A study of threat detection systems and techniques in the cloud

Pamela Carvallo; Ana R. Cavalli; Natalia Kushik

doi:10.1007/978-3-319-76687-4_10

A study of threat detection systems and techniques in the cloud

Pamela Carvallo
, Ana R. Cavalli
, Natalia Kushik

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.

Original language	English
Title of host publication	Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers
Editors	Nora Cuppens, Frederic Cuppens, Axel Legay, Jean-Louis Lanet, Joaquin Garcia-Alfaro
Publisher	Springer Verlag
Pages	140-155
Number of pages	16
ISBN (Print)	9783319766867
DOIs	https://doi.org/10.1007/978-3-319-76687-4_10
Publication status	Published - 1 Jan 2018
Externally published	Yes
Event	12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017 - Dinard, France Duration: 19 Sept 2017 → 21 Sept 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10694 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017
Country/Territory	France
City	Dinard
Period	19/09/17 → 21/09/17

Keywords

Cloud computing
Cloud-related threats
Detection systems
Security

Access to Document

10.1007/978-3-319-76687-4_10

Cite this

Carvallo, P., Cavalli, A. R., & Kushik, N. (2018). A study of threat detection systems and techniques in the cloud. In N. Cuppens, F. Cuppens, A. Legay, J.-L. Lanet, & J. Garcia-Alfaro (Eds.), Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers (pp. 140-155). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10694 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-76687-4_10

Carvallo, Pamela ; Cavalli, Ana R. ; Kushik, Natalia. / A study of threat detection systems and techniques in the cloud. Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. editor / Nora Cuppens ; Frederic Cuppens ; Axel Legay ; Jean-Louis Lanet ; Joaquin Garcia-Alfaro. Springer Verlag, 2018. pp. 140-155 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{035c90d7da1348d097f3e87f2ed57c8d,

title = "A study of threat detection systems and techniques in the cloud",

abstract = "This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.",

keywords = "Cloud computing, Cloud-related threats, Detection systems, Security",

author = "Pamela Carvallo and Cavalli, \{Ana R.\} and Natalia Kushik",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG, part of Springer Nature 2018.; 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017 ; Conference date: 19-09-2017 Through 21-09-2017",

year = "2018",

month = jan,

day = "1",

doi = "10.1007/978-3-319-76687-4\_10",

language = "English",

isbn = "9783319766867",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "140--155",

editor = "Nora Cuppens and Frederic Cuppens and Axel Legay and Jean-Louis Lanet and Joaquin Garcia-Alfaro",

booktitle = "Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers",

}

Carvallo, P, Cavalli, AR & Kushik, N 2018, A study of threat detection systems and techniques in the cloud. in N Cuppens, F Cuppens, A Legay, J-L Lanet & J Garcia-Alfaro (eds), Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10694 LNCS, Springer Verlag, pp. 140-155, 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017, Dinard, France, 19/09/17. https://doi.org/10.1007/978-3-319-76687-4_10

A study of threat detection systems and techniques in the cloud. / Carvallo, Pamela; Cavalli, Ana R.; Kushik, Natalia.
Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. ed. / Nora Cuppens; Frederic Cuppens; Axel Legay; Jean-Louis Lanet; Joaquin Garcia-Alfaro. Springer Verlag, 2018. p. 140-155 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10694 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A study of threat detection systems and techniques in the cloud

AU - Carvallo, Pamela

AU - Cavalli, Ana R.

AU - Kushik, Natalia

N1 - Publisher Copyright: © Springer International Publishing AG, part of Springer Nature 2018.

PY - 2018/1/1

Y1 - 2018/1/1

N2 - This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.

AB - This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.

KW - Cloud computing

KW - Cloud-related threats

KW - Detection systems

KW - Security

U2 - 10.1007/978-3-319-76687-4_10

DO - 10.1007/978-3-319-76687-4_10

M3 - Conference contribution

AN - SCOPUS:85043989152

SN - 9783319766867

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 140

EP - 155

BT - Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers

A2 - Cuppens, Nora

A2 - Cuppens, Frederic

A2 - Legay, Axel

A2 - Lanet, Jean-Louis

A2 - Garcia-Alfaro, Joaquin

PB - Springer Verlag

T2 - 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017

Y2 - 19 September 2017 through 21 September 2017

ER -

Carvallo P, Cavalli AR, Kushik N. A study of threat detection systems and techniques in the cloud. In Cuppens N, Cuppens F, Legay A, Lanet JL, Garcia-Alfaro J, editors, Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. Springer Verlag. 2018. p. 140-155. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-76687-4_10

A study of threat detection systems and techniques in the cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this