Int J Syst Assur Eng Manag
https://doi.org/10.1007/s13198-025-02705-8
ORIGINAL ARTICLE
Cloud computing security assurance modelling through risk
analysis using machine learning
Abhishek Sharma1 · Umesh Kumar Singh2
Received: 31 December 2021 / Revised: 16 February 2023 / Accepted: 31 December 2024
© The Author(s) under exclusive licence to The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and
The Division of Operation and Maintenance, Lulea University of Technology, Sweden 2025
Abstract The concept of Cloud Computing has exploded
in popularity, and the reason for this is the cost-effective
transmission, storage, and powerful computation it offers.
The objective is to provide end-users with remote stor-
age and data analysis capabilities using shared computing
resources, lowering an individual’s total cost. Consumers,
on the other hand, are still hesitant to use this technology
due to security and privacy concerns. In this work a thor-
ough overview of the various Cloud attacks and security
challenges is presented and security assurance modelling
is done through risk analysis using machine learning. In
order to analyze the security risk in terms of threats and
attacks for cloud computing environments, the most recent
dataset (ISOT Cloud Intrusion Dataset) is used for intrusion
detection under cloud computing environments. The meth-
odology involves the implementation of multiple supervised
machine learning algorithms like support vector machine
(SVM), random forest (RF), logistic regression (LR), Naïve
Bayes (NB), Artificial Neural Network (ANN), K-nearest
Neighbor (kNN) to identify & classify intrusions for cloud
environment. As a result, accuracy of the proposed SVM
model is evaluated as 99.2%. The performance metrics of
various machine learning implementation models are also
compared & investigated using parameters like accuracy,
AUC, F1, precision, and recall. The results are represented
as confusion matrices. The outcome of this work will further
* Abhishek Sharma
[email protected]
Umesh Kumar Singh
[email protected]
1
Shri Vaishnav Vidyapeeth Vishwavidyalaya, Indore, India
2
Vikram University, Ujjain, Ujjain, India
help the network security administrator to mitigate the real
time attacks under cloud computing environments.
Keywords Cloud computing (CC) · Cloud attacks ·
Cloud security · Machine learning · Intrusion detection
system (IDS) · Cyber attacks · Cloud security assurance
1 Introduction
One of the primary motivations for cloud computing is
the usage of current-generation Internet-based technology.
Cloud computing, according to the National Institute of
Standards and Technology (NIST) (Mell & Grance 2011),
provides on-demand, convenient, ubiquitous, and reliable
network access to large configured shareable computing
resources that can be easily managed and utilized with
minimal effort and interaction with cloud service providers
(Nister & Stewenius 2006). It’s a cutting-edge information
system technique that provides dynamically shared resources
through the Internet while also generating revenue (Kim
2013).
Cloud computing is inspired by the Pay As You Go
(PYAG) concept, in which you only pay for the services
you use (Subashini & Kavitha 2011). One of the most nota-
ble benefits of the PAYG approach is that we can reduce our
usage by delivering specific assets as needed. Clients can
customize the operating system, memory, CPU, networking,
and access control to meet their own requirements. Assets
are delivered at the client’s or end-request user’s (Ku & Chiu
2013). Individual users as well as industry benefit greatly
from cloud computing, which has attracted the attention of
researchers (Fotiou et al. 2015).
The cloud services defined by XaaS and X = [S, P, I]
and their use of internet task execution. Cloud enables the
Vol.:(0123456789)

