Abstract
Cloud technologies have several merits including the elimination of cost incurred when traditional technologies are adopted. Despite the benefits, the cloud is still facing security challenges thereby calling for cyber threat intelligence capable of identifying threats and providing possible solutions. However, dependence on traditional security mechanisms and approaches for security solutions within cloud environments presents challenges. This calls for cloud-native solutions which leverages cloud features for design and development of solutions for data and applications hosted and running within the cloud. Past studies have suggested the adoption of semantic technologies for cloud-based security mechanisms. However, the semantic processing of data faces challenges of data interconnectedness due to aggregation of data from diverse heterogenous sources. Hence, this study proposes a cloud-native architecture capable of connecting security-related data from different sources in the cloud to enhance cyber threat intelligence. It presents a proof-of-concept implementation of the proposed solution on Amazon AWS cloud, within an auto-scaling group for scalability and across multiple availability zones for high availability.
Similar content being viewed by others
Data Availability
The datasets used in the current study were a sample to proceed with a proof of a concept. So, the sample dataset is not publicly available but is available from the corresponding author on reasonable request.”
References
Aboubacar, M.S., Castelltort, A., Laurent, A.: (2020). Knowledge graph on cybersecurity: A survey, Doctoral Congress 2020
Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.R.: (2016a). Forensic-by-design framework for cyber-physical cloud systems. In IEEE Cloud Computing, vol. 3, no. 1, pp. 50–59, Jan.-Feb. 2016, doi: https://doi.org/10.1109/MCC.2016.5
Ab Rahman, N.H., Cahyani, N.W., Choo, K.K.R.: (2016b). Cloud incident handling and forensic-by-design: cloud storage as a case study. In Concurrency Computation 29.14 (July 2017), ISSN 15320634
Ab Rahman, N.H., Choo, K.R.: (2015). A survey of information security incident handling in the cloud. Computers & Security, Volume 49, 2015, Pages 45–69, ISSN 0167–4048. https://doi.org/10.1016/j.cose.2014.11.006
Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining incident management processes for CSIRTs. A work in progress (2004)
Alsaleem, L.S., Alqahtani, S.A., Alharbi, S.F., Agrouba, R.: (2019). Cloud computing-based attacks and countermeasures: A survey. Journal of Theoretical and Applied Information Technology, Vol.97. No 19, Pages 5185–5203
Amara, N., Zhiqui, H., Ali, A.: (2017). Cloud computing security threats and attacks with their mitigation techniques. International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2017, pp. 244–251, doi: https://doi.org/10.1109/CyberC.2017.37
Baskerville, R., Spagnoletti, P., Kim, J.: Incident-centered information security: Managing a strategic balance between prevention and response. Inf. Manag. 51(1), 138–151 (2014)
Blackwell, C.: (2010). A security ontology for incident analysis. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, page 46. ACM
British Standards Institution: (2007). BIP 0107:2008 Foundations of IT Service Management Based on ITIL V3, UK
Casey, T.: 2017. Threat Agent Library helps identify information security risks. Intel White Paper, 2
Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. Int. J. Comput. Res. 20(4), 459–530 (2012)
Dekker, M., Liveri, D., Lakka, M.: (2013). Cloud security incident reporting - Framework for reporting about major cloud security incidents. December. 2013, p. 38. ISBN: 9789279000775. doi: https://doi.org/10.2788/14231
ENISA: Good practice guide for incident management. ENISA, Athens (2010)
Frøystad, C., Gjære, E.A., Tøndel, I.A., Jaatun, M.J.: (2016). Security incident information exchange for cloud services. In: Scitepress, May 2016, pp. 391–398. doi: https://doi.org/10.5220/0005953803910398
Grobauer, B., Schreck, T.: (2010). Towards incident handling in the cloud, in Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp. 77–85
Hengst, K.: (2020). Best practices in cloud incident handling. Master’s Thesis, University of Twente
Henry, P., Williams, J., Wright, B.: The SANS survey of digital forensics and incident response. Tech. rep. SANS Institute (2013)
ISO: (2011). ISO/IEC 27035:2011 Information Technology - security techniques - information security incident management, Geneva
Killcrece, G.: State of the practice of computer security incident response teams (CSIRTs). CMU/SEI, Pittsburgh (2003)
Killcrece, G., Kossakowski, K.P., Ruefle, R., Zajicek, M.: Organizational models for computer security incident response teams (CSIRTs). CMU/SEI, Pittsburgh (2003)
