Abstract
To satisfy security concerns including infrastructure as a service (IaaS) security framework, security service access, network anomaly detection, and virtual machine (VM) monitoring, a layered security framework is built which composes of a physical layer, a virtualization layer, and a security management layer. Then, two security service access methods are realized for various security tools from the perspective of whether security tools generate communication traffic. One without generating traffic employs the VM traffic redirection technology and the other leveraged the mechanism of multitasking process access. Moreover, a stacked LSTM-based network anomaly detection agentless method is proposed, which has advantages of a higher ratio of precision and recall. Finally, a Hypervisor-based agentless monitoring method for VMs based on dynamic code injection is proposed, which has benefits of high security of the external monitoring method and good context analysis of the internal monitoring mechanism. The experimental results demonstrate the effectiveness of the proposed protection framework and the corresponding security mechanisms, respectively.
Highlights
To satisfy partial security requirements including security framework, security service access, network anomaly detection, and monitoring for virtual machine (VM) in infrastructure as a service (IaaS) environment [1, 2], various designs have been proposed.Primarily, a comprehensive security framework for the IaaS platform needs to be considered
ENISA issues a security framework for the government cloud [5], which abstracts the role elements and gives a cloud security framework based on the PDCA (Plan, Do, Check, Act) lifecycle
Varadharajan and Tupakula [6] analyse different threats from tenant administrators, tenants, cloud provider administrators, and the Internet based on Eucalyptus IaaS platform and builds a security service model by adding security components at different component levels
Summary
To satisfy partial security requirements including security framework, security service access, network anomaly detection, and monitoring for VMs in IaaS environment [1, 2], various designs have been proposed. E proposed mechanism had benefits of high security of the external monitoring method that could not be destroyed by malicious code running inside the VM and had the virtues of good context analysis for the state of the VM, low resource overhead, and rapid response. More complete technical discussions about the framework and concrete technologies (e.g., Encryption, VPN, VM escape detection, data backup, and Software update) will be discussed in future work
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