resource sharing option to increase execution time and
service availability (Gill et al., 2019). Cloud computing
addresses resource scarcity concerns by delivering a vari-
ety of services tailored to the needs of clients (Buyya et al.
2010), (Villegas et al. 2012) at multiple levels, such as Infra-
structure as a Service (IaaS), Platform as a Service (PaaS),
and Software as a Service (SaaS).
Different applications are delivered over the cloud with-
out having to be installed on the client’s machine. It allows
developers and application designers to create applications
without having to purchase a server. It also provides vir-
tual instances of the actual hardware resources. All of these
cloud services have the potential to reduce costs and pro-
cessing power (Bermbach 2017), but they are all subject to
security threats. Data breach is one of the most serious prob-
lems that a cooperative server can cause for both the tenant
and the cloud service provider. Personal information (social
security numbers, personal messages, credit card informa-
tion, and addresses) as well as commercial information could
be taken. In the existing scenario, the cloud consumer, which
could be a service or data owner, must totally depend on the
service provider for information security and privacy (Basu
et al. 2018). Users lose control of their data when it is kept
on a cloud server, which leads to problems like data breaches
(Mather et al. 2009).
Security is the primary concern of the cloud computing
environment, and hence the security framework will guide
both the cloud consumer as well as Cloud Service Provider
about the clear perimeter of individuals and their shared
responsibility at each level. The cloud actors are able to
simulate the proposed SRM based Cloud Computing secu-
rity framework either in there in-house or external cloud
environment for evaluation of the security parameters and
compliance (Singh & Sharma, 2021). Identity management
of cloud users is one of numerous challenges with cloud
computing, including cloud user administration, multi-ten-
dency support, and application security (Karthiban & Smys
2018). The major goal is to bring attention to the assurance
concerns that are threatening cloud computing’s expansion.
As a result, the aim of this research is to develop a taxonomy
of the security concerns that cloud environments face. This
taxonomy is based on the identification of various security
vulnerabilities at various levels, as well as viable mitigation
approaches for cloud applications security assurance.
As a service provider is accountable for accessibility
and availability of various services, cost of maintenance
entangled with it is negligible and clients remain free from
management and maintenance issues of resources at pro-
vider’s end. Because of these characteristics, Cloud Com-
puting came to be called simply IT on demand or utility
computing. A main significant feature of Cloud Comput-
ing is its Scalability and is attained via virtualization of
Int J Syst Assur Eng Manag
their servers (Sharma & Singh 2021a, 2021b). Authors
give a specific section on reliability and risk of complex
systems in (Misra & Verma, 2011), which is an attempt
to convey the state-of-the-art on new capabilities, meth-
odologies, implementations, strategies, and surveys per-
taining to particular areas of reliability and risk analy-
sis and management. The authors (Kansal et al., 2019)
describe how to filter the most commonly seen vulner-
ability type/class using a multi-criteria decision-making
approach called analytic network process, which involves
dependency among many criteria and input from various
options. The concept of an automated deployment method
for computer program applications based on cloud com-
puting is described in (Zhai et al., 2021). Computer serv-
ers typically reserve adequate resources for the highest
load in order to meet potential load situations, resulting
in a significant reduction in resource use. Simultaneously,
the server load will be tracked in real time. In (Jaiswal
& Gupta 2017), the authors provide a plan that detects
and addresses the system’s security vulnerabilities. It was
also suggested that potential risks to the cloud system be
identified first (Sharme et al, 2023), (Alzubi et al 2023),
and then algorithms implemented by existing systems be
assessed by calculating the security index to see if they can
protect the system from the dangers indicated.
Complex methods rely on the convergence of physi-
cal and cyber or software components are known as CPSs.
CPS provides a diverse set of services. The number of CPS
deployed is steadily rising, posing a multitude of secu-
rity and safety concerns. The concept and architecture of
Cyber Physical Systems, explain the security objectives
and difficulties of Cyber Physical Systems, and examine
the security risks and assaults of 3 levels of CPSs in this
work (Sharma & Singh, 2022; Kumar & Vajpayee, 2016).
Cloud Computing is prone to manifold security threats
varying from network level threats to application-level
threats. Cloud network security brings out the taxonomy
of various types of cloud attacks that have occurred in the
recent past, and it also lists out the successfully imple-
mented solutions to mitigate the risks (Sharma & Singh
2021c, 2022).
Here in this work introduction section includes the
cloud computing issues and challenges. The second sec-
tion introduces the cloud computing security attacks which
also includes the application level attacks, traditional
attacks, wrapping attack and virtual machine (VM) based
attacks. The third section represents the literature review.
The force action includes the proposed methodology
which starts with the experimental setup then the data sets
used attack scenarios and followed by the implementation
methodology. Within the fifth section the result analysis
is done through various graphs and tables followed by the
conclusion in the 6th section.
Int J Syst Assur Eng Manag
2 Cloud computing security attacks
A cloud computing attack is a malicious operation aimed
at causing harm to the cloud’s resources. Many researchers
have explored and investigated security problems (Lombardi
and Pietro 2011) and have provided a full description of
secure cloud infrastructure. This section discusses the basic
security attacks specified in taxonomy, as well as the avail-
able mitigation measures.
2.1 Network level attacks
The machines that are operating within a cloud platform are
connected to the cloud platforms outside platform via a net-
work. Over the network, an intruder might assault a system,
thereby weakening cloud-based services and compromising
data privacy. The following sections explain network-level
attacks.
2.1.1 Scanning of port
On the server side, a port might be investigated to check
the status of services running on the target system. For
port scanning, the network on which the target machine
is located must be accessible. Port scanning is a technique
for exposing target computer flaws that lead to denial-of-
service attacks (Riquet, Grimaud, and Hauspie, 2012). To
prevent this attack, a firewall and an intrusion prevention
system (IPS) are utilized. The affected and exposed ports are
actively detected and controlled by the firewall (Scarfone &
Mell, 2007). Before the IPS can get a complete map of the
network, it detects ports and shuts them down.
2.1.2 Replay attack
A legitimate data transmission is maliciously delayed or
repeated in this attack. The attacker saves and redirects old
messages, then sends this message to one of the participants
in order to get access in the future. By sending commu-
nications to an old tenant, the attacker acquires access to
unlawful resources. To mitigate this attack (Khan and Salah,
2018), session tokens, timestamps, denying concurrent
logins, and restricting the session period were employed.
2.1.3 BGP prefix hijacking
An attack on the network in which the Autonomous sys-
tem is given the erroneous IP address. Malicious insiders
gain access to the undetected IP address as a result. A faulty
AS broadcasts inaccurate information about the associated
IPs. Authenticated traffic was routed to an unauthenticated
IP address in this circumstance. As a result, data ends up
in an undesired location. In comparison to cryptographic
approaches, a distributed anomaly detection system pro-
vides equivalent security and has a more acceptable adop-
tion route. In (Karlin et al. 2008), an analogous security
scheme is detailed.
2.1.4 Sniffer attack
Intruders can collect data packets flowing over the network
using a variety of apps. It is possible to read data sent in an
unencrypted format. There is a chance that crucial informa-
tion travelling via the network will be intercepted or traced.
Reusing IP addresses Attack. Sniffer detection platform
based on RTT (round trip time) and ARP (address resolu-
tion protocol), which is used to find a sniffing structure on
the network (Chen et al. 2017).
2.1.5 Botnets
Botnets are characterized as a cybercriminal’s planned inter-
connected virus of an affected computer network without the
user’s knowledge. Botnets are a group of infected comput-
ers (bots) that are controlled remotely via the Command-
and-Control channel (C&C) by a bot-master (machine that
controls the bot network) (Alejandre et al. 2017). They fre-
quently send spam emails, spread malware, and engage in
other cybercrime activities. Bot-masters are discovered by
filtering packets and tracking communication to avoid botnet
attacks (Alejandre et al. 2017; Kourai et al. 2012).
2.1.6 DNS attack
The Domain Name System (DNS) converts the domain
name into an IP address. As an alternative to the original
request, the user could be routed to another malicious cloud.
As a result, the path is diverted through some malicious
sender-receiver link. Such a chosen path may pose a security
risk. Domain Name System Security Extensions (DNSSEC)
is used to mitigate the consequences of DNS attacks.
2.1.7 Reusing IP addresses attack
Other users on the network can reuse and reassign IP
addresses. Even after a user’s address has been used, it stays
in the DNS cache [22]. The privacy of the original client
is violated if this address is utilized by another user due to
reassignment or hacking. As a result, data from the origi-
nal client can be accessed by other clients. To prevent this
attack, the cache of previous ARP addresses is purged.
 Int J Syst Assur Eng Manag

2.2 Application‑level attacks affected system after acquiring all necessary information. To

avoid any sensitive material release, software solutions such
2.2.1 Dictionary attack as Web Vulnerability (WV) Scanner are deployed.

