Probabilistic analysis of security attacks in cloud environment using hidden Markov models

Abstract

SummaryThe rapidly growing cloud computing paradigm provides a cost‐effective platform for storing, sharing, and delivering data and computation through internet connectivity. However, one of the biggest barriers for massive cloud adoption is the growing cybersecurity threats/risks that influence its confidence and feasibility. Existing threat models for clouds may not be able to capture complex attacks. For example, an attacker may combine multiple security vulnerabilities into an intelligent, persistent, and sequence of attack behaviors that will continuously act to compromise the target on clouds. Hence, new models for detection of complex and diversified network attacks are needed. In this article, we introduce an effective threat modeling approach that has the ability to predict and detect the probability of occurrence of various security threats and attacks within the cloud environment using hidden Markov models (HMMs). The HMM is a powerful statistical analysis technique and is used to create a probability matrix based on the sensitivity of the data and possible system components that can be attacked. In addition, the HMM is used to provide supplemental information to discover a trend attack pattern from the implicit (or hidden) raw data. The proposed model is trained to identify anomalous sequences or threats so that accurate and up‐to‐date information on risk exposure of cloud‐hosted services are properly detected. The proposed model would act as an underlying framework and a guiding tool for cloud systems security experts and administrators to secure processes and services over the cloud. The performance evaluation shows the effectiveness of the proposed approach to find attack probability and the number of correctly detected attacks in the presence of multiple attack scenarios.