true.
Cloud Computing
Chapter 9
Securing the Cloud
Learning Objectives
List the security advantages of using a cloud-based provider.
List the security disadvantages of using a cloud-based provider.
Describe common security threats to cloud-based environments.
Physical Security
IT data centers have been secured physically to prevent users who do not have a need to physically touch computers, servers, and storage devices from doing so.
A general security rule is that if an individual can physically touch a device, the individual can more easily break into the device.
Advantages of Cloud Providers with Respect to Security
Immediate deployment of software patches
Extended human-relations reach
Hardware and software redundancy
Timeliness of incident response
Specialists instead of personnel
Disadvantages of Cloud-Based Security
Country or jurisdiction issues
Multitenant risks
Malicious insiders
Vendor lock in
Risk of the cloud-based provider failing
Real World: McAfee Security as a Service
McAfee now offers a range of security solutions that deploy from the cloud. The solutions protect e-mail (spam, phishing, redirection, and virus elimination), websites, desktop computers, mobile devices, and more.
Data Storage Wiping
Within a cloud-based disk storage facility, file wiping overwrites a file’s previous contents when the file is deleted.
Denial of Service Attacks
A denial-of-service attack is a hacker attack on a site, the goal of which is to consume system resources so that the resources cannot be used by the site’s users.
The motivation for and the implementation of denial-of-service attacks differ.
Simple Denial of Service
:Loop
ping SomeSite.com
GOTO Loop
While responding to the ping message, the server can handle fewer other requests.
Distributed Denial of Service
(DDOS) Attack
A distributed denial-of-service (DDoS) attack uses multiple computers distributed across the Internet to attack a target site
Packet Sniffing Attacks
Network ap ...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Climate Impact of Software Testing at Nordic Testing Days
Ea33762765
1. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.762-765
762 | P a g e
Focus on Nefarious Behavior threats in Cloud
Srinivas Naik*, Rajesh Adepu**
*(Department of Computer Science, Princeton College of Engineering, Hyderabad- 501 301)
** (Department of Computer Science, Princeton College of Engineering, Hyderabad – 501 301)
ABSTRACT
Computing over cloud is emerging into
internet space with virtual platform based
applications and attracting users with its
effortless deployments. This enhanced features
of cloud computing has withdrawn attention of
intruders and has made prone to threats due to
which it has lead to security concerns. As more
services migrate to cloud architecture the cloud
will become a more appealing target for cyber
criminals. This journal discusses current threats
to cloud computing as well as summarizing the
currently available detection systems for
malware in the cloud.
Keywords – Cloud threats, Malware, Security,
Threat Detection,
INTRODUCTION
Cloud Computing is emerging as the de
facto service model for modern enterprises. Cloud
Services such as Apple’s iCloud, and established
products, such as Dropbox, have proven that
remote storage and seamless access to data across
multiple devices are popular features among
consumers. In the future we will see an increase in
the reliance of cloud computing as more and more
consumers move to mobile platforms for their
computing needs.
Cloud technologies are made possible
through the use of virtualization in order to share
physical server resources between multiple virtual
machines (VMs) and resources as in FIG 1. The
advantages of this approach include an increase in
the number of clients that can be serviced per
physical server and the ability to provide
infrastructure as a service (IaaS).
Fig 1
Disadvantages include a more complex software
stack and a relatively small understanding of
security issues. The security issues of regular
operating systems (OSs) are well known due to
decades of testing and experience in this area.
Security breaches now commonly occur at the
application level and are less commonly due to a
flaw in the OS itself. Exceptions to this are usually
due to the inclusion of new features into an OS
kernel either to provide new functionality or to
support new hardware. Virtualisation is not only
subject to the security issues of applications and
operating systems, but also introduces new security
issues that are not as well understood, such as the
sharing of hardware resources between VMs.
Clouds themselves are composed of a
number of virtualized environments which are
networked together. The compact topology of this
network and the high probability of relative
homogeneity across VMs create an ideal
environment for rapid malware propagation.
Protecting against malware in the cloud therefore
requires a certain level of coordination between
virtualized environments if threats are to be reliably
detected and dealt with.
In this journal we review previous work
on malware detection, both conventional and in the
presence of virtualization in order to determine the
best approach for detection in the cloud. We also
argue the benefits of distributing detection
throughout the cloud and present a novel approach
to coordinating detection across the cloud. Below
phases provides background to the research area,
specifically: cloud technologies, security in the
cloud, malware detection and detection in the
cloud. Further phase will focuses on malware
detection at the hypervisor level and introduces our
work in this area.
BACKGROUND
A. Cloud Technologies
Cloud computing is an umbrella term for
services that offer offsite computing and storage.
There are three main types of cloud computing:
software as a service (SaaS), platform as a service
(PaaS) and infrastructure as a service (IaaS). Not
all of these require virtualisation, SaaS for example
could be implemented as a typical client/server
service, but virtualisation allows hardware to be
better utilised and enables the infrastructure itself
to be hired out, as is the case in IaaS.
2. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.762-765
763 | P a g e
There are various implementations of
virtualisation, but they areall built on the concept of
virtual machines (VMs). The VMs exist as a virtual
computer system and each have their own
operating system (OS) and applications. The VMs
are managed by a virtual machine monitor (VMM),
which is sometimes referred to as a hypervisor.
Virtualization products such as VM Ware ESXi,
Xen Hypervisor, KVM Hypervisor, etc are
examples of bare-metal hypervisors. Another form
of virtualization exists at application level within
an OS, known as hosted hypervisors. Basically
referring it as type-I and type-II hypervisors
respectively. Type-I hypervisors are focused in this
journal due to their use for cloud services.
The cloud itself is usually composed of
many physical server machines, or hardware nodes.
These nodes each have their own VMM hosting
some VMs. There are a number of reasons for
having multiple hardware nodes, the first being
limited resources. It is important not to run too
many VMs on a single hardware node because of
the limited size of RAM and disk space available.
With more than one physical machine it is possible
to load balance based on CPU, RAM or network
utilisation. Another reason for multiple hardware
nodes is redundancy. If a fault is detected on a
server the VMs can be migrated to another server
before it goes down. This is achieved in the same
way as load balancing, but solves a slightly
different problem.
B. Security in the Cloud
Previous work on cloud security has suggested that
there are a number of security issues associated
with cloud computing. Below are the following
threats to cloud computing:
Threat 1: Data Breaches
Threat 2: Data Loss or Leakage
Threat 3: Account or Service Hijacking
Threat 4: Insecure Interfaces and APIs
Threat 5: Denial of Service
Threat 6: Malicious Insiders
Threat 7:Abuse and wicked Use of Cloud
Computing
Threat 8: Unknown Security Profile
Threat 9: Shared Technology Issues
Of these, threats 3, 4 and 9 are directly
related to malware. Account and Service Hijacking
can be targeted by XSS malware for example to
perform unauthorized activities. Insecure Interfaces
and APIs would allow malware running on one
VM to execute code or access data on another VM.
Shared Technology Issues include the sharing of
physical memory between multiple VMs.
This could lead to a new form of worm that, instead
of spreading via networks, could spread by writing
to the memory owned by another VM. This kind of
propagation would be unique to virtualized
environments. Few Threats could be indirectly
related to malware, for example in the deployment
of malware by malicious individuals. Few
vulnerabilities fall into Denial of Service (Threat 5)
when a specific input gets triggered. Malicious
Insiders (Threat 6) is a similar threat, but instead of
being customers the malicious individuals are
instead employees of the cloud providers. Abuse
and Nefarious Use of Cloud Computing (Threat 7)
is possible due to the relative anonymity of cloud
subscription. Malicious organizations could use
cloud space as a platform to launch attacks.
Account Hijacking (Threat 3) is a
common threat throughout the Internet and would
allow malicious individuals to perform similar
actions to threats 1 and 4. Threats 2 and 8 are not
related to malware and are concerned with data
loss, which is a natural occurance in computer
systems, and the opacity that is inherent in the
cloud. Data Loss or Leakage is exacerbated in
virtualised environments because the system as a
whole is more complicated than a single OS
computer system. Unknown Security Profile is in
contrast to in-house servers where the
implementation of data storage and networking is
known. A customer has no guarantee that the
security measures promised by a cloud provider are
actually in place; there is a level of opacity that is
not an issue in alternatives to the cloud.
The below table briefs the level of relevance of
existing threats (2013-Q1)
Threat Description Current
Relevance (%)
Data Breaches 91
Data Loss or Leakage 91
AccountorService Hijacking 87
Insecure Interfaces and APIs 90
Denial of Service 81
Malicious Insiders 88
Abuse and wicked Use of Cloud
Computing
84
Unknown Security Profile 81
Shared Technology Issues 82
Table. 1
TABLE 1 explores the relevance of threats that has
been studied in current quarter. When using
software, especially complex software, there is
always a risk of an improper implementation or
configuration, more so than when using hardware
for the same task. Take for example a simple
server. The remotely exploitable vulnerabilities are
confined to the OS and application software. The
same server implemented as a VM is subject to the
vulnerabilities of the VMM, OS and applications. It
can therefore be assumed that hardware sharing
under the management of software is inherently
less secure than distinctly separate machines.
C. Malware Detection
3. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.762-765
764 | P a g e
Malware detection has been an important issue in
computing since the late ’80s. Since then the
predominant method of malware detection is to
scan a computer system for infection by matching
malware signatures to files on the computer.
Although detection of known samples is extremely
reliable, signature based detection only works for
malware that has been obtained, analyzed and a
suitable signature identified. It has to be understood
that signature based detection can be thwarted by
analysing the malware instructions and identifying
the instructions that comprise the signature. By
altering this specific portion of code it is possible to
evade detection; in effect the process takes a known
sample and converts it into an unknown sample.