In a dictionary attack, the attacker uses every conceivable

word combination to decode the data that has been success- 2.2.6 CAPTCHA breaking
fully transferred within a network. As a result, the attacker
gains unauthorized access to network data. It can be avoided CAPTCHA was created to protect network resources from
by using an OTP (One-Time Password), which is described being over-exploited and spammed (Sridhar and Smys
in (Jadhav et al. 2016). To prevent these types of attacks, 2016). CAPTCHA could be hacked by spammers using
strong encryption algorithms are used. the audio system and text-to-speech software to defeat the
CAPTCHA test. As a result, an account can be accessed
by an unauthenticated user. As a preventative precaution,
2.2.2 Shared architecture
a secure CAPTCHA framework has been provided based
on the identification of more than one moving object to a
The cloud has a multi-tenant environment and a common
multifarious background.
architecture. When the architecture is shared, the victim’s
application execution path can be traced. Authorization,
access control, and authentication are just a few of the issues
2.2.7 Manipulation of hidden field
that arise in a shared environment. Rapid elasticity and
isolation are important issues in multi tenant environment
Some fields in web pages that are used by developers are
resource accounting (Chen et al. 2011). Its vulnerabilities
hidden. Hidden fields in HTML forms include important
can also be exploited to gain access to a victim’s account
information such as the user ID and pricing, among other
and track their activities. The likelihood of data leaking in
things. The attacker can modify the values of these fields on
a shared architecture can be discovered by examining the
the index page and subsequently post them on the web page
binary code of the program (Doychey et al., 2015).
(Bhadauria, 2012). By implementing proper security checks,
the system can avoid this attack.
2.2.3 Denial of service attack
2.2.8 Distributed DOS attacks
The service provider’s server becomes overwhelmed with
requests, and the service becomes unavailable to author-
The attack comes from a variety of dynamic networks that
ized users. IDS (Vieira et al. 2010) is the most often used
have previously interacted in the form of service attacks in
encounter approach. Firewalls and switches are preventative
denial-of-service attacks. Adversaries gain control of infor-
instruments.
mation streaming by reusing data that had already been sent
across network machines. As a consequence, the attacker
gains control over the volume and type of public usage infor-
2.2.4 Cookie poisoning
mation (Lin et al., 2012). IDS is used to protect the cloud
against DDOS attacks (Bakshi, 2010), (Lua, 2011).
By gaining unauthorized access to the programme, an unau-
thorized user can change or modify the contents of cookies.
2.2.9 Hypervisor oriented attacks
Cookies are used to store information about a user’s identity
and authorizations. Once these are accessible, their content
The hypervisor allows several VMs to be configured on dif-
can be duplicated in order to impersonate an authenticated
ferent physical hosts. The guest system executes malicious
person. This attack can be avoided by using an encryption
code. This guest system tries to set up malicious malware
technique on cookies and cleaning them up on a regular
to seize complete control and disable the host system’s ser-
basis (Gollmann et al., 2008).
vices (Luo et al. 2011). Inter-communication among various
components and monitoring the occurrences of guest Vir-
tual Machines can be used to construct a progressive cloud
2.2.5 Google hacking
defense system (Wu et al. 2010).
Hackers utilize the Google search engine to discover sen-
sitive material and then use that information to get into
user accounts. The hacker next performs the hacking of the
Int J Syst Assur Eng Manag
2.3 Traditional attacks
In taxonomy, this is the third type of attack. There are three
main attacks that can threaten the user while entering the
cloud, as outlined below.
2.3.1 SQL injection attack
The vulnerable code is injected into the SQL code in order
to acquire unauthorized control of the database (Clarke-Salt
et al., 2009) and dynamically detect and extract users. SQL
injection attacks are prevented using a proxy-based infra-
structure (Liu et al. 2009).
2.3.2 Cross site scripting attack
Malicious programs can be included in web page code. The
user inadvertently clicks on the dangerous links. As a result,
an interfering third party acquires access to the customer’s
personal information and is able to hack into their accounts.
By recognizing untrusted information on networks, a blue-
print-based solution has been proposed to lessen reliance on
web browsers (TerLouw et al., 2009).
2.3.3 Man in the middle attack
In this attack, an unauthorized user tries to intrude on a cli-
ent–server conversation in order to inject false information.
The attacker gains access to the data and communications of
both the client and the sender. This attack is only possible if
the attacker can replicate each endpoint of the agreement as
predicted by the genuine end. To prevent these attacks, all
protocols that require some form of authentication at end-
points are utilized (Callegati et al. 2009; Siddiqui et al. 2019,
Dash et al., 1997). For example, authentication sent to either
of two parties using a mutually trusted authority’s certificate.
For attack prevention, many encryption techniques such as
Cain, Dsniff, Ettercap, Airjack, were utilized.
2.4 Wrapping attack
Authentication information for tenants is retained in the
replicating body of the SOAP (Simple Object Access Pro-
tocol) header wrapping attacks. It enables an attacker to
execute malicious code and gain access to Cloud services.
This attack can be mitigated by employing proper signature
techniques and SSL settings.
2.5 VM based attacks
Vulnerabilities in the VM are harmed as a result of such
attacks. This disrupts cloud services and data security. Vari-
ous virtual machines (VMs) cause a variety of dangers to be
present on a system. Furthermore, various virtual machine
management stages could be employed to support large-
scale cloud attacks.
3 Literature review
In (Bamhdi, 2021; Dhanabal, 2015; Abrar, 2020; Idhammad
et al., 2018), the author used GCP to conduct a number
of experiments in order to evaluate the preferred solution
using the CIDDS-001 public dataset. When compared to a
Random Forest classifier, the obtained results are adequate.
The system had a 97 percent accuracy rate, a 0.21 percent
average false positive rate, and a 6.23 s average running
time.
In (Rani et al., 2019), the author presents a review of
IDS based on signature and anomaly detection methodolo-
gies in some other tabular format in order to obtain a clear
understanding of the assaults to be identified, as well as the
benefits and limitations that existing systems face. When a
bulky flow of data packets flows in a cloud environment, the
author (Zaidi 2021) proposes a Network Intrusion Detection
System (NIDS) to recognize intrusions at the front & back-
end. The dataset was designed and evaluated for precision,
recall, accuracy, and model build time in order to find the
optimum machine-learning algorithm for intruder detection,
but the result was below 90%.
The IDS model in (Chen et al. 2020) is built using the
random forest (RF) technique, and the network traffic data
of multiple network levels of each cloud server is collected
using the tcpdump utility and data mining methods. In the
instance of RF, the testing findings reported in the system for
intrusion detection had an accuracy of up to 99.71 percent.
In (Jaber et al., 2020) & (Ghosh et al. 2015), authors con-
ducted experiments using the NSLKDD dataset. The results
acquired utilizing hybrid mechanism (FCM–SVM) related to
performance assessment and comparison analysis reveal that
the suggested method can identify irregularities, although
the effectiveness of accuracy of their suggested technique
was 99.1%.
Various systems for evaluating and detecting DDoS
attacks have lately been deployed. Many of these detection
and sensing jobs are based on feature selection characteris-
tics from a pool of traced IP packets. The recent increase in
the number of DDoS attacks in the application layer of net-
work protocols has sparked debate and piqued the interest of
the research community (Somani et al., 2017). Such research
ideas and concepts can be separated into three categories:
methodologies based on network traffic characteristics,
methods based on puzzles, and tactics based on applica-
tions. DDoS attacks rely on machine learning techniques
to increase the accuracy of false-positive rate detection. A
number of past tasks have been committed to improving

