SlideShare a Scribd company logo

Ea33762765

IJERA Editor
IJERA Editor

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

1 of 4
Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 762 | P a g e Focus on Nefarious Behavior threats in Cloud Srinivas Naik*, Rajesh Adepu** *(Department of Computer Science, Princeton College of Engineering, Hyderabad- 501 301) ** (Department of Computer Science, Princeton College of Engineering, Hyderabad – 501 301) ABSTRACT Computing over cloud is emerging into internet space with virtual platform based applications and attracting users with its effortless deployments. This enhanced features of cloud computing has withdrawn attention of intruders and has made prone to threats due to which it has lead to security concerns. As more services migrate to cloud architecture the cloud will become a more appealing target for cyber criminals. This journal discusses current threats to cloud computing as well as summarizing the currently available detection systems for malware in the cloud. Keywords – Cloud threats, Malware, Security, Threat Detection, INTRODUCTION Cloud Computing is emerging as the de facto service model for modern enterprises. Cloud Services such as Apple’s iCloud, and established products, such as Dropbox, have proven that remote storage and seamless access to data across multiple devices are popular features among consumers. In the future we will see an increase in the reliance of cloud computing as more and more consumers move to mobile platforms for their computing needs. Cloud technologies are made possible through the use of virtualization in order to share physical server resources between multiple virtual machines (VMs) and resources as in FIG 1. The advantages of this approach include an increase in the number of clients that can be serviced per physical server and the ability to provide infrastructure as a service (IaaS). Fig 1 Disadvantages include a more complex software stack and a relatively small understanding of security issues. The security issues of regular operating systems (OSs) are well known due to decades of testing and experience in this area. Security breaches now commonly occur at the application level and are less commonly due to a flaw in the OS itself. Exceptions to this are usually due to the inclusion of new features into an OS kernel either to provide new functionality or to support new hardware. Virtualisation is not only subject to the security issues of applications and operating systems, but also introduces new security issues that are not as well understood, such as the sharing of hardware resources between VMs. Clouds themselves are composed of a number of virtualized environments which are networked together. The compact topology of this network and the high probability of relative homogeneity across VMs create an ideal environment for rapid malware propagation. Protecting against malware in the cloud therefore requires a certain level of coordination between virtualized environments if threats are to be reliably detected and dealt with. In this journal we review previous work on malware detection, both conventional and in the presence of virtualization in order to determine the best approach for detection in the cloud. We also argue the benefits of distributing detection throughout the cloud and present a novel approach to coordinating detection across the cloud. Below phases provides background to the research area, specifically: cloud technologies, security in the cloud, malware detection and detection in the cloud. Further phase will focuses on malware detection at the hypervisor level and introduces our work in this area. BACKGROUND A. Cloud Technologies Cloud computing is an umbrella term for services that offer offsite computing and storage. There are three main types of cloud computing: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). Not all of these require virtualisation, SaaS for example could be implemented as a typical client/server service, but virtualisation allows hardware to be better utilised and enables the infrastructure itself to be hired out, as is the case in IaaS.
Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 763 | P a g e There are various implementations of virtualisation, but they areall built on the concept of virtual machines (VMs). The VMs exist as a virtual computer system and each have their own operating system (OS) and applications. The VMs are managed by a virtual machine monitor (VMM), which is sometimes referred to as a hypervisor. Virtualization products such as VM Ware ESXi, Xen Hypervisor, KVM Hypervisor, etc are examples of bare-metal hypervisors. Another form of virtualization exists at application level within an OS, known as hosted hypervisors. Basically referring it as type-I and type-II hypervisors respectively. Type-I hypervisors are focused in this journal due to their use for cloud services. The cloud itself is usually composed of many physical server machines, or hardware nodes. These nodes each have their own VMM hosting some VMs. There are a number of reasons for having multiple hardware nodes, the first being limited resources. It is important not to run too many VMs on a single hardware node because of the limited size of RAM and disk space available. With more than one physical machine it is possible to load