Dependence on cloud services has been steadily increasing in recent years, as cloud services are an attractive option to offer flexibility and cost effectiveness through economies of scale. Cloud services are also exposed to security incidents, such as data breaches and other malicious activities. To mitigate risks to the confidentiality, integrity, and availability of assets, but also minimise loss to cloud service providers and users, the attack trust and risk elements need to be identified, classified, and prioritised. The aim of the proposed conceptual framework is to combine trust and risk assessment sources with data of risk assessment related to each attack pattern. This novel approach is a new qualitative solution to examine and determine symptoms, indicators, and vulnerabilities to detect the impact and likelihood of distributed attacks directed at cloud computing environments. The proposed framework might help to reduce false positive alarms and improve performance in Intrusion Detection Systems
