Abbas Rasoolzadegan

Hoda Taheri, Faeze Ramezani, Neda Mohammadi et al.

In a cloud environment, a cloud broker is an important entity that works as an independent middleware between cloud customers and providers to address issues and conduct negotiations related to satisfying both customer preferences and service provider profits. In recent years, researchers have published many articles which directly or indirectly address this research area. A systematic method is vital for extracting all search spaces (journals, conferences, and workshops) and primary studies (articles) conducted in the cloud broker field and then selecting some of the highest quality studies. The proposed systematic review includes a comprehensive three-tier search strategy (manual search, backward snowballing, and database search). The detailed explanation of the reviewing process is inserted in Appendix A. In the search methodology, qualitative criteria have been defined to select studies with the highest quality and the most relevance among all search spaces. In the present study, out of 1,928 extracted search spaces, 171 search spaces have been selected based on the defined quality criteria. Then, 1,298 articles have been extracted from these 171 selected search spaces. As a result, 496 high-quality papers have been selected among the mentioned papers. The chosen papers were published in prestigious journals, conferences, and workshops from 2009 through 2019. In the current Systematic Mapping Study (SMS), eight research questions have been designed for the purpose of identifying information that is significant to the cloud broker field, such as the most critical and debated topics, existing trends and issues, active researchers and countries, commonly used techniques in building cloud brokers, evaluation methods, the amount of research conducted by year and the place of publication, and the most important active search spaces.

Ali Ahmadian Ramaki, Abbas Ghaemi-Bafghi, Abbas Rasoolzadegan

Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous security and non-security sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. Till now, some research papers have been published on event aggregation for reducing the volume of logged low-level events. However, most research works have been provided a method to aggregate the events of a single-type and homogeneous event source i.e. NIDS. In addition, their main focus is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of logged heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7\% with an acceptable level of information loss ratio (ILR).

Abbas Javan Jafari, Abbas Rasoolzadegan

Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for introducing security into the software development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art. This study will serve as a guideline for researchers, practitioners, and teachers interested in this field. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. We have utilized an exhaustive 3-tier search strategy to ensure a high degree of completeness during the study collection and used a test set to evaluate our search. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more in-depth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. The results and discussions of this study have significant implications for researchers, practitioners, and teachers in software engineering and information security.