balance based on CPU, RAM or network utilisation. Another reason for multiple hardware nodes is redundancy. If a fault is detected on a server the VMs can be migrated to another server before it goes down. This is achieved in the same way as load balancing, but solves a slightly different problem. B. Security in the Cloud Previous work on cloud security has suggested that there are a number of security issues associated with cloud computing. Below are the following threats to cloud computing: Threat 1: Data Breaches Threat 2: Data Loss or Leakage Threat 3: Account or Service Hijacking Threat 4: Insecure Interfaces and APIs Threat 5: Denial of Service Threat 6: Malicious Insiders Threat 7:Abuse and wicked Use of Cloud Computing Threat 8: Unknown Security Profile Threat 9: Shared Technology Issues Of these, threats 3, 4 and 9 are directly related to malware. Account and Service Hijacking can be targeted by XSS malware for example to perform unauthorized activities. Insecure Interfaces and APIs would allow malware running on one VM to execute code or access data on another VM. Shared Technology Issues include the sharing of physical memory between multiple VMs. This could lead to a new form of worm that, instead of spreading via networks, could spread by writing to the memory owned by another VM. This kind of propagation would be unique to virtualized environments. Few Threats could be indirectly related to malware, for example in the deployment of malware by malicious individuals. Few vulnerabilities fall into Denial of Service (Threat 5) when a specific input gets triggered. Malicious Insiders (Threat 6) is a similar threat, but instead of being customers the malicious individuals are instead employees of the cloud providers. Abuse and Nefarious Use of Cloud Computing (Threat 7) is possible due to the relative anonymity of cloud subscription. Malicious organizations could use cloud space as a platform to launch attacks. Account Hijacking (Threat 3) is a common threat throughout the Internet and would allow malicious individuals to perform similar actions to threats 1 and 4. Threats 2 and 8 are not related to malware and are concerned with data loss, which is a natural occurance in computer systems, and the opacity that is inherent in the cloud. Data Loss or Leakage is exacerbated in virtualised environments because the system as a whole is more complicated than a single OS computer system. Unknown Security Profile is in contrast to in-house servers where the implementation of data storage and networking is known. A customer has no guarantee that the security measures promised by a cloud provider are actually in place; there is a level of opacity that is not an issue in alternatives to the cloud. The below table briefs the level of relevance of existing threats (2013-Q1) Threat Description Current Relevance (%) Data Breaches 91 Data Loss or Leakage 91 AccountorService Hijacking 87 Insecure Interfaces and APIs 90 Denial of Service 81 Malicious Insiders 88 Abuse and wicked Use of Cloud Computing 84 Unknown Security Profile 81 Shared Technology Issues 82 Table. 1 TABLE 1 explores the relevance of threats that has been studied in current quarter. When using software, especially complex software, there is always a risk of an improper implementation or configuration, more so than when using hardware for the same task. Take for example a simple server. The remotely exploitable vulnerabilities are confined to the OS and application software. The same server implemented as a VM is subject to the vulnerabilities of the VMM, OS and applications. It can therefore be assumed that hardware sharing under the management of software is inherently less secure than distinctly separate machines. C. Malware Detection
Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 764 | P a g e Malware detection has been an important issue in computing since the late ’80s. Since then the predominant method of malware detection is to scan a computer system for infection by matching malware signatures to files on the computer. Although detection of known samples is extremely reliable, signature based detection only works for malware that has been obtained, analyzed and a suitable signature identified. It has to be understood that signature based detection can be thwarted by analysing the malware instructions and identifying the instructions that comprise the signature. By altering this specific portion of code it is possible to evade detection; in effect the process takes a known sample and converts it into an unknown sample. Another downside to signature based detection is the maintenance of the signature database. With the constant evolution of malware and the polymorphic nature of many samples it has become necessary to drop old samples from databases. If this practice continues malware samples which have already been identified will become undetectable and will once again become useful to cyber criminals. Other malware detection techniques are available in order to overcome the problems of obfuscation and polymorphism. Instead of scanning for matching signatures it is possible to analyze the behavior of a malware sample and base detection on observation of running processes. There are a variety of ways this could be achieved. One approach is to monitor the process names themselves. Unfamiliar