Kral, P.: Incident Handler’s Handbook. SANS Institute (2011)
Kumar, J., Rajendran, B., Bindhumadhava, B.S., Babu, N.S.C.: (2017). XML Wrapping attack mitigation using positional token, In International Conference On Public Key Infrastructure and its applications (Pkia), Bangalore, India. Digital Investigation 9.2 (2012), pp. 71–80. issn: 17422876. doi:https://doi.org/10.1016/j.diin.2012.07.001
Martini, B., Choo, K.K.R.: (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9.2 (2012), pp. 71–80, ISSN: 17422876
MITRE Corporation. (2021a) MITRE: Common Vulnerabilities and Exposures (CVE). [Online]. Available from: https://cve.mitre.org/
The MITRE Corporation. (2021b) MITRE: Common Platform Enumeration (CPE). [Online]. Available from: https://cpe.mitre.org/
MITRE Corporation. (2021c) MITRE: Common Weakness Enumeration (CWE). [Online]. Available from: https://cwe.mitre.org/
MITRE Corporation. (2021b) MITRE: Common Attack Pattern Enumeration and Classification. [Online]. Available from: https://capec.mitre.org/
MITRE Corporation. (2021e) MITRE: Adversarial Tactics, Techniques and Common Knowledge (ATT & CK). [Online]. Available from: https://attack.mitre.org/
Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Computing: Adv. Syst. Appl. 1(1), 1–21 (2012)
Mogull, R., Arlen, J., Lane, A., Peterson, G., Rothman, M., Mortman, D.: (2017). Security guidance for critical areas of focus in cloud computing v4.0. Tech. rep. Cloud Security Alliance, 2017
Moreira, G.B., Calegario, V.M., Duarte, J.C., Santos, A.F.: (2018). CSIHO: An Ontology for Computer Security Incident Handling. https://sol.sbc.org.br/index.php/sbseg/article/view/4239/4170
Mundie, D., Ruefle, R., Dorofee, A., McCloud, J., Perl, S., Collins, M.: (2014). An incident management ontology. CEUR Workshop Proceedings. 1304. 62–71
O’Sullivan, K., Turnbull, B.: (2015). The cyber simulation terrain: Towards an open source cyber effects simulation ontology. In Australian Information Warfare Conference, pages 14–23. Security Research Institute, Edith Cowan University, 05 Nov. de 2017
Ozer, M., Varlioglu, S., Gonen, B., Adewopo, V., Elsayed, N., Zengin, S.: (2020). Cloud incident response: Challenges and opportunities. International Conference on Computational Science and Computational Intelligence (CSCI), 2020, pp. 49–54, doi: https://doi.org/10.1109/CSCI51800.2020.00015
Rajendran, R., Kumar, S., Palanichamy, Y., Arputharaj, K.: (2018). Detection of dos attacks in cloud networks using intelligent rule based classification system. Cluster Computing, 2018
Purnaye, P., Kulkarni, V.: A comprehensive study of cloud forensics. Arch. Comput. Methods Eng. 29(1), 33–46 (2022)
Šendelj, R., Ognjanović, I.: (2014). Semantically enhanced cyber security over clouds: Methodological approach. International Journal of Advances in Computer Networks and Its Security – IJCNS, 4(3)
Shaikh, A.A.: (2016). Attacks on cloud computing and its countermeasures. In 2016 International Conference On Signal Processing, Communication, Power And Embedded System (Scopes), Paralakhemundi, India, 2016
Silva, P.C.D., Fagundes, L.L.: (2014). Simo: Security incident management ontology. In SimposioBrasileiroemSeguranc¸a da Informac¸ ´ ao e de SistemasComputacionais, pages 302–305, Bras´ılia. SociedadeBrasileira de Computac¸ao. 05 nov. de 2017
Soman, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: (2017). DDoS attacks in Cloud Computing: Issues, Taxonomy, and Future directions. Computer Communications, Vol. 107
Sri, N.O., Tapas, K., Vedula, V.: A survey on security aspects of server virtualization in cloud computing. Int. J. Electr. Comput. Eng. (Ijece) 7(3), 1326–1336 (2017)
Srinivasan, J.: (2015). Semantic cloud architecture an integration of cloud and semantic web. IMS Manthan. The Journal of Innovations, 8(2)
U.S. National Vulnerability Database. NVD: (2021): Common Vulnerability Scoring System (CVSS) v2 [Online]. Available from: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator
Yucel, T., Romuald, K.K.: Cloud computing virtualization and cyber attacks: Evidence centralization. CivilComp Press, Stirlingshire (2015)
Zhang, S., Zhang, S., Chen, X., Huo, X.: (2010). Cloud computing research and development trend. Second International Conference on Future Networks, 2010, pp. 93–97, doi: https://doi.org/10.1109/ICFN.2010.58
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and design. All authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding authors
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ammi, M., Adedugbe, O., Alharby, F.M. et al. Leveraging a cloud-native architecture to enable semantic interconnectedness of data for cyber threat intelligence. Cluster Comput 25, 3629–3640 (2022). https://doi.org/10.1007/s10586-022-03576-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-022-03576-5