INSTRUMENTAL MEANS OF ENSURING INFORMATION SECURITY AGAINST HIDDEN THREATS IN CLOUD COMPUTING INFRASTRUCTURE
DOI:
https://doi.org/10.28925/2663-4023.2025.28.857Keywords:
information security, cloud computing, hidden threats, hypervisor, virtualization, instrumental tools, dynamic environment, security policy, monitoring, cloud services, cloud-oriented architectures.Abstract
In cloud computing, the challenge of countering hidden information security threats is becoming increasingly critical due to the high dynamism of resource management, the complexity of verifying interprocess interactions, and the widespread use of virtualized environments. Particular attention is paid to threats that emerge at the hypervisor level or result from uncontrolled transactions between guest operating systems and cloud control subsystems, which renders them undetectable by traditional monitoring tools. To address these challenges, an instrumental approach is proposed that implements mechanisms for detecting and neutralizing latent attacks through continuous monitoring of system resource requests and behavioral analysis of component interactions. A formalized model of information interaction has been developed within this study, representing the logic of sequential and parallel operations initiated by virtual machines when accessing computing, networking, and storage resources. This model enables not only the structuring of dynamic information flows but also the formalization of critical dependencies between transactions that could serve as vectors for hidden attacks. A threat identification method based on predicate logic is applied, taking into account the context of system call execution, including signs of anomalous activity and deviations from the active security policy. The results obtained confirm the practical feasibility of using formalized models of transactional interaction and predicate analysis to enhance the security of cloud services against complex and hidden information security threats. This is especially relevant in the context of the growing adoption of containerization, orchestration, and distributed computing technologies, particularly in environments such as AWS, Azure, Google Cloud Platform, and Kubernetes.
Downloads
References
Aldribi, A., Traore, I., Moa, B., & Nwamuo, O. (2020). Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking. Computers & Security, 88, 101646. https://doi.org/10.1016/J.COSE.2019.101646
Althobaiti, A. (2017) Analyzing Security Threats to Virtual Machines Monitor in Cloud Computing Environment. Journal of Information Security, 8, 1–7. doi: 10.4236/jis.2017.81001
He, Z., Hu, G., & Lee, R. B. (2023) CloudShield: Real-time Anomaly Detection in the Cloud. In Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, 91–102. https://doi.org/10.1145/3577923.3583639
Jindal, A., Shakhat, I., Cardoso, J., Gerndt, M., & Podolskiy, V. (2022). IAD: Indirect Anomalous VMMs Detection in the Cloud-Based Environment. Service-Oriented Computing – ICSOC. Lecture Notes in Computer Science, vol 13236. https://doi.org/10.1007/978-3-031-14135-5_15
R. Zakiyyah, D. Permana, D. Valencio, A. Chowanda, Y. Muliono and Z. N. Izdihar (2024) Security Challenges and Issues in Cloud Computing, International Symposium on Networks, Computers and Communications (ISNCC), 1–6, https://doi.org/10.1109/ISNCC62547.2024.10758966
S. Y. Enoch, M. Ge, J. B. Hong and D. Seong Kim (2021) Model-based Cybersecurity Analysis: Past Work and Future Directions, Annual Reliability and Maintainability Symposium (RAMS), 1–7. https://doi.org/10.1109/RAMS48097.2021.9605784
Kostiuk, Y.V. & Voytkevich, A.A. (2024) Research on Technologies for Detection and Identification of Intruders for Corporate Network Protection. "Science and Technology Today" (Series "Pedagogy", Series "Law", Series "Economics", Series "Physical and Mathematical Sciences", Series "Engineering"), 4(32), 1017–1032.
Yesilyurt, M., Yalman, Y. (2016) New approach for ensuring cloud computing security: using data hiding methods. Sādhanā, 41, 1289–1298.
Kostiuk, Y.V. & Shapran, V.O. (2024) Technologies for Detection of Anomalous Events and Signatures in Real-Time. "Science and Technology Today" (Series "Pedagogy", Series "Law", Series "Economics", Series "Physical and Mathematical Sciences", Series "Engineering"), 4(32), 1069–1084.
Balbela, J. P. et al. (2023) Enhancing Cloud Security: A Comprehensive Framework for Real-Time Detection, Analysis and Cyber Threat Intelligence Sharing Advances in Science. Technology and Engineering Systems Journal, 8(6), 107–119.
Kryvoruchko, O., Kostiuk, Y., & Desiatko, A. (2024) Systematization of signs of unauthorized access to corporate information based on application of cryptographic protection methods. Ukrainian Scientific Journal of Information Security, 30(1), 140–149.
Sanagana, D. P. R., & Tummalachervu, C. K. (2024) Securing Cloud Computing Environment via Optimal Deep Learning-based Intrusion Detection Systems, Second International Conference on Data Science and Information System (ICDSIS), 1–6.
Kostiuk, Y., Bebeshko, B., Kryuchkova, L., Litvinov, V., Oksanych, I., Skladannyi, P., & Khorolska, K. (2024). Information Protection and Data Exchange Security in Wireless Mobile Networks with Authentication and Key Exchange Protocols. Electronic Professional Scientific Journal “Cybersecurity: Education, Science, Technology”, 1(25), 229–252.
Achbarou, O., El Kiram, M. A., Bourkoukou, O., & Elbouanani, S. (2018) A new distributed intrusion detection system based on multi-agent system for cloud environment. Int. J. Commun. Netw. Inf. Secur, 10, 526.
Kostiuk, Y., Bebeshko, B., Skladannyi, P., Rzaieva, S., & Khorolska, K. (2025). Buffer and priority optimization for ensuring security in Bluetooth networks. Information Systems and Technologies Security, 2(8), 5–16.
Kannadhasan, S., Nagarajan, R., & Thenappan, S. (2022) Intrusion detection techniques based secured data sharing system for cloud computing using msvm. In Proceedings of the 9th International Conference on Computing for Sustainable Global Development (INDIACom), 50–56.
Kostiuk, Y., Dovzhenko, N., Mazur, N., Skladannyi, P., & Rzaieva, S. (2025). Method for protecting GRID environment from malicious code during computational task execution. Electronic Scientific Journal “Cybersecurity: Education, Science, Technology”, 3(27), 22–40.
Hatef, M.A., Shaker, V., Jabbarpour, M.R., Jung, J., & Zarrabi, H. (2025) HIDCC: A hybrid intrusion detection approach in cloud computing. Concurr. Comput. Pract. Exp, 30, 4171.
Skladannyi, P., Kostiuk, Y., Rzaieva, S., Samoilenko, Y., & Savchenko, T. (2025). Development of modular neural networks for detecting different classes of network attacks. Electronic Scientific Journal “Cybersecurity: Education, Science, Technology”, 3(27), 534–548.
Zhang, J., Peter, J.D., Shankar, A., & Viriyasitavat, W. (2024) Public cloud networks oriented deep neural networks for effective intrusion detection in online music education. Computers and Electrical Engineering, 115.
Skladannyi, P.M., Kostiuk, Y.V., Mazur, N.P., & Pitaichuk, M.A. (2025). Investigation of characteristics and performance of access protocols to cloud computing environments based on universal testing. Telecommunications and Information Technologies, 1(86), 61–74.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Юлія Костюк, Карина Хорольська, Богдан Бебешко, Надія Довженко, Наталія Коршун, Андрій Пазинін
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