DDoS attack detection and sensing efficiency. In this sec-
tion (Salmen et al. 2015), we’ve summarized a few recent
studies on detecting DDoS attacks.
Fadir Salmen (Liu & Chang et al., 2011) et al. devised
and proposed a community-level digital signature to monitor
flow using two meta-heuristic methods. They demonstrated
improved accuracy by integrating random site visitors into
the detection of DDoS attacks to test the effectiveness of the
designed procedures, but the required model was unable to
discover DOS attacks. Liu et al. (Eskin et al. 2002) used 2
coordinated protectors, Behavior Analyzer and Egress Filter,
to safeguard systems from DDoS cyber-attacks. Counter-
attack strategies implemented provide various services for
every application dependent on the degree of deviation.
A standalone classification based on SVM is utilized to
discover anomalies in (Dantas et al. 2014), where train-
ing data is charted within a specified characteristic space.
Various approaches have been used to mine relevant fea-
tures from a set of data, and then a few classifiers, like
pattern recognition, ML, and statistics, have been trained
using the data set section. Adaptive Selective Verification
(ASV) is a hosted protection solution that protects against
HTTP POST Flooding attacks, according to Dantas Y et al.
(Vijayalakshmi et al. 2012). Because ASV is designed to
prevent DDoS attacks at the network layer, it assumes that
interactions between server and consumer stateless syn-
ack connections are ongoing. However, such attempts are
insufficient as a mechanism for preventing DDoS attacks
at the Application Layer. To protect against DDoS attacks,
many systems involving machine learning and data mining
have been implemented. Alkasassbeh et al. (Salmen et al.
2015)) looked at 27 features in numbers in a recent batch
of data for present DDOS attacks in network layers, which
included (HTTP, SIDDOS) Flood. The work focused on
the relative evaluation of several classifiers used inside a
pool and the calculation of the evaluation matrix for each
method used. This notion encompasses Naive Bayes, MLP,
and machine learning, which are all typical Random For-
est mechanisms. MLPs had the greatest accuracy rate of
98.63 percent out of all these concepts and techniques (Liu
& Chang et al., 2011). The authors (Vijayakumar et al.,
2022) propose the Evolutionary Optimization Algorithm
for Cloud Based Image Retrieval System (EOA-CIRS)
method, whereas the author of (Priscila, 2022) explored
risk-Based access control mechanisms for the Internet of
Vehicles utilizing artificial intelligence.
The authors demonstrate that machine learning-based
intrusion detection systems perform well in contexts of fog
and edge computing (Alzubi et al. 2022a, b). Omar Alzubi
et al. (2022a, b) developed edge concepts including mobile
edge computing (MEC) and fog computing (FC) to address
IoT implementation issues. The authors of (Gheisari et al
Int J Syst Assur Eng Manag
2019) provide the best mathematical model for predicting
the level of stakeholder satisfaction (Q) as part of their
work on software quality prediction, although security
concerns for cloud-specific applications have not yet been
resolved. In order to improve prediction accuracy, the
author of (Jain, Rachna et al., 2019) proposes an ensem-
ble learning technique that uses predictions from earlier
supervised learning algorithms. However, this approach is
only applicable to life insurance datasets; it cannot be used
with real-time datasets in a cloud computing environment.
In addition to network security, researchers have expressed
a strong interest in applying machine learning and deep
learning techniques to other healthcare and medical sec-
tors, including radiography, drug development, cancer
diagnosis, and medical data privacy (Jafar et al., 2022).
4 Proposed methodology
For investigating the security risks in terms of threads
and identification of intrusion during the runtime, an inte-
grated approach is implemented using multiple machine
learning algorithms simultaneously. Before implementa-
tion, it is required to collect the data from the memory
dump and log files and prepare various data sets. Then
the data sets are preprocessed using multiple methods to
prevent under and out fitting. During the preprocessing of
the data set the correlation among the various features are
required to find out so that it will be free from the outliers.
4.1 Experimental setup
The experimental setup is implemented using Jupyter note-
book which is deployed over the Google Cloud. Using this
platform, the algorithm is implemented using python with
various machine learning libraries and packages. Before
implementation of ML algorithms, the ISOT data set is pre-
processed by implementing the various steps. The processed
ISOT data set is then imported and visualized using python
& Jupyter notebook. Due to the large size of the data set,
Google Cloud platform is used here for implementation of
the proposed methodology. Following is the configuration
of Google Cloud virtual machine used as an experimental
setup:
Platform: Google Cloud Platform (GPU based).
Region & Zone: asia-southeast1-a(Singapore).
Machine-Type: n1-standard-8 (8 vCPUs with 30 GB
memory).
CPU platform: Intel-Broadwell.
Disk Size: 100 GB.
OS:Debian.
Environment:Python 3 (with Intel® MKL).
Int J Syst Assur Eng Manag

Table 1  Phase vice monitored packets Details This is critical for the development and evaluation of truthful
Phase No. of days Total packets Benign Malicious
intrusion prototypes for cloud computing by industry and
/ phase observed (logged) research (Aldribi, 2018; Aldribi, 2020). The details of phase
vice monitored packets is represented in Table 1:
1 4 24,519,987 15,306,027 9,213,960
To avoid the problem of overfitting and to eliminate outli-
(62.42%) (37.58%)
ers, the characteristics of 55,379 packets are used as a train-
2 5 12,418,998 9,770,676 2,648,322
(78.68%) (21.32%) ing and testing dataset for machine learning algorithms for
intrusion detection.

Environment version:M73. 4.3 Attack scenarios

Boot & Data disk:100 GB disk.
Extensions:BigQuery, GCS Filebrowser, Vizier.
Shielded VM:Secure Boot not enabled, vTPM enabled,
Integrity Monitoring enabled.
4.2 Datasets
The dataset is about 2.5 TB in size, and it includes typical
operations including comprehensive range of attack vectors.
It was gathered in two stages (phase1 during 2016, Decem-
ber & phase2 during 2018, February) and across many
weeks for VMs and numerous weeks & time intervals for
Hypervisors. The normal or benign data comes from web
apps and administrative responsibilities such as observing
the validity of virtual machines, restarting, refreshing, gen-
erating files, SSHing into the machines, and signing in to a
cloud host. More than 160 genuine customers, comprising
more than 60 end consumers and legitimate traffic created
by 100 robots, generated web traffic by doing activities like
sign up, read-post or comment to blogs, explore different
URLs, and etc. A credential management system for active
accounts is among the major web applications (Aldribi,
2018; Aldribi, 2020).
The ISOT is a collection of data obtained from multiple
cloud layers, such as hypervisors, internetworks & guest-
hosts. It includes information from various formats and from
numerous sources of data, like storage dumps, assets (exam-
ple: CPU) usage log files, process call traces, system’s log
files & internet traffic. It’s big & diversified enough to sup-
port an extensive sort of intrusion data-models, sets of fea-
tures, and analysis models. The objective of ISOT-CID is to
represent a real cloud-based dataset; it is completely pure
but hasn’t been processed, modified, or damaged in any way.
Both application and network layer threats are included in
the ISOT-CID. The attacks are further classified into two
categories based on how and where they originate: inside
or outside the ISOT-cloud environment. Inner attacks come
from a vulnerable instance within the ISOT cloud plat-
form networks and targeting either the inner cloud platform
or the external environment, whereas external attacks origi-
nate from the exterior environment and target the ISOT-
cloud platform. The following are the different types of
attacks that have been carried out represented in Table 2:
4.4 Methodology
The proposed methodology consists of 5 steps. In step-1 data
Collection task is performed and in the second step data is
preprocessed before implementation of the actual algorithm.
The proposed methodology is as shown in Fig. 1:
During the third step the data set is imported within the
experimental setup (Notebook in GCP) using python, Pan-
das & sklearn. During the fourth step the whole data set is
separated into two parts called training pairs, the first part
is training-dataset which contains 75% of the whole dataset
and the second part is testing dataset which contains the rest
of the 25% data set. During the fifth step multiple supervised
machine-learning algorithms and models are implemented
like SVM, random forest, logistic regression, KNN, Naive
Bayes. The proposed methodology used is detailed in fol-
lowing steps:
Step -1: Data Collection
a) Collect Data from log files, memory dump files, and
miscellaneous files.