or uncommon processes can be assumed to be malicious until further information can be obtained. Another approach is to base detection on the behavior of the process itself. If a process begins executing instructions that match the behavior of a known malware sample then that process can be considered harmful. Similar techniques can be applied to the monitoring of network activity. If certain addresses or port numbers, or some other features, are present in the traffic directed towards or away from the computer system it can be assumed that malware is either targeting the system or is already running within the system. The downside to both signature and behavior-based detection is that they occur within the OS itself. This gives malware the opportunity to alter the information that is provided to the detection software by the OS. If, for example, the security software polls the OS for a list of running processes it is possible that malware can alter this list so that the malware process itself is not present in the list. The detection software will then have no knowledge of the malware process and the malware will have escaped detection. This behavior is usually associated with rootkits, but could be employed by any malware. To combat, AntiMalware organization offers sandboxing products available in the market. Non-OS processes can be encapsulated in a safe execution environment that monitors for malware using both behaviour-based and signature-based detection. There is, however, no guarantee that malware has not infected the OS prior to installation of the detection software, or that infection could occur due to processes running outside of the sandbox. As long as the detection software exists in the same execution environment as other processes, including malware processes, there is an opportunity for subversion. A better approach would be to perform the detection from outside looking in. D. Detection in the Cloud As mentioned in the previous subsection, detection would be best achieved from outside of the OS. This is possible in clouds because they are built on virtualisation which encapsulates each OS in its own VM. Detection is now possible by executing detection software in a privileged domain within the virtualization environment. There needs to be further step in providing libraries to create monitoring softwares through VM introspection. Detection in the cloud not only enables introspection, it could also improve the reliability of statistics based approaches. Behavioural and anomaly detection techniques are built on statistical analysis and are subject to a level of uncertainty. In an isolated computer system this uncertainty cannot be improved upon because access to additional information is not possible. Detection at the hypervisor level, however, can combine the data from many VMs which has the potential to reduce uncertainty and false positives in any results. Although the solutions for malware detection discussed so far seem promising there is another security risk that is unique to the cloud. The compact network topology of clouds coupled with the likelihood of homogeneous software deployment could allow rapidly propagating malware, such as worms, to propagate even faster and with an increased success rate. This indicates that coordination across the cloud is an important consideration. Not only would a certain level of communication between detection software CONCLUSION In this journal we summarized the security issues facing cloud Computing. It was determined that as well as conventional attack vectors, which are present in operating systems, virtualization also introduces new opportunities for malware writers. These are due to the sharing of physical resources through software mechanisms, which if implemented incorrectly would allow malware to access the memory in other VMs. This could lead to new forms of malware that spread in a worm-
Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 765 | P a g e like way by writing to memory instead of spreading via the network. REFERENCES Journal Papers: [1] Krešimir Popović, Željko Hocenski, “Cloud computing security issues and challenges” Proc. MIPRO 2010, May 24- 28, 2010, Opatija, Croatia. [2] A. Moser, C. Kruegel, and E. Kirda, “Exploring multiple execution paths for malware analysis,” in Security and Privacy, 2007. SP’07. IEEE Symposium on, 2007, pp. 231–245 [3] Shivlal Mewada, Umesh Kumar Singh, Pradeep Sharma, “Security Based Model for Cloud Computing”, IRACST– International Journal of Computer Networks and Wireless Communications (IJCNWC), Vol. 1, No. 1, pp(13-19), December 2011 Proceedings Papers: [4] U. Gurav and R. Shaikh, “Virtualization: a key feature of cloud computing,” in Proceedings of the International Conference and Workshop on Emerging Trends in Technology, 2010, pp. 227–229 [5] A. Dinaburg, P. Royal, M. Sharif, and W. Lee, “Ether: malware analysis via hardware virtualization extensions,” in Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 51–62W.J. Book, Modelling design and control of flexible manipulator arms: A tutorial review, Proc. 29th IEEE Conf. on Decision and Control, San Francisco, CA, 1990, 500-506. [6] Meiko Jensen, J¨org Schwenk, Nils Gruschka, Luigi Lo Iacono “ On Technical Security Issues in Cloud Computing” 2009 IEEE International Conference on Cloud Computing