Another downside to signature based detection is
the maintenance of the signature database. With the
constant evolution of malware and the polymorphic
nature of many samples it has become necessary to
drop old samples from databases. If this practice
continues malware samples which have already
been identified will become undetectable and will
once again become useful to cyber criminals.
Other malware detection techniques are
available in order to overcome the problems of
obfuscation and polymorphism. Instead of scanning
for matching signatures it is possible to analyze the
behavior of a malware sample and base detection
on observation of running processes. There are a
variety of ways this could be achieved. One
approach is to monitor the process names
themselves. Unfamiliar or uncommon processes
can be assumed to be malicious until further
information can be obtained. Another approach is
to base detection on the behavior of the process
itself. If a process begins executing instructions
that match the behavior of a known malware
sample then that process can be considered
harmful. Similar techniques can be applied to the
monitoring of network activity. If certain addresses
or port numbers, or some other features, are present
in the traffic directed towards or away from the
computer system it can be assumed that malware is
either targeting the system or is already running
within the system.
The downside to both signature and
behavior-based detection is that they occur within
the OS itself. This gives malware the opportunity to
alter the information that is provided to the
detection software by the OS. If, for example, the
security software polls the OS for a list of running
processes it is possible that malware can alter this
list so that the malware process itself is not present
in the list. The detection software will then have no
knowledge of the malware process and the malware
will have escaped detection. This behavior is
usually associated with rootkits, but could be
employed by any malware.
To combat, AntiMalware organization
offers sandboxing products available in the market.
Non-OS processes can be encapsulated in a safe
execution environment that monitors for malware
using both behaviour-based and signature-based
detection. There is, however, no guarantee that
malware has not infected the OS prior to
installation of the detection software, or that
infection could occur due to processes running
outside of the sandbox. As long as the detection
software exists in the same execution environment
as other processes, including malware processes,
there is an opportunity for subversion. A better
approach would be to perform the detection from
outside looking in.
D. Detection in the Cloud
As mentioned in the previous subsection,
detection would be best achieved from outside of
the OS. This is possible in clouds because they are
built on virtualisation which encapsulates each OS
in its own VM. Detection is now possible by
executing detection software in a privileged
domain within the virtualization environment.
There needs to be further step in providing libraries
to create monitoring softwares through VM
introspection.
Detection in the cloud not only enables
introspection, it could also improve the reliability
of statistics based approaches. Behavioural and
anomaly detection techniques are built on statistical
analysis and are subject to a level of uncertainty. In
an isolated computer system this uncertainty cannot
be improved upon because access to additional
information is not possible. Detection at the
hypervisor level, however, can combine the data
from many VMs which has the potential to reduce
uncertainty and false positives in any results.
Although the solutions for malware detection
discussed so far seem promising there is another
security risk that is unique to the cloud. The
compact network topology of clouds coupled with
the likelihood of homogeneous software
deployment could allow rapidly propagating
malware, such as worms, to propagate even faster
and with an increased success rate. This indicates
that coordination across the cloud is an important
consideration. Not only would a certain level of
communication between detection software
CONCLUSION
In this journal we summarized the security
issues facing cloud Computing. It was determined
that as well as conventional attack vectors, which
are present in operating systems, virtualization also
introduces new opportunities for malware writers.
These are due to the sharing of physical resources
through software mechanisms, which if
implemented incorrectly would allow malware to
access the memory in other VMs. This could lead
to new forms of malware that spread in a worm-
4. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.762-765
765 | P a g e
like way by writing to memory instead of spreading
via the network.
REFERENCES
Journal Papers:
[1] Krešimir Popović, Željko Hocenski,
“Cloud computing security issues and
challenges” Proc. MIPRO 2010, May 24-
28, 2010, Opatija, Croatia.
[2] A. Moser, C. Kruegel, and E. Kirda,
“Exploring multiple execution paths for
malware analysis,” in Security and
Privacy, 2007. SP’07. IEEE Symposium
on, 2007, pp. 231–245
[3] Shivlal Mewada, Umesh Kumar Singh,
Pradeep Sharma, “Security Based Model
for Cloud Computing”, IRACST–
International Journal of Computer
Networks and Wireless Communications
(IJCNWC), Vol. 1, No. 1, pp(13-19),
December 2011
Proceedings Papers:
[4] U. Gurav and R. Shaikh, “Virtualization: a
key feature of cloud computing,” in
Proceedings of the International
Conference and Workshop on Emerging
Trends in Technology, 2010, pp. 227–229
[5] A. Dinaburg, P. Royal, M. Sharif, and W.
Lee, “Ether: malware analysis via
hardware virtualization extensions,” in
Proceedings of the 15th ACM conference
on Computer and communications
security, 2008, pp. 51–62W.J. Book,
Modelling design and control of flexible
manipulator arms: A tutorial review, Proc.
29th IEEE Conf. on Decision and Control,
San Francisco, CA, 1990, 500-506.
[6] Meiko Jensen, J¨org Schwenk, Nils
Gruschka, Luigi Lo Iacono “ On
Technical Security Issues in Cloud
Computing” 2009 IEEE International
Conference on Cloud Computing