Table 2  Layer vice types of attack performed on Cloud Platform

Layer / Phase Phase -1 Phase -2

Application Layer HTTP Flood DOS, Dictionary/Brute Force login attacks,
Network Scanning,
Network Layer DNS Amplification DOS, Synflood DOS, UDP Flood DOS,
Probing, Backdoor (reverse shell), Remote-to-Local (R2L),
Network Scanning, Trojan Horse, Unclassified (unsolicited
traffic)
Web Vulnerabilities Scanning, Cross-site scripting (XSS),
SQL injection, Fuzzers, HTTP Flood DOS
Path/directory traversal, DNS Amplification DOS, Network
Scanning, Synflood DOS, UDP Flood DOS, Unclassified
(unsolicited traffic)

Fig. 1  Proposed Methodology
b) Represent the gathered data into csv format.
Result: ISOT-CID data set csv files.
Step -2: Data Preprocessing
a) Digitalize all the features of the dataset using numeric
values.
b) Define & declare the target feature within the proposed
dataset.
c) Fill up the missing parameters of the dataset by finding
‘mode’ of the respective feature.
d) Find the Pearson Correlation coefficient of all the pairs
of features using following expression:
n(Σxy) − (Σx)(Σy)
R= √
(nΣx2 − (Σx)2 )(nΣy2 − (Σy)2 )
  Where R is Pearson correlation coefficient between x
and y, n is number of observations.
e) Identify the features on the basis of correlation threshold
value.
f) Find the outliers and discard them.
Result: Final data set with selected features in csv files.
Step -3: Import & visualize Data Set
a) Import the processed dataset within the experimental
setup built on GCP using Jupyter Notebook.
b) Visualize the finalized digital dataset having no missing
values & outliers.
c) Define & declare target features.
Result: Finalized digital dataset is imported.
Step – 4: Build Training Pair
a) Split the data set into two categories.
b) Training Dataset: 75%.
c) Testing Dataset: 25%.
Result: Data set is ready with training pairs.
Step -5: Implement Proposed ML Algorithms
A) Implementation of Support vector machine.
The Gaussian kernel calculated using a support vector
(SV) is an exponentially declining function in the source
Int J Syst Assur Eng Manag
feature space having highest value at the SV and uniform
decay in all dimensions around the SV, resulting in hyper-
spherical edges of the kernel function. The Gaussian or RBF
kernel is:
( )
||x − y||2
K(x, y) = EXP −
2𝜎 2
Here, ||x–y|| represents the Euclidean distance. The lin-
ear weighted arrangement of the kernel function generated
within a data point and every SV is the SVM classifier hav-
ing Gaussian kernel. The importance of a SV in data point
categorization is tempered by the SV’s global prediction
utility, and K(x,y), the SV’s local influence on prediction at
a specific data point.
b) Implement Random Forest, logistic regression, KNN,
Naive Bayes algorithms of the same dataset.
c) Evaluate all the supervised classification algorithms or
models with respective performance matrices.
Results: Performance Matrix content accuracy, F1, Preci-
sion & recall.
5 Results analysis
As per the methodology used for analyzing the security risk
and attack analysis (through attack vector), the ISOT data set
is preprocessed through correlation coefficient analysis for
selecting the features which positively contribute and hav-
ing relationship with the target feature. The following figure
represents the features selected on the basis of correlation
coefficient and their relationship & respective Heat Map:
In Fig. 2a, blue underline is used to represent the nega-
tive correlation Coefficient value whereas green underline is
used to represent the positive correlation Coefficient value
between the pairs. On the basis of Pearson correlation 10
features are identified including targets for further imple-
mentation. Whereas Fig. 2b represents the respective heat
map of outliers. The following Fig. 3 represent the perfor-
mance of various supervised machine learning algorithms
implemented here on ISOT dataset in terms of confusion
matrix:
Multiple machine learning algorithms or models are
implemented on the preprocessed standard cloud-based data
Int J Syst Assur Eng Manag

Fig. 2  a Correlation of selected feature pairs b Heat Map respective to outliers

set. The comparison of implemented models on the basis The whole experiment and implementation is carried out
of 5 parameters like AUC, CA, precision all, recall & F1 is on the Google cloud platform using GPU based VM. The
performed as presented in the following table: performance of the execution was recorded & is as follows:
Now, it is clear from the above table that the random for-
est, ANN and kNN algorithm has 100% accuracy, precision 1) Training Time: 4.32 s
and other performance parameters. As far as the training 2) CPU utilization: 12.41% (maximum)
time is concerned, the support vector machine (SVM) is hav- 3) Memory utilization:4.63% (maximum)
ing the best performance (4.32 s) among all of them & as 4) Disk Space utilization: 9.58% (maximum)
compared to previous implementation (Liu & Chang et al., 5) Disk Throughput: 1.66 MB/S
2011). As compared to the previous implemented algorithms 6) Model execution Parallelism: Yes
which was having the accuracy rate of 97% (Liu & Chang
et al., 2011) for RF, less than 90% (Dantas et al. 2014) for
RF, 99.1% for FCM–SVM (Patel et al. 2013), 98.63% for
Naive Bayes & ANN [(Lua, 2011), the proposed method is 6 Conclusion
having better performance with respect to all the five param-
eters represented in Table 3.The following figure 4 represent The cloud paradigm has changed the IT sector. For busi-
ROC curve and Cumulative gains (Lift Curve with Convex nesses and organizations, it offers a variety of advan-
hull) of implemented models: tages. Even while the cloud offers many benefits, it’s still
 Int J Syst Assur Eng Manag

Fig. 3  Confusion Matrices of Supervised ML Algorithms / Model on ISOT-CID Dataset

Table 3  Evaluation of S. No Algorithm / model Area under Classification Precision Recall F1

