The increasing trend toward dematerialization and digitalization has prompted a surge in the adoption of IT service providers, offering cost-effective alternatives to traditional local services. Consequently, cloud services have become prevalent across various industries. While these services offer undeniable benefits, they face significant threats, particularly concerning the sensitivity of the data they handle. Many existing mathematical models struggle to accurately depict the complex scenarios of cloud systems. In response to this challenge, this paper proposes a behavioral model for ransomware propagation within such environments. In this model, each component of the environment is defined as an agent responsible for monitoring the propagation of malware. Given the distinct characteristics and criticality of these agents, the impact of malware can vary significantly. Scenario attacks are constructed based on real-world vulnerabilities documented in the Common Vulnerabilities and Exposures (CVEs) through the National Vulnerability Database. Defender actions are guided by an Intrusion Detection System (IDS) guideline. This research aims to provide a comprehensive framework for understanding and addressing ransomware threats in cloud systems. By leveraging an agent- based approach and real-world vulnerability data, our model offers valuable insights into detection and mitigation strategies for safeguarding sensitive cloud-based assets.
References
[1]
Islam, R., Patamsetti, V., Gadhi, A., Gondu, R.M., Bandaru, C.M., Kesani, S.C. and Abiona, O. (2023) International Journal of Communications. Network and System Sciences Scientific Research Publishing. Scientific Research Publishing.
[2]
Ullah, A., Nawi, N.M. and Ouhame, S. (2021) Recent Advancement in VM Task Allocation System for Cloud Computing: Review from 2015 to2021. Artificial Intelligence Review, 55, 2529-2573. https://doi.org/10.1007/s10462-021-10071-7
[3]
Yamin, M.M., Ullah, M., Ullah, H. and Katt, B. (2021) Weaponized AI for Cyber Attacks. Journal of Information Security and Applications, 57, Article ID: 102722. https://doi.org/10.1016/j.jisa.2020.102722
[4]
Balarezo, J.F., Wang, S., Chavez, K.G., Al-Hourani, A. and Kandeepan, S. (2022) A Survey on DOS/DDOS Attacks Mathematical Modelling for Traditional, SDN and Virtual Networks. Engineering Science and Technology, an International Journal, 31, Article ID: 101065. https://doi.org/10.1016/j.jestch.2021.09.011
[5]
Almalaq, A., Albadran, S. and Mohamed, M. (2022) Deep Machine Learning Model-Based Cyber-Attacks Detection in Smart Power Systems. Mathematics, 10, Article No. 2574. https://doi.org/10.3390/math10152574
[6]
Aldhyani, T.H.H. and Alkahtani, H. (2023) Cyber Security for Detecting Distributed Denial of Service Attacks in Agriculture 4.0: Deep Learning Model. Mathematics, 11, Article No. 233. https://doi.org/10.3390/math11010233
[7]
Gourisaria, M.K., Samanta, A., Saha, A., Patra, S.S. and Khilar, P.M. (2020) An Extensive Review on Cloud Computing. In: Raju, K.S., et al., Eds., Data Engineering and Communication Technology, Springer, 53-78. https://doi.org/10.1007/978-981-15-1097-7_6
[8]
Laato, S., Mäntymäki, M., Islam, A.K.M.N., Hyrynsalmi, S. and Birkstedt, T. (2022) Trends and Trajectories in the Software Industry: Implications for the Future of Work. Information Systems Frontiers, 25, 929-944. https://doi.org/10.1007/s10796-022-10267-4
[9]
Soh, J., Copeland, M., Puca, A. and Harris M. (2020) Microsoft Azure: Planning, Deploying, and Managing the Cloud. Springer.
[10]
Sunyaev, A. (2020) Cloud Computing. In: Internet Computing. Springer, 195-236. https://doi.org/10.1007/978-3-030-34957-8_7
[11]
Giannakou, A., Rillling, L., Pazat, J.-L., Majorczyk, F. and Morin, C. (2015) Towards Self Adaptable Security Monitoring in IaaS Clouds. 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, Shenzhen, China, 2015, 737-740. https://doi.org/10.1109/CCGrid.2015.133
[12]
Tabrizchi, H. and Kuchaki Rafsanjani, M. (2020) A Survey on Security Challenges in Cloud Computing: Issues, Threats, and Solutions. The Journal of Supercomputing, 76, 9493-9532. https://doi.org/10.1007/s11227-020-03213-1
[13]
Parast, F.K., Sindhav, C., Nikam, S., Yekta, H.I., Kent, K.B. and Hakak, S. (2022) Cloud Computing Security: A Survey of Service-Based Models. Computers & Security, 114, Article 102580.
[14]
Admass, W.S., Munaye, Y.Y. and Diro, A.A. (2024) Cyber Security: State of the Art, Challenges and Future Directions. Cyber Security and Applications, 2, Article ID: 100031. https://doi.org/10.1016/j.csa.2023.100031
[15]
Guembe, B., Azeta, A., Misra, S., Osamor, V.C., Fernandez-Sanz, L. and Pospelova, V. (2022) The Emerging Threat of AI-Driven Cyber Attacks: A Review. Applied Artificial Intelligence, 36, Article ID: 2037254. https://doi.org/10.1080/08839514.2022.2037254
[16]
Sahu, I.K. and Nene, M.J. (2021) Model for IaaS Security Model: MISP Framework. 2021 International Conference on Intelligent Technologies (CONIT), Hubli, 25-27 June 2021, 1-6. https://doi.org/10.1109/conit51480.2021.9498375
[17]
Hu, V.C., Iorga, M., Bao, W., Li, A., Li, Q.H., Gouglidis, A., et al. (2020) General Access Control Guidance for Cloud Systems, NIST Special Publication, 800-210. https://doi.org/10.6028/NIST.SP.800-210
[18]
Carnier, R.M., Li, Y., Fujimoto, Y. and Shikata, J. (2024) Deriving Exact Mathematical Models of Malware Based on Random Propagation. Mathematics, 12, Article No. 835. https://doi.org/10.3390/math12060835
[19]
Aslan, O., Ozkan-Okay, M. and Gupta, D. (2021) Intelligent Behavior-Based Malware Detection System on Cloud Computing Environment. IEEE Access, 9, 83252-83271. https://doi.org/10.1109/access.2021.3087316