Recommended

IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET Journal
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Editor IJCATR
 
Secure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selectionSecure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selection
Uvaraj Shan
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 

Recommended

IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET Journal
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Editor IJCATR
 
Secure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selectionSecure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selection
Uvaraj Shan
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
IRJET Journal
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
ijaprr_editor
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
IJTET Journal
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
ahmad abdelhafeez
 
Cloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsCloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsAccenture
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
Deenuji Loganathan
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
swet4
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
IAEME Publication
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeTUESDAY Business Network
 
A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...
ijwmn
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Private Cloud
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET Journal
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
IJNSA Journal
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
theijes
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
Bh33345348
Bh33345348Bh33345348
Bh33345348
IJERA Editor
 
Dq33705710
Dq33705710Dq33705710
Dq33705710
IJERA Editor
 
Fk33964970
Fk33964970Fk33964970
Fk33964970
IJERA Editor
 
Ev33889894
Ev33889894Ev33889894
Ev33889894
IJERA Editor
 

More Related Content

What's hot

Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
IRJET Journal
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
ijaprr_editor
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
IJTET Journal
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
ahmad abdelhafeez
 
Cloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsCloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsAccenture
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
Deenuji Loganathan
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
swet4
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
IAEME Publication
 
A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...
ijwmn
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Private Cloud
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET Journal
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
IJNSA Journal
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
theijes
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 

What's hot (18)

Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Cloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsCloud servers-new-risk-considerations
Cloud servers-new-risk-considerations
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...A review of security attacks and intrusion detection schemes in wireless sens...
A review of security attacks and intrusion detection schemes in wireless sens...
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server Datasheet
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud Computing
 
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 

Viewers also liked

Bh33345348
Bh33345348Bh33345348
Bh33345348
IJERA Editor
 
Dq33705710
Dq33705710Dq33705710
Dq33705710
IJERA Editor
 
Fk33964970
Fk33964970Fk33964970
Fk33964970
IJERA Editor
 
Ev33889894
Ev33889894Ev33889894
Ev33889894
IJERA Editor
 
Eu33884888
Eu33884888Eu33884888
Eu33884888
IJERA Editor
 
Eq33857862
Eq33857862Eq33857862
Eq33857862
IJERA Editor
 
Intervencoes do trabalho social
Intervencoes do trabalho socialIntervencoes do trabalho social
Intervencoes do trabalho socialisaias tafulane
 
Ak34224227
Ak34224227Ak34224227
Ak34224227
IJERA Editor
 
Bu34437441
Bu34437441Bu34437441
Bu34437441
IJERA Editor
 
Y34147151
Y34147151Y34147151
Y34147151
IJERA Editor
 
Hd3312521256
Hd3312521256Hd3312521256
Hd3312521256
IJERA Editor
 
El33827831
El33827831El33827831
El33827831
IJERA Editor
 
Ed33777782
Ed33777782Ed33777782
Ed33777782
IJERA Editor
 
Gr3311701176
Gr3311701176Gr3311701176
Gr3311701176
IJERA Editor
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217
IJERA Editor
 
Ef33787793
Ef33787793Ef33787793
Ef33787793
IJERA Editor
 

Viewers also liked (20)

Bh33345348
Bh33345348Bh33345348
Bh33345348
 
Dq33705710
Dq33705710Dq33705710
Dq33705710
 
Fk33964970
Fk33964970Fk33964970
Fk33964970
 
Ev33889894
Ev33889894Ev33889894
Ev33889894
 
Eu33884888
Eu33884888Eu33884888
Eu33884888
 
Eq33857862
Eq33857862Eq33857862
Eq33857862
 
Intervencoes do trabalho social
Intervencoes do trabalho socialIntervencoes do trabalho social
Intervencoes do trabalho social
 
Fj3110731078
Fj3110731078Fj3110731078
Fj3110731078
 
Fq3111191124
Fq3111191124Fq3111191124
Fq3111191124
 
Fk3110791084
Fk3110791084Fk3110791084
Fk3110791084
 
He3113871392
He3113871392He3113871392
He3113871392
 
Ak34224227
Ak34224227Ak34224227
Ak34224227
 
Bu34437441
Bu34437441Bu34437441
Bu34437441
 
Y34147151
Y34147151Y34147151
Y34147151
 
Hd3312521256
Hd3312521256Hd3312521256
Hd3312521256
 
El33827831
El33827831El33827831
El33827831
 
Ed33777782
Ed33777782Ed33777782
Ed33777782
 
Gr3311701176
Gr3311701176Gr3311701176
Gr3311701176
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217
 
Ef33787793
Ef33787793Ef33787793
Ef33787793
 

Similar to Ea33762765

A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
mlaij
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutions
IJCNCJournal
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
ijaprr
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudA Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
IOSR Journals
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
Eswar Publications
 