Supervised ML algorithms ROC csurve accuracy (CA)
/ Model on the basis of (AUC)
Performance matrix
1 Support Vector machine (SVM) 1.000 0.992 0.992 0.992 0.992
2 Random Forest 1.000 1.000 1.000 1.000 1.000
3 Naive Bayes 0.948 0.846 0.846 0.846 0.846
4 Logistic Regression 0.991 0.896 0.900 0.896 0.897
5 Artificial Neural Network (ANN) 1.000 1.000 1.000 1.000 1.000
6 K-nearest Neighbour (kNN) 1.000 1.000 1.000 1.000 1.000

security vulnerable. Therefore, one of the biggest obstacles
to adopting the cloud is security. Customers and vendors
are aware of security problems and assaults. The adoption
of cloud computing is being hampered by a number of
problems, threats, and security vulnerabilities that have
been shown by this research. As a result of the special
characteristics of the cloud, security problems with virtu-
alization, resource pooling, and sharing arise. According
to provider security concerns, a variety of cloud security
problems and assaults are analyzed. (Figure 4)
The work presented in this paper can help better under-
stand the various threats and security issues connected to
Cloud Computing and used to design countermeasures to
an existing set of threats. In this work, the intrusion detec-
tion was performed using the most recent ISOT-CID data-
set. The dataset was preprocessed by choosing 10 attributes
based on their correlation & significance. To detect and
categorize intrusions in a cloud environment, the meth-
odology utilizes a variety of supervised machine learning
algorithms abstracted also including support vector machine
(SVM), random forest (RF), logistic regression (LR), Naive
Bayes (NB), artificial neural network (ANN), and K-nearest
Neighbor (kNN). Training and testing of data were carried
out using various supervised ML algorithms or Models in
which multiple attacks variations are involved were detected
& analysis as a risk. The algorithms & models could detect
attack with 99.2% accuracy in case of SVM and with 100%
in case of Random forest, ANN & kNN. Thus, SVM can be
used effectively to detect intrusion in real-time networks.
Various machine learning algorithms can also be applied in
parallel for sensing and detecting attack, however amongst
these SVM, Naive Bayes, ensemble methods, logistic regres-
sion algorithm over Machine learning had proved to produce
efficient outcome.
As a future work multiple classification algorithms &
models can be implemented as an integrated approach at real
time, to perform zero-day protection. It can be further useful
for the taxonomy development of attacks. Due to successful
Int J Syst Assur Eng Manag

Fig. 4  a ROC Curve of implemented model b Cumulative gains (Lift Curve with Convex hull) of supervised model implemented

identification & classification of attacks as a risk, it will
assist & help the Cloud security administrator for prioritiza-
tion & mitigation plan development.
Funding They have no known competing financial interests or per-
sonal relationships that could have appeared to influence the work
reported in this paper. This research did not receive any specific grant
from funding agencies in the public, commercial, or not-for-profit
sectors.

