Skip to main content
SpringerLink
Log in

Leveraging a cloud-native architecture to enable semantic interconnectedness of data for cyber threat intelligence

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Cloud technologies have several merits including the elimination of cost incurred when traditional technologies are adopted. Despite the benefits, the cloud is still facing security challenges thereby calling for cyber threat intelligence capable of identifying threats and providing possible solutions. However, dependence on traditional security mechanisms and approaches for security solutions within cloud environments presents challenges. This calls for cloud-native solutions which leverages cloud features for design and development of solutions for data and applications hosted and running within the cloud. Past studies have suggested the adoption of semantic technologies for cloud-based security mechanisms. However, the semantic processing of data faces challenges of data interconnectedness due to aggregation of data from diverse heterogenous sources. Hence, this study proposes a cloud-native architecture capable of connecting security-related data from different sources in the cloud to enhance cyber threat intelligence. It presents a proof-of-concept implementation of the proposed solution on Amazon AWS cloud, within an auto-scaling group for scalability and across multiple availability zones for high availability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

The datasets used in the current study were a sample to proceed with a proof of a concept. So, the sample dataset is not publicly available but is available from the corresponding author on reasonable request.”

References

  • Aboubacar, M.S., Castelltort, A., Laurent, A.: (2020). Knowledge graph on cybersecurity: A survey, Doctoral Congress 2020

  • Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.R.: (2016a). Forensic-by-design framework for cyber-physical cloud systems. In IEEE Cloud Computing, vol. 3, no. 1, pp. 50–59, Jan.-Feb. 2016, doi: https://doi.org/10.1109/MCC.2016.5

  • Ab Rahman, N.H., Cahyani, N.W., Choo, K.K.R.: (2016b). Cloud incident handling and forensic-by-design: cloud storage as a case study. In Concurrency Computation 29.14 (July 2017), ISSN 15320634

  • Ab Rahman, N.H., Choo, K.R.: (2015). A survey of information security incident handling in the cloud. Computers & Security, Volume 49, 2015, Pages 45–69, ISSN 0167–4048. https://doi.org/10.1016/j.cose.2014.11.006

  • Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining incident management processes for CSIRTs. A work in progress (2004)

  • Alsaleem, L.S., Alqahtani, S.A., Alharbi, S.F., Agrouba, R.: (2019). Cloud computing-based attacks and countermeasures: A survey. Journal of Theoretical and Applied Information Technology, Vol.97. No 19, Pages 5185–5203

  • Amara, N., Zhiqui, H., Ali, A.: (2017). Cloud computing security threats and attacks with their mitigation techniques. International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2017, pp. 244–251, doi: https://doi.org/10.1109/CyberC.2017.37

  • Baskerville, R., Spagnoletti, P., Kim, J.: Incident-centered information security: Managing a strategic balance between prevention and response. Inf. Manag. 51(1), 138–151 (2014)

    Article  Google Scholar 

  • Blackwell, C.: (2010). A security ontology for incident analysis. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, page 46. ACM

  • British Standards Institution: (2007). BIP 0107:2008 Foundations of IT Service Management Based on ITIL V3, UK

  • Casey, T.: 2017. Threat Agent Library helps identify information security risks. Intel White Paper, 2

  • Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. Int. J. Comput. Res. 20(4), 459–530 (2012)

    Google Scholar 

  • Dekker, M., Liveri, D., Lakka, M.: (2013). Cloud security incident reporting - Framework for reporting about major cloud security incidents. December. 2013, p. 38. ISBN: 9789279000775. doi: https://doi.org/10.2788/14231

  • ENISA: Good practice guide for incident management. ENISA, Athens (2010)

    Google Scholar 

  • Frøystad, C., Gjære, E.A., Tøndel, I.A., Jaatun, M.J.: (2016). Security incident information exchange for cloud services. In: Scitepress, May 2016, pp. 391–398. doi: https://doi.org/10.5220/0005953803910398

  • Grobauer, B., Schreck, T.: (2010). Towards incident handling in the cloud, in Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp. 77–85

  • Hengst, K.: (2020). Best practices in cloud incident handling. Master’s Thesis, University of Twente

  • Henry, P., Williams, J., Wright, B.: The SANS survey of digital forensics and incident response. Tech. rep. SANS Institute (2013)

  • ISO: (2011). ISO/IEC 27035:2011 Information Technology - security techniques - information security incident management, Geneva

  • Killcrece, G.: State of the practice of computer security incident response teams (CSIRTs). CMU/SEI, Pittsburgh (2003)

    Book  Google Scholar 

  • Killcrece, G., Kossakowski, K.P., Ruefle, R., Zajicek, M.: Organizational models for computer security incident response teams (CSIRTs). CMU/SEI, Pittsburgh (2003)

    Book  Google Scholar 

  • Kral, P.: Incident Handler’s Handbook. SANS Institute (2011)

  • Kumar, J., Rajendran, B., Bindhumadhava, B.S., Babu, N.S.C.: (2017). XML Wrapping attack mitigation using positional token, In International Conference On Public Key Infrastructure and its applications (Pkia), Bangalore, India. Digital Investigation 9.2 (2012), pp. 71–80. issn: 17422876. doi:https://doi.org/10.1016/j.diin.2012.07.001

  • Martini, B., Choo, K.K.R.: (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9.2 (2012), pp. 71–80, ISSN: 17422876