Literature Review: Security on cloud computing
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
Suranga Nisiwasala
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET Journal
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET Journal
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 

Similar to Ea33762765 (20)

A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutions
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
Vertualisation
VertualisationVertualisation
Vertualisation
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudA Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
 
Literature Review: Security on cloud computing
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Project 3
Project 3Project 3
Project 3
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 

Ea33762765

  • 1. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 762 | P a g e Focus on Nefarious Behavior threats in Cloud Srinivas Naik*, Rajesh Adepu** *(Department of Computer Science, Princeton College of Engineering, Hyderabad- 501 301) ** (Department of Computer Science, Princeton College of Engineering, Hyderabad – 501 301) ABSTRACT Computing over cloud is emerging into internet space with virtual platform based applications and attracting users with its effortless deployments. This enhanced features of cloud computing has withdrawn attention of intruders and has made prone to threats due to which it has lead to security concerns. As more services migrate to cloud architecture the cloud will become a more appealing target for cyber criminals. This journal discusses current threats to cloud computing as well as summarizing the currently available detection systems for malware in the cloud. Keywords – Cloud threats, Malware, Security, Threat Detection, INTRODUCTION Cloud Computing is emerging as the de facto service model for modern enterprises. Cloud Services such as Apple’s iCloud, and established products, such as Dropbox, have proven that remote storage and seamless access to data across multiple devices are popular features among consumers. In the future we will see an increase in the reliance of cloud computing as more and more consumers move to mobile platforms for their computing needs. Cloud technologies are made possible through the use of virtualization in order to share physical server resources between multiple virtual machines (VMs) and resources as in FIG 1. The advantages of this approach include an increase in the number of clients that can be serviced per physical server and the ability to provide infrastructure as a service (IaaS). Fig 1 Disadvantages include a more complex software stack and a relatively small understanding of security issues. The security issues of regular operating systems (OSs) are well known due to decades of testing and experience in this area. Security breaches now commonly occur at the application level and are less commonly due to a flaw in the OS itself. Exceptions to this are usually due to the inclusion of new features into an OS kernel either to provide new functionality or to support new hardware. Virtualisation is not only subject to the security issues of applications and operating systems, but also introduces new security issues that are not as well understood, such as the sharing of hardware resources between VMs. Clouds themselves are composed of a number of virtualized environments which are networked together. The compact topology of this network and the high probability of relative homogeneity across VMs create an ideal environment for rapid malware propagation. Protecting against malware in the cloud therefore requires a certain level of coordination between virtualized environments if threats are to be reliably detected and dealt with. In this journal we review previous work on malware detection, both conventional and in the presence of virtualization in order to determine the best approach for detection in the cloud. We also argue the benefits of distributing detection throughout the cloud and present a novel approach to coordinating detection across the cloud. Below phases provides background to the research area, specifically: cloud technologies, security in the cloud, malware detection and detection in the cloud. Further phase will focuses on malware detection at the hypervisor level and introduces our work in this area. BACKGROUND A. Cloud Technologies Cloud computing is an umbrella term for services that offer offsite computing and storage. There are three main types of cloud computing: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). Not all of these require virtualisation, SaaS for example could be implemented as a typical client/server service, but virtualisation allows hardware to be better utilised and enables the infrastructure itself to be hired out, as is the case in IaaS.