Declarations
Conflict of interest The authors declare that: The submitted work
is original and is not published elsewhere in any form or language.
It has not been published elsewhere and that it has not been submit-
ted simultaneously for publication elsewhere. We have no conflicts of
interest to disclose.
References
Abdulaziz Aldribi IT, Belaid Moa ON (2020) Hypervisor-based cloud
intrusion detection through online multivariate statistical change
tracking Computers & Security. Elsevier, p 88
Abrar I, Ayub Z, Masoodi F, &Bamhdi AM (2020). A machine learning
approach for intrusion detection system on NSL-KDD dataset.
Proceedings of the—International Conference on Smart Electron-
ics and Communication, ICOSEC 2020 (pp. 919–924). https://d​ oi.​
org/​10.​1109/​ICOSE​C49089.​2020.​92152​32
Aldribi A, Traore I, & Moa B. (2018). Data sources and datasets for
cloud intrusion detection modeling and evaluation. Studies in Big
Data, 333–366. https://​doi.​org/​10.​1007/​978-3-​319-​73676-1_​13.
Mishra B, Das H, Dehuri S, &Jagadev A. Cloud computing for
optimization: Foundations, applications, and challenges. Studies
in Big Data, 39: 333–366. Springer.
Alejandre FV, Cortés NC, & Anaya EA (2017). Feature selection to
detect botnets using machine learning algorithms. In Electronics,
communications and computers (CONIELECOMP) International
Conference on, 2017 (pp. 1–7).
Alzubi OA, Alzubi JA, Alazab M, Alrabea A, Awajan A, Qiqieh I
(2022a) Optimized machine learning-based intrusion detection
system for fog and edge computing environment. Electronics
11(19):3007. https://​doi.​org/​10.​3390/​elect​ronic​s1119​3007
Alzubi OA, Qiqieh I, Alzubi JA (2022) Fusion of deep learning
based cyberattack detection and classification model for intel-
ligent systems. Cluster Comput J. https:// ​ d oi. ​ o rg/ ​ 1 0. ​ 1 007/​
s10586-​022-​03686-0
Alzubi JA, Alzubi OA, Singh A, Ramachandran M (2023) Cloud-IIoT-
based electronic health record privacy-preserving by CNN and
blockchain-enabled federated learning. IEEE Trans Industr Inf
19(1):1080–1087. https://​doi.​org/​10.​1109/​TII.​2022.​31891​70
Bakshi A, &Dujodwala YB (2010). Securing cloud from ddos attacks
using intrusion detection system in virtual machine. In Communi-
cation Software and Networks. ICCSN’10. Second International
Conference on, 2010 (pp. 260–264).
Bamhdi AM, Abrar I, Masoodi F (2021) An ensemble based approach
for effective intrusion detection using majority voting. TELKOM-
NIKA (Telecommun Comput Electron Control) 19(2):664. https://​
doi.​org/​10.​12928/​telko​mnika.​v19i2.​18325
Basu, S. et al. (2018). Cloud computing security challenges and solu-
tions-a survey, in 2018 IEEE8th Annual Computing and Com-
munication Workshop and Conference (CCWC) (pp. 347–356).
Bermbach D (2017) Quality of cloud services: expect the unexpected.
IEEE Internet Comput 21(1):68–72. https://d​ oi.o​ rg/1​ 0.1​ 109/M ​ IC.​
2017.1
Bhadauria R, Sanyal S (2012) Survey on security issues in cloud com-
puting and associated mitigation techniques. Int J Comput Appl
47(18):47–66. https://​doi.​org/​10.​5120/​7292-​0578
Buyya R, Broberg J, Goscinski AM (2010) Cloud computing: Princi-
ples and paradigms, 87. John Wiley & Sons
Callegati F, Cerroni W, Ramilli M (2009) Man-in-theMiddle attack to
the HTTPS protocol. IEEE Secur Priv 7(1):78–81
Chen X, Chen S, Zeng X, Zheng X, Zhang Y, Rong C (2017) Frame-
work for context-aware computation offloading in mobile cloud
Int J Syst Assur Eng Manag
computing. J Cloud Comput 6(1):1. https://​doi.​org/​10.​1186/​
s13677-​016-​0071-y
Chen Y, Li X, & Chen F (2011). Overview and analysis of cloud com-
puting research and application. In Ebusiness and E-government
(ICEE) International Conference on, 2011 (pp. 1–4).
Chen L, Xian M, Liu J, & Wang H (2020). Intrusion detection sys-
tem in cloud computing environmentInternational Conference on
Computer Communication and Network Security (CCNS), 2020
(pp. 131–135). https://​doi.​org/​10.​1109/​CCNS5​0731.​2020.​00037
Clarke-Salt J (2009) SQL injection attacks and defense. Elsevier
Dantas YG, Nigam V, & Fonseca IE (2014). A selective defense for
application layer ddos attacks. In IEEE joint intelligence and secu-
rity informatics conference, 2014 (pp. 75–82). IEEE Publications.
Dash M, Liu H (1997) Feature selection for classification. Intell Data
Anal 1(3):131–156. https://​doi.​org/​10.​3233/​IDA-​1997-​1302
Dhanabal L, Shantharajah SP (2015) A study on NSL-KDD dataset for
intrusion detection system based on classification algorithms. Int
J Adv Res Comput Commun Eng 4(6):446–452
Doychev G, Köpf B, Mauborgne L, Reineke J (2015) Cacheaudit: a tool
for the static analysis of cache side channels. ACM Trans Inf Syst
Secur 18(1):1–32. https://​doi.​org/​10.​1145/​27565​50
Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S (2002) A geometric
framework for unsupervised anomaly detection. In: Barbará D,
Jajodia S (eds) Applications of Data Mining in Computer Secu-
rity. Springer US, Boston, pp 77–101. https://​doi.​org/​10.​1007/​
978-1-​4615-​0953-0_4
Fotiou N, Machas A, Polyzos GC, Xylomenos G (2015) Access control
as a service for the Cloud. J Int Serv Appl 6(1):1–15
Gheisari M et al (2019) An optimization model for software quality
prediction with case study analysis using MATLAB. IEEE Access
7:85123–85138. https://​doi.​org/​10.​1109/​ACCESS.​2019.​29208​79
Ghosh P, Mandal AK, Kumar R (2015) An efficient cloud network
intrusion detection system. Adv Intell Syst Comput 10:91–99.
https://​doi.​org/​10.​1007/​978-​81-​322-​2250-7_​10
Gill, S. S. et al. (2019). Transformative effects of IoT, Blockchain and
Artificial Intelligence on cloud computing: Evolution, vision,
trends and open challenges, Internet of Things, pp. 100118.
Gollmann D (2008) Securing web applications. Inf Secur Tech Rep
13(1):1–9. https://​doi.​org/​10.​1016/j.​istr.​2008.​02.​002
Idhammad M, Afdel K, Belouch M (2018) Distributed intrusion detec-
tion system for cloud environments based on data mining tech-
niques. Procedia Comput Sci 127:35–41. https://d​ oi.o​ rg/1​ 0.1​ 016/j.​
procs.​2018.​01.​095
Jaber AN, Rehman SU (2020) FCM–SVM based intrusion detec-
tion system for cloud computing environment. Clust Comput
23(4):3221–3231. https://​doi.​org/​10.​1007/​s10586-​020-​03082-6
Jadhav SS, Hagwane PK, Labhade PC, &Nalawde KS (2016). Data
confidentiality in cloud computing using android application,
Imp.J. Interdiscip. Res., 2(6).
Jain R, Alzubi J, Jain N, Joshi P (2019) Assessing risk in life insurance
using ensemble learning. J Intell Fuzzy Syst 37(2):2969–2980
Jaiswal S, Gupta D (2017) Engineering and validating security to make
cloud secure. Int J Syst Assur Eng and Management 8(S2):1419–
1441. https://​doi.​org/​10.​1007/​s13198-​017-​0612-x
Kansal Y, Kapur PK, Kumar U, Kumar D (2019) Prioritising vulner-
abilities using ANP and evaluating their optimal discovery and
patch release time. Int J Math Op Res 14(2):236. https://​doi.​org/​
10.​1504/​IJMOR.​2019.​097758
Karlin J, Forrest S, Rexford J (2008) Autonomous security for autono-
mous systems. Comput Netw 52(15):2908–2923. https://​doi.​org/​
10.​1016/j.​comnet.​2008.​06.​012
Karthiban K, &Smys S (2018). Privacy preserving approaches in cloud
computing, in 20182nd International Conference on Inventive
Systems and Control (ICISC) (pp. 462–467).
Khan MA, Salah K (2018) IoT security [Review], blockchain solutions,
and open challenges. Futur Gener Comput Syst 82:395–411
Int J Syst Assur Eng Manag
Kim W (2013) Cloud computing architecture. Int J Web Grid Serv
9(3):287–303. https://​doi.​org/​10.​1504/​IJWGS.​2013.​055724
Kourai K, Azumi T, & Chiba S. (2012). A self-protection mechanism
against stepping-stone attacks for IaaS clouds. In Ubiquitous
intelligence and computing and9th International Conference on
Autonomic and Trusted Computing (UIC/ATC) 9th International
Conference on, 2012 (pp. 539–546).
Ku C-Y, & Chiu Y-S. (2013). A novel infrastructure for data sanitiza-
tion in cloud computing [Research paper], in Diversity. Technol-