  • MITRE Corporation. (2021a) MITRE: Common Vulnerabilities and Exposures (CVE). [Online]. Available from: https://cve.mitre.org/

  • The MITRE Corporation. (2021b) MITRE: Common Platform Enumeration (CPE). [Online]. Available from: https://cpe.mitre.org/

  • MITRE Corporation. (2021c) MITRE: Common Weakness Enumeration (CWE). [Online]. Available from: https://cwe.mitre.org/

  • MITRE Corporation. (2021b) MITRE: Common Attack Pattern Enumeration and Classification. [Online]. Available from: https://capec.mitre.org/

  • MITRE Corporation. (2021e) MITRE: Adversarial Tactics, Techniques and Common Knowledge (ATT & CK). [Online]. Available from: https://attack.mitre.org/

  • Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Computing: Adv. Syst. Appl. 1(1), 1–21 (2012)

    Article  Google Scholar 

  • Mogull, R., Arlen, J., Lane, A., Peterson, G., Rothman, M., Mortman, D.: (2017). Security guidance for critical areas of focus in cloud computing v4.0. Tech. rep. Cloud Security Alliance, 2017

  • Moreira, G.B., Calegario, V.M., Duarte, J.C., Santos, A.F.: (2018). CSIHO: An Ontology for Computer Security Incident Handling. https://sol.sbc.org.br/index.php/sbseg/article/view/4239/4170

  • Mundie, D., Ruefle, R., Dorofee, A., McCloud, J., Perl, S., Collins, M.: (2014). An incident management ontology. CEUR Workshop Proceedings. 1304. 62–71

  • O’Sullivan, K., Turnbull, B.: (2015). The cyber simulation terrain: Towards an open source cyber effects simulation ontology. In Australian Information Warfare Conference, pages 14–23. Security Research Institute, Edith Cowan University, 05 Nov. de 2017

  • Ozer, M., Varlioglu, S., Gonen, B., Adewopo, V., Elsayed, N., Zengin, S.: (2020). Cloud incident response: Challenges and opportunities. International Conference on Computational Science and Computational Intelligence (CSCI), 2020, pp. 49–54, doi: https://doi.org/10.1109/CSCI51800.2020.00015

  • Rajendran, R., Kumar, S., Palanichamy, Y., Arputharaj, K.: (2018). Detection of dos attacks in cloud networks using intelligent rule based classification system. Cluster Computing, 2018

  • Purnaye, P., Kulkarni, V.: A comprehensive study of cloud forensics. Arch. Comput. Methods Eng. 29(1), 33–46 (2022)

    Article  Google Scholar 

  • Šendelj, R., Ognjanović, I.: (2014). Semantically enhanced cyber security over clouds: Methodological approach. International Journal of Advances in Computer Networks and Its Security – IJCNS, 4(3)

  • Shaikh, A.A.: (2016). Attacks on cloud computing and its countermeasures. In 2016 International Conference On Signal Processing, Communication, Power And Embedded System (Scopes), Paralakhemundi, India, 2016

  • Silva, P.C.D., Fagundes, L.L.: (2014). Simo: Security incident management ontology. In SimposioBrasileiroemSeguranc¸a da Informac¸ ´ ao e de SistemasComputacionais, pages 302–305, Bras´ılia. SociedadeBrasileira de Computac¸ao. 05 nov. de 2017

  • Soman, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: (2017). DDoS attacks in Cloud Computing: Issues, Taxonomy, and Future directions. Computer Communications, Vol. 107

  • Sri, N.O., Tapas, K., Vedula, V.: A survey on security aspects of server virtualization in cloud computing. Int. J. Electr. Comput. Eng. (Ijece) 7(3), 1326–1336 (2017)

    Article  Google Scholar 

  • Srinivasan, J.: (2015). Semantic cloud architecture an integration of cloud and semantic web. IMS Manthan. The Journal of Innovations, 8(2)

  • U.S. National Vulnerability Database. NVD: (2021): Common Vulnerability Scoring System (CVSS) v2 [Online]. Available from: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator

  • Yucel, T., Romuald, K.K.: Cloud computing virtualization and cyber attacks: Evidence centralization. CivilComp Press, Stirlingshire (2015)

    Google Scholar 

  • Zhang, S., Zhang, S., Chen, X., Huo, X.: (2010). Cloud computing research and development trend. Second International Conference on Future Networks, 2010, pp. 93–97, doi: https://doi.org/10.1109/ICFN.2010.58

Download references

Author information

Authors and Affiliations

  1. Naif Arab University for Security Sciences, Riyadh, Saudi Arabia

    Meryem Ammi, Oluwasegun Adedugbe, Fahad M. Alharby & Elhadj Benkhelifa

  2. Smart Systems, AI and Cybersecurity Research Centre, Staffordshire University, Staffordshire University, ST4 2DE., Stoke-on-Trent, England

    Elhadj Benkhelifa

Authors
  1. Meryem Ammi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oluwasegun Adedugbe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fahad M. Alharby
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elhadj Benkhelifa
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and design. All authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.

Corresponding authors

Correspondence to Meryem Ammi or Fahad M. Alharby.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ammi, M., Adedugbe, O., Alharby, F.M. et al. Leveraging a cloud-native architecture to enable semantic interconnectedness of data for cyber threat intelligence. Cluster Comput 25, 3629–3640 (2022). https://doi.org/10.1007/s10586-022-03576-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03576-5

Keywords

Search

Navigation