Applications: A Case Study.

With the increasing utilization of the Internet and its provided services, an increase in cyber-attacks to exploit the information occurs. A technology to store and maintain user's information that is mostly used for its simplicity and low-cost services is cloud computing (CC). Also, a new model of computing that is noteworthy today is mobile cloud computing (MCC) that is used to reduce the limitations of mobile devices by allowing them to offload certain computations to the remote cloud. The cloud environment may consist of critical or essential information of an organization; therefore, to prevent this environment from possible attacks a security solution is needed. An intrusion detection system (IDS) is a solution to these security issues. An IDS is a hardware or software device that can examine all inside and outside network activities and recognize doubtful patterns that may demonstrate a network attack and automatically alert the network (or system) administrator. Because of the ability of an IDS to detect known/unknown (inside/outside) attacks, it is an excellent choice for securing cloud computing. Various methods are used in an intrusion detection system to recognize attacks more accurately. Unlike survey papers presented so far, this paper aims to present a comprehensive survey of intrusion detection systems that use computational intelligence (CI) methods in a (mobile) cloud environment. We firstly provide an overview of CC and MCC paradigms and service models, also reviewing security threats in these contexts. Previous literature is critically surveyed, highlighting the advantages and limitations of previous work. Then we define a taxonomy for IDS and classify CI-based techniques into single and hybrid methods. Finally, we highlight open issues and future directions for research on this topic.

Computational intelligence intrusion detection techniques in mobile cloud computing environments: Review, taxonomy, and open research issues

Never Trust, Always Verify : A Multivocal Literature Review on Current Knowledge and Research Gaps of Zero-trust

Lagging IT security investments in small and medium-sized enterprises (SME) point towards a security divide between SME and large enterprises, yet our structured literature review shows that organizational IT security research has largely neglected the SME context. In an effort to expose reasons for this divide, we build on extant research to conceptualize SME-specific characteristics in a framework and suggest propositions regarding their influence on IT security investments. Based on 25 expert interviews, emerging constraints are investigated and validated. Our findings imply that several widely held assumptions in extant IT security literature should be modified if researchers claim generalizability of their results in an SME context. Exemplary assumptions include the presence of skilled workforce, documented processes or IT-budget planning which are often un(der) developed in SME. Additionally, our study offers context-specific insights regarding particular effects of identified constraints on IT security investments for all involved stakeholders (researchers, SME, large enterprises, governments).

Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments

https://ris.uni-paderborn.de/download/5586/6022/JOURNAL%20VERSION.pdf

Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning

In the last few years, research has been motivated to provide a categorization and classification of security concerns accompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by the risks, threats and vulnerabilities imposed by the components within the environment and have provided general classifications of related attacks, as well as the respective detection and mitigation mechanisms. Virtual Machine Introspection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized environments. In this paper, we classify attacks in IaaS cloud that can be investigated using VMI-based mechanisms. This infers a special focus on attacks that directly involve Virtual Machines (VMs) deployed in an IaaS cloud. Our classification methodology takes into consideration the source, target, and direction of the attacks. As each actor in a cloud environment can be both source and target of attacks, the classification provides any cloud actor the necessary knowledge of the different attacks by which it can threaten or be threatened, and consequently deploy adapted VMI-based monitoring architectures. To highlight the relevance of attacks, we provide a statistical analysis of the reported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.

/pdf/classifying-malware-attacks-in-iaas-cloud-environments-4qn5h8907h.pdf

Classifying malware attacks in IaaS cloud environments

The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples.

https://ris.uni-paderborn.de/download/5588/6038/ICIS%20PROCEEDINGS%20PAPER%20-%20Security%20Investments.pdf

A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory

IT security has become a major issue for organizations as they need to protect their assets, including IT resources, intellectual property and business processes, against security attacks. Disruptions of ITbased business activities can easily lead to economic damage, such as loss of productivity, revenue and

/pdf/it-security-investments-through-the-lens-of-the-resource-3w1lwaeiqa.pdf

IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review

Due to the proliferation of cloud computing, cloud-based systems are becoming an increasingly attractive target for malware. In an Infrastructure-as-a-Service IaaS cloud, malware located in a customer's virtual machine VM affects not only this customer, but may also attack the cloud infrastructure and other co-hosted customers directly. This paper presents CloudIDEA, an architecture that provides a security service for malware defens in cloud environments. It combines lightweight intrusion monitoring with on-demand isolation, evidence collection, and in-depth analysis of VMs on dedicated analysis hosts. A dynamic decision engine makes on-demand decisions on how to handle suspicious events considering cost-efficiency and quality-of-service constraints.

/pdf/cloudidea-a-malware-defense-architecture-for-cloud-data-7hbq9unuz6.pdf

Eva Weishäupl

Papers

Classifying malware attacks in IaaS cloud environments

Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning

A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory

IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review

CloudIDEA: A Malware Defense Architecture for Cloud Data Centers