ogy, and innovation for operational competitiveness. Proceedings
of the 2013 International Conference on Technology Innovation
and Industrial Management p. S3_25–28.
Kumar SN, Vajpayee A (2016) A survey on secure cloud: Security and
privacy in cloud computing. Am J Syst Softw 4(1):14–26
Lin W, & Lee D (2012). Traceback attacks in cloud-Pebbletrace botnet.
In Distributed Computing Systems Workshops (ICDCSW)32nd
International Conference on, 2012 (pp. 417–426).
Liu HI, & Chang KC. (2011). Defending systems against tilt DDoS
attacks. In 6th International Conference on Telecommunication
Systems, Services, and Applications (TSSA), 2011 (pp. 22–27).
IEEE Publications.
Liu A, Yuan Y, Wijesekera D, &Stavrou A (2009). SQLProb: A proxy-
based architecture towards preventing SQL injection attacks. In
Proceedings of the 2009 ACM Symposium on Applied Computing
(pp. 2054–2061).
Lombardi F, Di Pietro R (2011) Secure virtualization for cloud comput-
ing. J Netw Comput Appl 34(4):1113–1122. https://​doi.​org/​10.​
1016/j.​jnca.​2010.​06.​008
Lua R, Yow KC (2011) Mitigating ddos attacks with transparent and
intelligent fast-flux swarm network. IEEE Network 25(4):28–33.
https://​doi.​org/​10.​1109/​MNET.​2011.​59580​05
Luo S, Lin Z, Chen X, Yang, Z, & Chen J. (2011). Virtualization secu-
rity for cloud computing service. In Cloud and service computing
(CSC)International Conference on, 2011 (pp. 174–179).
Mather T, Kumaraswamy S, &Latif S (2009) Cloud security and pri-
vacy: An enterprise perspective on risks and compliance. O‘Reilly
Media, 2009.
Mell, P., &Grance, T. (2011). ―The NIST definition of cloud
computing.
Misra KB, Verma AK (2011) Special Section on reliability and risk
assessment of complex systems. IEEE Trans Reliab 60(1):59–60.
https://​doi.​org/​10.​1109/​TR.​2011.​21102​10
Nister D, &Stewenius H (2006). Scalable recognition with a vocabulary
tree. In Computer vision and pattern recognitionIEEE computer
society conference on, 2 (pp. 2161–2168).
Patel A, Taghavi M, Bakhtiyari K, CelestinoJúnior J (2013) An intru-
sion detection and prevention system in cloud computing: a sys-
tematic review. J Netw Comput Appl 36(1):25–41. https://d​ oi.o​ rg/​
10.​1016/j.​jnca.​2012.​08.​007
Rani M (2019) A review of intrusion detection system in cloud com-
puting. SSRN Electron J. https://​doi.​org/​10.​2139/​ssrn.​33551​27
Riquet D, Grimaud G, & Hauspie M (2012). Large-scale coordinated
attacks: Impact on the cloud security. In Innovative mobile and
Internet services in ubiquitous computing (IMIS)Sixth Interna-
tional Conference on, 2012 (pp. 558–563).
Salmen F, Hernandes P, Carvalho L, &Proenca M (2015). Using firefly
and genetic metaheuristics for anomaly detection based on net-
work flows. In Proceedings of the 11th Advanced International
Conference on Telecommunications (pp. 113–118).
Scarfone K, Mell P (2007) Guide to intrusion detection and prevention
systems (idps). NIST Spec Publ 800(2007):94
Sharma A, & Singh UK (2021a). Investigation of cloud computing
security issues and challenges, 3rd International Conference on
Integrated Intelligent Computing Communication and Security
(ICIIC), 2021. https://​doi.​org/​10.​2991/​ahis.k.​210913.​055
Sharma A, & Singh UK (2021b). Deployment model of e-educational
cloud for departmental academics automation using open source.
HTL Journal, 27(5, 36), ISSN 1006–6748. https://​doi.​org/​10.​
37896/​HTL27.5/​3535
Sharma A, Singh UK et al. (2021c). ‘A Comparative analysis of secu-
rity issues and vulnerabilities of leading Cloud Service Providers
and in-house University Cloud platform for hosting E-Educational
applications,’ IEEE Mysore Sub Section International Conference
(MysuruCon), ISBN 978–0–7381–4662–1.
Sharma A, Singh UK (2022) Modelling of smart risk assessment
approach for cloud computing environment using AI & supervised
machine learning algorithms. Global Trans Proc 3(1):243–250
Sharma A, Singh UK et al. (2023) Security and Privacy aspect of
Cyber-Physical Systems. In A. Baliyan(Ed.), Cyber Physical
system: Concept and application. CRC Press Taylor & Francis
Group, 1st ed.,Chapman and Hall/CRC. https://​doi.​org/​10.​1201/​
97810​03220​664-9
Siddiqui ST, Alam S, Shuaib M, Gupta A (2019) Cloud computing
security using blockchain. J Emerg Technol Innovative Res
6(6):791–794
Singh UK, Sharma A (2021) Cloud Computing Security Framework
Based on Shared Responsibility Models. In: Bali V, Bhatnagar
V, Aggarwal D, Bali S, Diván MJ (eds) Cyber-Physical, IoT, and
Autonomous Systems in Industry 4.0. CRC Press, Boca Raton, pp
39–55. https://​doi.​org/​10.​1201/​97810​03146​711-3
Singh UK, Sharma A, Singh SK, Tomar PS, Dixit K, Upreti K (2022)
Security and Privacy Aspect of Cyber Physical Systems. In: Bali-
yan A, Kaswan KS, Kumar N, Upreti K, Kannan R (eds) Cyber
Physical Systems: Concepts and Applications. Chapman and Hall/
CRC, Boca Raton, pp 141–164. https://​doi.​org/​10.​1201/​97810​
03220​664-9
Somani G, Gaur MS, Sanghi D, Conti M, Buyya R (2017) DDoS
attacks in cloud computing: Issues, taxonomy, and future direc-
tions. Comput Commun 107:30–48. https://​doi.​org/​10.​1016/j.​
comcom.​2017.​03.​010
Sridhar S, &Smys S (2016). A survey on cloud security issues and
challenges with possible measures. In International Conference
on Inventive Research in Engineering and Technology, 4.
Subashini S, Kavitha V (2011) A survey on security issues in ser-
vice delivery models of cloud computing. J Netw Comput Appl
34(1):1–11. https://​doi.​org/​10.​1016/j.​jnca.​2010.​07.​006
TerLouw M, &Venkatakrishnan VN. (2009). ―Blueprint: Robust
prevention of cross-site scripting attacks for existing browsers.
In Security and Privacy30th IEEE Symposium on, 2009 (pp.
331–346).
Vieira K, Schulter A, Westphall C, Westphall C (2010) Intrusion detec-
tion techniques in grid and cloud computing environment. IT Prof
IEEE Comput Società 12(4):38–43
T. Vijayakumar K, Ramalakshmi C, Priyadharsini S, Vasanthakumar
S, and Sharma A,(2022) Bio-Inspired Optimization Algorithm on
Cloud based Image Retrieval System using Deep Features," 2022
International Conference on Augmented Intelligence and Sustain-
able Systems (ICAISS), Trichy, India, 2022, pp. 871–876, https://​
doi.​org/​10.​1109/​ICAIS​S55157.​2022.​10010​739.
Vijayalakshmi M, Shalinie SM, &Pragash AA. (2012). IP traceback
system for network and application layer attacks. In International
Conference on Recent Trends in Information Technology, (pp.
439–444). IEEE Publications.
Villegas D, Bobroff N, Rodero I, Delgado J, Liu Y, Devarakonda A,
Fong L, MasoudSadjadi S, Parashar M (2012) Cloud federation
in a layered service model. J Comput Syst Sci 78(5):1330–1344.
https://​doi.​org/​10.​1016/j.​jcss.​2011.​12.​017
Wu H, Ding Y, Winer C, & Yao L (2010). Network security for virtual
machine in cloud computing. In Computer Sciences and Conver-
gence Information Technology (ICCIT) 5th International Confer-
ence on, 2010 (pp. 18–21).

Zaidi, T. (2021), A network intrusion based detection system for cloud
computing environment. Preprints. https://d​ oi.o​ rg/1​ 0.2​ 0944/p​ repr​
ints2​02104.​0183.​v1
Zhai H, Wang J (2021) Automatic deployment system of computer
program application based on cloud computing. Int J Syst
Assur Eng Manag 12(4):731–740. https:// ​ d oi. ​ o rg/ ​ 1 0. ​ 1 007/​
s13198-​021-​01068-0
Priscila S (2022) Risk-Based Access Control Mechanism for Internet of
Vehicles Using Artificial Intelligence. Security and Communica-
tion Networks 2022:1-13 https://​doi.​org/​10.​1155/​2022/​33798​43
Int J Syst Assur Eng Manag
Publisher’s Note Springer Nature remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.
Springer Nature or its licensor (e.g. a society or other partner) holds
exclusive rights to this article under a publishing agreement with the
author(s) or other rightsholder(s); author self-archiving of the accepted
manuscript version of this article is solely governed by the terms of
such publishing agreement and applicable law.