Due to the information systems heterogeneity, cloud systems involve now every component such as end-users, networks, access management, and infrastructures. Therefore before diving into security issues, we need to understand cloud-based systems new trends. The cloud computing services as represented in Figure 2 have been offered into three common service models including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) [7] :

Since the malware is more likely to disrupt IaaS, let’s dive into its new trends.

The user in an IaaS is in charge of managing the operating system and software applications, while the underlying network in the cloud infrastructure service is controlled by the cloud service provider [9] . As seen in Figure 3 , IaaS network users can install multiple operating systems on the virtual machine images.

This horizontal view of the cloud system can be segmented into five essential characteristics [10] :

The connection between the user and IaaS is done through either virtual private servers, a storage or a network. Then the request is sent to the real server through the virtual services resources.

IaaS security model: The security model in IaaS should take into account the three layers in a cloud architecture. Therefore, many components are used to monitor the environment [11] .

Since IaaS offers computing capabilities and essential storage as standardized services across the network [12] , the infrastructures face threats related to the underlying protocols. Therefore, appropriate safety measures should be taken care of.

A threat is a process whereby an intruder gathers, identifies and determines the risk associated with each area. Each threat identified during this process is analyzed in the exploit database. The threat faced by the cloud environment can emerge either on the user side or the provider side.

Since IaaS inherits data security’s features in the SaaS layer [13] and Security concerns associated with SaaS layer are almost data centric. Some concerns about data security are:

The last question is a fundamental one, because good safety monitoring and control considerably enhance the third parties’ confidence. While discussing security issues, it’s important to note the impact of AI on cyber threats. Machine learning and artificial intelligence (AI) can be used to automate many cybersecurity tasks, such as intrusion detection, malware analysis and vulnerability assessment [14] . Since existing cyber defense infrastructures are becoming inadequate to address the increasing speed, and complex decision logic of AI-driven attacks [15] . We will introduce the AI driven propagation metrics to see their impact on the global infrastructure.

Mathematical model to perform information system issues is a long problem discussed in the literature under different headings.

As represented in Figure 3 , Cloud physical architecture can be subdivided into provider and tenant parts.

At the provider side: The hypervisor allows each machine to work independently regarding the CPU, memory and NIC. An intruder who targets the hypervisor may be able to corrupt any resource. The runtime space is listed below [11] :

On the user side: Hypervisor provides a resource isolation to the tenant. Therefore a multi-tenancy occurs. Though it increases the architecture performance, it increases the probability that a legal and malicious user can be located in the same physical machine.

IaaS particularly among clouds offers services that make it difficult to a global model for all the architecture. Therefore, the Model for IaaS Security and Privacy (MISP) is the one retained for this paper [16] . As represented in Figure 4 , the security model is organized in cubical form with three planes defined as shown in Figure 4 .

The first plan exhibits aspects of Infrastructure as a Service (IaaS), involving the cloud computing user and the Cloud Service Provider (CSP) as typical stakeholders. They typically collaborate to uphold the security and confidentiality of the infrastructure model.

The agents involved in a system are:

The critical component of an IaaS cloud architecture is the cloud OS, which manages the physical and virtual structures and controls the supply of virtual resources in line with the needs of the user goods and services [17] . However, the OS cannot be taken in the context of a cloud system without the VM.

The Virtual Machine Agent (VMA) provides virtualized computing resources on-demand. It’s in charge of running applications and services, allocating and managing scalability and flexibility in resources allocation, and ensuring isolation and security of a virtualized environment.

The Computer Agents (CA) executes computational tasks and processing data. The computer agent interacts with other agents in the cloud system. Since it hosts applications and launches tasks, it can be the attack source.

The Mobiles Phones Agent (MPA) accesses cloud-based applications and data remotely, ensuring the security and privacy of data transmitted to and from the cloud.

Although IaaS security is an ongoing process, its implementation must correspond to the architecture and security policy. However, the security model retains as much as generic to be implemented in different environments.

The IDS Agent (IDSA) analysis workflow follows those specifications:

Each agent $A_i$ is represented by a state vector $x_i$ where $i\in 1,\cdots \mathrm{,}N$ and t represent the time. The dynamics of resources allocations of $V{M}_i$ are based on its own resource demand and the resource demands of other agents (VM, CA and PA). The VMi is therefore formulated as:

${\stackrel{\dot{}}{x}}_i\left(t\right)=\frac{1}{m_i}{\displaystyle {\sum }_{j\ne i}{\alpha }_{ij}\left(x_i\left(t\right)-x_j\left(t\right)\right)}$ (1)

where

Let’s denote ${\mu }_i\left(t\right)$, the impact of malware on $V{M}_i$ at time t. The dynamic equation of $V{M}_i$ can therefore be expressed as

${\stackrel{\dot{}}{x}}_i\left(t\right)=\frac{1}{m_i}{\displaystyle {\sum }_{j\ne i}{\alpha }_{ij}\left(x_i\left(t\right)-x_j\left(t\right)\right)}+{\mu }_i\left(t\right)$ (2)

Since the malware considered will be used in many scenarios, it’s formulated as:

${\mu }_i\left(t\right)={\beta }_i\cdot {\delta }_i\left(t\right)$ (3)

where:

${\delta }_i\left(t\right)=\{\begin{array}{ll}+\infty \hfill & t=0\left(\text{infected}\right)\mathrm{,}\hfill \\ 0\hfill & t\ne t_0\left(\text{not}\text{infected}\right)\hfill \end{array}$ (4)

Therefore ${\delta }_i\left(t\right)={\delta }_i\left(t-t_0\right)$. Incorporating this into the dynamic equations for $V{M}_i$, we get

${\stackrel{\dot{}}{x}}_i\left(t\right)=\frac{1}{m_i}{\displaystyle {\sum }_{j\ne i}{\alpha }_{ij}\left(x_i\left(t\right)-x_j\left(t\right)\right)}+{\beta }_i{\delta }_i\left(t-t_0\right)$ (5)

${\stackrel{\dot{}}{y}}_i\left(t\right)=\frac{1}{m_i}{\displaystyle {\sum }_{j\ne i}{\gamma }_{ij}\left(y_i\left(t\right)-x_j\left(t\right)\right)}+{\beta }_i{\delta }_i\left(t-t_0\right)$ (6)

where

The mathematical of malware propagation is formulated as the one in [18] [19] :

$N=S_1\left(t\right)+S_f\left(t\right)+S_i\left(t\right)+C_a\left(t\right)$ (7)

where $S_f$ are susceptible devices undergoing concurrent attacks but not yet infected (victim of attack Type 2), and $S_1$ are vulnerable devices attacked for the first time (victim of attack Type 1); $S_i$ are vulnerable devices undergoing simultaneous attacks, one of which has already been successful (attack type 3 victim); and $C_a\left[T\right]$ are devices that have already contracted an infection and are further attacking the network (attack type 4 victim). Additionally, $C_a\left[T\right]$ stands for any device whose state—such as permanently immune devices or malware-inaccessible devices—cannot alter following a malware assault.