Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques
Journal Title: Acadlore Transactions on AI and Machine Learning - Year 2024, Vol 3, Issue 2
Abstract
Advancements in information technology have significantly enhanced productivity and efficiency through the adoption of cloud computing, yet this adoption has also introduced a spectrum of security threats. Effective cybersecurity mitigation strategies are imperative to minimize the impact on cloud infrastructure and ensure reliability. This study seeks to categorize and assess the risk levels of cybersecurity threats in cloud computing environments, providing a comprehensive characterization based on eleven major causes, including natural disasters, loss of encryption keys, unauthorized login access, and others. Using fuzzy set theory to analyze uncertainties and model threats, threats were identified, prioritized, and categorized according to their impact on cloud infrastructure. A high level of data loss was revealed in five key features, such as encryption key compromise and unauthorized login access, while a lower impact was observed in unknown cloud storage and exposure to sensitive data. Seven threat features, including encryption key loss and operating system failure, were found to significantly contribute to data breaches. In contrast, others like virtual machine sharing and impersonation, exhibited lower risk levels. A comparative analysis of threat mitigation techniques determined Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE) as the most effective methodology with a score of 59, followed by Quality Threat Modeling Methodology (QTMM) (57), Common Vulnerability Scoring System (CVSS) (51), Process for Attack Simulation and Threat Analysis (PASTA) (50), and Persona non-Grata (PnG) (47). Attack Tree and Hierarchical Threat Modeling Methodology (HTMM) each achieved 46, while Linkability, Identifiablility, Nonrepudiation, Detectability, Disclosure of Information, Unawareness and Noncompliance (LINDDUN) scored 45. These findings underscore the value of fuzzy set theory in tandem with threat modeling to categorize and assess cybersecurity risks in cloud computing. STRIDE is recommended as an effective modeling technique for cloud environments. This comprehensive analysis provides critical insights for organizations and security experts, empowering them to proactively address recurring threats and minimize disruptions to daily operations.
Authors and Affiliations
Oludele Awodele,Chibueze Ogbonna,Emmanuel O. Ogu,Johnson O. Hinmikaiye,Jide E. T. Akinsola
Keywords
Related Articles
- EP ID EP740742
- DOI -
- Views 62
- Downloads 0
Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques
Advancements in information technology have significantly enhanced productivity and efficiency through the adoption of cloud computing, yet this adoption has also introduced a spectrum of security threats. Effective cybe...
Liver Lesion Segmentation Using Deep Learning Models
An estimated 9.6 million deaths, or one in every six deaths, were attributed to cancer in 2018, making it the second highest cause of death worldwide. Men are more likely to develop lung, prostate, colorectal, stomach, a...
Enhanced Real-Time Facial Expression Recognition Using Deep Learning
In the realm of facial expression recognition (FER), the identification and classification of seven universal emotional states, surprise, disgust, fear, happiness, neutrality, anger, and contempt, are of paramount import...
Advanced Tanning Detection Through Image Processing and Computer Vision
This study introduces an advanced approach to the automated detection of skin tanning, leveraging image processing and computer vision techniques to accurately assess tanning levels. A method was proposed in which skin t...
Enhanced Named Entity Recognition Based on Multi-Feature Fusion Using Dual Graph Neural Networks
Named Entity Recognition (NER), a pivotal task in information extraction, is aimed at identifying named entities of various types within text. Traditional NER methods, however, often fall short in providing sufficient se...