  • 2. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 763 | P a g e There are various implementations of virtualisation, but they areall built on the concept of virtual machines (VMs). The VMs exist as a virtual computer system and each have their own operating system (OS) and applications. The VMs are managed by a virtual machine monitor (VMM), which is sometimes referred to as a hypervisor. Virtualization products such as VM Ware ESXi, Xen Hypervisor, KVM Hypervisor, etc are examples of bare-metal hypervisors. Another form of virtualization exists at application level within an OS, known as hosted hypervisors. Basically referring it as type-I and type-II hypervisors respectively. Type-I hypervisors are focused in this journal due to their use for cloud services. The cloud itself is usually composed of many physical server machines, or hardware nodes. These nodes each have their own VMM hosting some VMs. There are a number of reasons for having multiple hardware nodes, the first being limited resources. It is important not to run too many VMs on a single hardware node because of the limited size of RAM and disk space available. With more than one physical machine it is possible to load balance based on CPU, RAM or network utilisation. Another reason for multiple hardware nodes is redundancy. If a fault is detected on a server the VMs can be migrated to another server before it goes down. This is achieved in the same way as load balancing, but solves a slightly different problem. B. Security in the Cloud Previous work on cloud security has suggested that there are a number of security issues associated with cloud computing. Below are the following threats to cloud computing: Threat 1: Data Breaches Threat 2: Data Loss or Leakage Threat 3: Account or Service Hijacking Threat 4: Insecure Interfaces and APIs Threat 5: Denial of Service Threat 6: Malicious Insiders Threat 7:Abuse and wicked Use of Cloud Computing Threat 8: Unknown Security Profile Threat 9: Shared Technology Issues Of these, threats 3, 4 and 9 are directly related to malware. Account and Service Hijacking can be targeted by XSS malware for example to perform unauthorized activities. Insecure Interfaces and APIs would allow malware running on one VM to execute code or access data on another VM. Shared Technology Issues include the sharing of physical memory between multiple VMs. This could lead to a new form of worm that, instead of spreading via networks, could spread by writing to the memory owned by another VM. This kind of propagation would be unique to virtualized environments. Few Threats could be indirectly related to malware, for example in the deployment of malware by malicious individuals. Few vulnerabilities fall into Denial of Service (Threat 5) when a specific input gets triggered. Malicious Insiders (Threat 6) is a similar threat, but instead of being customers the malicious individuals are instead employees of the cloud providers. Abuse and Nefarious Use of Cloud Computing (Threat 7) is possible due to the relative anonymity of cloud subscription. Malicious organizations could use cloud space as a platform to launch attacks. Account Hijacking (Threat 3) is a common threat throughout the Internet and would allow malicious individuals to perform similar actions to threats 1 and 4. Threats 2 and 8 are not related to malware and are concerned with data loss, which is a natural occurance in computer systems, and the opacity that is inherent in the cloud. Data Loss or Leakage is exacerbated in virtualised environments because the system as a whole is more complicated than a single OS computer system. Unknown Security Profile is in contrast to in-house servers where the implementation of data storage and networking is known. A customer has no guarantee that the security measures promised by a cloud provider are actually in place; there is a level of opacity that is not an issue in alternatives to the cloud. The below table briefs the level of relevance of existing threats (2013-Q1) Threat Description Current Relevance (%) Data Breaches 91 Data Loss or Leakage 91 AccountorService Hijacking 87 Insecure Interfaces and APIs 90 Denial of Service 81 Malicious Insiders 88 Abuse and wicked Use of Cloud Computing 84 Unknown Security Profile 81 Shared Technology Issues 82 Table. 1 TABLE 1 explores the relevance of threats that has been studied in current quarter. When using software, especially complex software, there is always a risk of an improper implementation or configuration, more so than when using hardware for the same task. Take for example a simple server. The remotely exploitable vulnerabilities are confined to the OS and application software. The same server implemented as a VM is subject to the vulnerabilities of the VMM, OS and applications. It can therefore be assumed that hardware sharing under the management of software is inherently less secure than distinctly separate machines. C. Malware Detection
  • 3. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 764 | P a g e Malware detection has been an important issue in computing since the late ’80s. Since then the predominant method of malware detection is to scan a computer system for infection by matching malware signatures to files on the computer. Although detection of known samples is extremely reliable, signature based detection only works for malware that has been obtained, analyzed and a suitable signature identified. It has to be understood that signature based detection can be thwarted by analysing the malware instructions and identifying the instructions that comprise the signature. By altering this specific portion of code it is possible to evade detection; in effect the process takes a known sample and converts it into an unknown sample. Another downside to signature based detection is the maintenance of the signature database. With the constant evolution of malware and the polymorphic nature of many samples it has become necessary to drop old samples from databases. If this practice continues malware samples which have already been identified will become undetectable and will once again become useful to cyber criminals. Other malware detection techniques are available in order to overcome the problems of obfuscation and polymorphism. Instead of scanning for matching signatures it is possible to analyze the behavior of