Hena Shabeeb

Bio: Hena Shabeeb is an academic researcher from VIT University. The author has contributed to research in topics: Cloud computing security & Cloud computing. The author has an hindex of 2, co-authored 2 publications receiving 11 citations.

A Study on Security Threats in Cloud

Abstract: Cloud computing is now invading almost all IT industry and has become a rich area of research. It enables the users to share the resources which are done through resource virtualization and they have to pay only for what they use. The new paradigm freed the organizations from the burden of installing and maintaining the expensive and critical software, platform and infrastructure. The only thing they need to see is the Internet enabled systems. As the number of dependents on the cloud services shoots up, the security issue has become an overwhelming problem for cloud service providers. In order to make use of the cloud benefits to full extent, these issues need to be addressed first. This paper presents the major security issues in cloud computing. Some of the countermeasures that can be implemented is also suggested.

Credit Based Methodology to Detect and Discriminate DDOS Attack From Flash Crowd in A Cloud Computing Environment

Abstract: The latest trend in the field of computing is the migration of organizations and offloading the tasks to cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The fact that attack is fired by malicious programs installed by the attackers in the compromised systems and they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of clients who show signs of similarity are decremented. This reduces the computational and storage overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures full security to cloud resources. CloudSim simulation results also proved that the deployment of this approach improved the resource utilization with reduced cost.

The Innocent Perpetrators: Reflectors and Reflection Attacks

Abstract: In this paper we make a comparable study of the various types of Reflector Denial of Service attacks popularly known as DRDoS attacks. We discuss their cause, effects, defense mechanisms proposed so far, the effectiveness of these defense mechanisms and their future relevance. We have also shown how reflection attacks are a potential threat to the cloud which is one of the most popular and highly evolving arenas in the Internet.

A packet marking approach to protect cloud environment against DDoS attacks

Abstract: Cloud computing uses internet and remote servers for maintaining data and applications. It offers through internet the dynamic virtualized resources, bandwidth and on-demand software's to consumers and promises the distribution of many economical benefits among its adapters. It helps the consumers to reduce the usage of hardware, software license and system maintenance. Simple Object Access Protocol (SOAP) is the system that allows the communications interaction between different web services. SOAP messages are constructed using either HyperText Transport Protocol (HTTP) and/or Extensible Mark-up Language (XML). The new form of Distributed Denial of Service (DDoS) attacks that could potentially bring down a cloud web services through the use of HTTP and XML. Cloud computing suffers from major security threat problem by HTTP and XML Denial of Service (DoS) attacks. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. To address the problem of HX-DoS attacks against cloud web services there is a need to distinguish between the legitimate and illegitimate messages. This can be done by using the rule set based detection, called CLASSIE and modulo marking method is used to avoid the spoofing attack. Reconstruct and Drop method is used to make decision and drop the packets on the victim side. It enables us to improve the reduction of false positive rate and increase the detection and filtering of DDoS attacks.

Measuring Information Security Awareness of Indonesian Smartphone Users

Abstract: One of information security management elements is information security awareness program. Usually, this programs only involve the employees within the organization. Some organizations also consider security awareness for some parties outside the organization like providers, vendors, and contractors. This paper add consumers as variable to be considered in information security awareness program as there are also some threats for organization through them. Information security awareness will be measured from user’s knowledge, behavior, and attitude of five information security focus areas in telecommunication, especially related with smartphone users as one segment of telecommunication provider. For smartphone users, information security threats not only from Internet, but also by phone call or texting. Therefore, focus area in this research consist of adhere to security policy, protect personal data, fraud/spam SMS, mobile application, and report for security incident. This research use analytic hierarcy process (AHP) method to measure the information security awareness level from smartphone users. In total, the result indicated that awareness level is good (80%). Although knowledge and attitude dimension are in good criteria of awareness level, but behaviour dimension is average. It can be a reason why there are still many information security breach against smartphone user despite good awareness level.

Cloud Computing Vulnerability: DDoS as Its Main Security Threat, and Analysis of IDS as a Solution Model

Abstract: Cloud computing has emerged as an increasingly popular means of delivering IT-enabled business services and a potential technology resource choice for many private and government organizations in today's rapidly changing computing environment. Consequently, as cloud computing technology, functionality and usability expands unique security vulnerabilities and treats requiring timely attention arise continuously. The primary challenge being providing continuous service availability. This paper will address cloud security vulnerability issues, the threats propagated by a distributed denial of service (DDOS) attack on cloud computing infrastructure and also discuss the means and techniques that could detect and prevent the attacks.

Automatically preventing and remediating network abuse

Abstract: Various embodiments described herein are directed to optimizing cloud computing infrastructures functionality based on an abuse prevention and remediation platform. A tenant profile may have a tenant confidence score for a tenant, the tenant confidence score being an indicator of the reputation of the tenant usage of cloud computing resources. Based on the confidence score of the tenant, one or more policies for the tenant may be identified limiting access to cloud computing resources. If the virtual internet protocol address (VIP) of the tenant is determined to be tainted, the VIP may be quarantined in a tainted VIP pool, the quarantining excluding the VIP from being selected for use until the VIP is clean. A cleanup routine may be executed, the cleanup routine communicating remedial actions for the tainted VIP. Upon completion of the cleanup routine, the VIP may be restored to a clean VIP pool.