Threat analysis metrics of cloud storage systems

Abstract

The security of cloud storage systems remains a critical challenge as the in-creasing interconnection of services exposes them to a wide range of cyber threats. This paper presents a methodology for analyzing the structural characteristics of vulnerabilities and threats in cloud environments using Q-analysis and associated metrics. By modeling the interdependencies between vulnerabilities and threats, the study provides a systematic framework to construct attack profiles and evaluate their likelihood of occurrence. The approach bypasses the direct construction of simplex complexes by employing incidence matrices to derive structural trees, local maps, and connectivity graphs, thereby simplifying the analysis process. Using real-world vulnerability statistics from the Edgescan report, we identify the most exploited weak-nesses, such as cross-site scripting and broken authentication, and link them to corresponding attack vectors. A statistical model of characteristic attack profiles is then developed by applying entropy-based optimization methods, particularly the Nelder-Mead algorithm, to estimate probabilities of threat realization under structural constraints. The findings demonstrate that this method enables more accurate classification and ranking of threats, offering a practical tool for risk assessment and decision-making in cybersecurity management. Ultimately, the proposed approach provides a foundation for improving resilience of cloud storage systems through informed protection strategies.