a malware sample and base detection on observation of running processes. There are a variety of ways this could be achieved. One approach is to monitor the process names themselves. Unfamiliar or uncommon processes can be assumed to be malicious until further information can be obtained. Another approach is to base detection on the behavior of the process itself. If a process begins executing instructions that match the behavior of a known malware sample then that process can be considered harmful. Similar techniques can be applied to the monitoring of network activity. If certain addresses or port numbers, or some other features, are present in the traffic directed towards or away from the computer system it can be assumed that malware is either targeting the system or is already running within the system. The downside to both signature and behavior-based detection is that they occur within the OS itself. This gives malware the opportunity to alter the information that is provided to the detection software by the OS. If, for example, the security software polls the OS for a list of running processes it is possible that malware can alter this list so that the malware process itself is not present in the list. The detection software will then have no knowledge of the malware process and the malware will have escaped detection. This behavior is usually associated with rootkits, but could be employed by any malware. To combat, AntiMalware organization offers sandboxing products available in the market. Non-OS processes can be encapsulated in a safe execution environment that monitors for malware using both behaviour-based and signature-based detection. There is, however, no guarantee that malware has not infected the OS prior to installation of the detection software, or that infection could occur due to processes running outside of the sandbox. As long as the detection software exists in the same execution environment as other processes, including malware processes, there is an opportunity for subversion. A better approach would be to perform the detection from outside looking in. D. Detection in the Cloud As mentioned in the previous subsection, detection would be best achieved from outside of the OS. This is possible in clouds because they are built on virtualisation which encapsulates each OS in its own VM. Detection is now possible by executing detection software in a privileged domain within the virtualization environment. There needs to be further step in providing libraries to create monitoring softwares through VM introspection. Detection in the cloud not only enables introspection, it could also improve the reliability of statistics based approaches. Behavioural and anomaly detection techniques are built on statistical analysis and are subject to a level of uncertainty. In an isolated computer system this uncertainty cannot be improved upon because access to additional information is not possible. Detection at the hypervisor level, however, can combine the data from many VMs which has the potential to reduce uncertainty and false positives in any results. Although the solutions for malware detection discussed so far seem promising there is another security risk that is unique to the cloud. The compact network topology of clouds coupled with the likelihood of homogeneous software deployment could allow rapidly propagating malware, such as worms, to propagate even faster and with an increased success rate. This indicates that coordination across the cloud is an important consideration. Not only would a certain level of communication between detection software CONCLUSION In this journal we summarized the security issues facing cloud Computing. It was determined that as well as conventional attack vectors, which are present in operating systems, virtualization also introduces new opportunities for malware writers. These are due to the sharing of physical resources through software mechanisms, which if implemented incorrectly would allow malware to access the memory in other VMs. This could lead to new forms of malware that spread in a worm-
  • 4. Srinivas Naik, Rajesh Adepu / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 3, May-Jun 2013, pp.762-765 765 | P a g e like way by writing to memory instead of spreading via the network. REFERENCES Journal Papers: [1] Krešimir Popović, Željko Hocenski, “Cloud computing security issues and challenges” Proc. MIPRO 2010, May 24- 28, 2010, Opatija, Croatia. [2] A. Moser, C. Kruegel, and E. Kirda, “Exploring multiple execution paths for malware analysis,” in Security and Privacy, 2007. SP’07. IEEE Symposium on, 2007, pp. 231–245 [3] Shivlal Mewada, Umesh Kumar Singh, Pradeep Sharma, “Security Based Model for Cloud Computing”, IRACST– International Journal of Computer Networks and Wireless Communications (IJCNWC), Vol. 1, No. 1, pp(13-19), December 2011 Proceedings Papers: [4] U. Gurav and R. Shaikh, “Virtualization: a key feature of cloud computing,” in Proceedings of the International Conference and Workshop on Emerging Trends in Technology, 2010, pp. 227–229 [5] A. Dinaburg, P. Royal, M. Sharif, and W. Lee, “Ether: malware analysis via hardware virtualization extensions,” in Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 51–62W.J. Book, Modelling design and control of flexible manipulator arms: A tutorial review, Proc. 29th IEEE Conf. on Decision and Control, San Francisco, CA, 1990, 500-506. [6] Meiko Jensen, J¨org Schwenk, Nils Gruschka, Luigi Lo Iacono “ On Technical Security Issues in Cloud Computing” 2009 IEEE International Conference on Cloud Computing