From traditional networking to cloud computing, one of the essential but formidable tasks is to detect cyber attacks and their types. A cloud provider's unwillingness to share security-related data with its clients adds to the difficulty of detection by a cloud customer. The research contributions in this paper are twofold. First, an investigative survey on cloud computing is conducted with the main focus on gaps that is hindering cloud adoption, accompanied by a review of the threat remediation challenges. Second, some thoughts are constructed on novel approaches to address some of the widely discussed denial-of-service (DoS) attack types by using machine learning techniques. We evaluate the techniques' performances by using statistical ranking-based methods, and find the rule-based learning technique C4.5, from a set of popular learning algorithms, as an efficient tool to classify various DoS attacks in the cloud platform. The novelty of our rather rigorous analysis is in its ability to identify insider's activities and other DoS attacks by using performance data. The reason for using performance data rather than traditional logs and security-related data is that the performance data can be collected by the customers themselves without any help from cloud providers. To the best of our knowledge, no one has made such attempts before. Our findings and thoughts captured through a series of experiments in our constructed cloud server are expected to give researchers, cloud providers and customers additional insight and tools to proactively protect themselves from known or perhaps even unknown security issues that have similar patterns. Copyright (c) 2012 John Wiley & Sons, Ltd.
