Linux Virtual Machine Research Articles

Leveraging Digital Twins and Intrusion Detection Systems for Enhanced Security in IoT-Based Smart City Infrastructures

In this research, we investigate the integration of an Intrusion Detection System (IDS) with a Digital Twin (DT) to enhance the cybersecurity of physical devices in cyber–physical systems. Using Eclipse Ditto as the DT platform and Snort as the IDS, we developed a near-realistic test environment that included a Raspberry Pi as the physical device and a Kali Linux virtual machine to perform common cyberattacks such as Hping3 flood attacks and NMAP reconnaissance scans. The results demonstrated that the IDS effectively detected Hping3-based flood attacks but showed limitations in identifying NMAP scans, suggesting areas for IDS configuration improvements. Furthermore, the study uncovered significant system resource impacts, including high Central Processing Unit (CPU) usage during SYN and ACK flood attacks and persistent memory usage after Network Mapper (NMAP) scans, highlighting the need for enhanced recovery mechanisms. This research presents a novel approach by coupling a Digital Twin with an IDS, enabling real-time monitoring and providing a dual perspective on both system performance and security. The integration offers a holistic method for identifying vulnerabilities and understanding resource impacts during cyberattacks. The work contributes new insights into the use of Digital Twins for cybersecurity and paves the way for further research into automated defense mechanisms, real-world validation of the proposed model, and the incorporation of additional attack scenarios. The results suggest that this combined approach holds significant promise for enhancing the security and resilience of IoT devices and other cyber–physical systems.

Pharokka: a fast scalable bacteriophage annotation tool.

In recent years, there has been an increasing interest in bacteriophages, which has led to growing numbers of bacteriophage genomic sequences becoming available. Consequently, there is a need for a rapid and consistent genomic annotation tool dedicated for bacteriophages. Existing tools either are not designed specifically for bacteriophages or are web- and email-based and require significant manual curation, which makes their integration into bioinformatic pipelines challenging. Pharokka was created to provide a tool that annotates bacteriophage genomes easily, rapidly and consistently with standards compliant outputs. Moreover, Pharokka requires only two lines of code to install and use and takes under 5 min to run for an average 50-kb bacteriophage genome. Pharokka is implemented in Python and is available as a bioconda package using 'conda install -c bioconda pharokka'. The source code is available on GitHub (https://github.com/gbouras13/pharokka). Pharokka has been tested on Linux-64 and MacOSX machines and on Windows using a Linux Virtual Machine.

Организация мониторинга сетевых вторжений на основе свободно распространяемого программного обеспечения

This paper presents the results of preparing a virtual bench for modeling and detecting network attacks using a freely distributed intrusion detection system (IDS). The relevance of the work is related to the growing demand for IDS as sources of information security events for security information and event management (SIEM) systems. A comparative analysis of the most popular freely distributed open-source network IDSs was carried out and the choice of the Zeek system for its use in the project was substantiated. The work uses Zeek network logs, which contain important and structured information about the analyzed network traffic. The laboratory bench was built on the basis of a Linux virtual machine and a Mininet network simulator. A graphical representation of the developed virtual stand is proposed. An experimental study of the effectiveness of an intrusion detection system is demonstrated by simulating a network denial of service attack and further analyzing the received network traffic using IDS tools.

Breaking KASLR Using Memory Deduplication in Virtualized Environments

Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate that KASLR can still be broken, even with the latest OSs where KPTI is applied. In particular, we present a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines. The proposed attack leverages the memory deduplication feature on a hypervisor, which provides a timing channel for inferring secret information regarding the victim. By conducting experiments on KVM and VMware ESXi, we show that the proposed attack can obtain the kernel address within a short amount of time. We also present several countermeasures that can prevent such an attack.

Learning in a Crisis: Online Skill Building Workshop Addresses Immediate Pandemic Needs and Offers Possibilities for Future Trainings

Abstract The COVID-19 pandemic led to the suspension of many summer research opportunities for science, technology, engineering and mathematics students. In response, the Incorporated Research Institutions for Seismology Education and Outreach program, in collaboration with Miami University, offered a free online Seismology Skill Building Workshop to increase undergraduates’ knowledge, skills, self-efficacy, and interest in observational seismology and scientific computing. Registrations were received from 760 undergraduates representing 60 different countries. U.S. participants consisted of 59% women and 29% from populations traditionally underrepresented in the geosciences. The workshop design consisted of a tailored Linux virtual machine, regular webinars, a Slack workspace, tutorial-style active e-learning assignments, and an optional final project. Every other week for 12 weeks, a module with ∼6 assignments was released to build skills with Linux, Generic Mapping Tools, Seismic Analysis Code, webservices, seismic network processing, Python, ObsPy, and Jupyter notebooks. A final module focused on competitiveness for graduate school, summer internships, and professional jobs. Evaluation of the workshop relied on registration data, pre- and post-workshop surveys, and performance data from the learning management system. 440 participants completed at least one assignment, 224 completed at least 80% of the assignments, and 191 completed all 35 assignments, significantly higher than most comparable large-scale, open-access courses. Participants invested ∼6 hrs per week and averaged a score of 88% on assignments. We identified >60% normalized gain in scientific computing skills. There is evidence that the inclusive design of the workshop was able to attract and retain a diverse population. However, some additional investigation is needed to ensure that benefits were evenly experienced. Regardless of the degree of completion, participants perceived the workshop quite positively: on average 96% described it as high to very high quality, 83% satisfied to very satisfied with their experience, and 70% very likely to recommend to peers. We identify future directions for running a second iteration of the workshop, including strategies to continue broadening participation and improving retention.

IsomiR_Window: a system for analyzing small-RNA-seq data in an integrative and user-friendly manner

BackgroundIsomiRs are miRNA variants that vary in length and/or sequence when compared to their canonical forms. These variants display differences in length and/or sequence, including additions or deletions of one or more nucleotides (nts) at the 5′ and/or 3′ end, internal editings or untemplated 3′ end additions. Most available tools for small RNA-seq data analysis do not allow the identification of isomiRs and often require advanced knowledge of bioinformatics. To overcome this, we have developed IsomiR Window, a platform that supports the systematic identification, quantification and functional exploration of isomiR expression in small RNA-seq datasets, accessible to users with no computational skills.MethodsIsomiR Window enables the discovery of isomiRs and identification of all annotated non-coding RNAs in RNA-seq datasets from animals and plants. It comprises two main components: the IsomiR Window pipeline for data processing; and the IsomiR Window Browser interface. It integrates over ten third-party softwares for the analysis of small-RNA-seq data and holds a new algorithm that allows the detection of all possible types of isomiRs. These include 3′ and 5′end isomiRs, 3′ end tailings, isomiRs with single nucleotide polymorphisms (SNPs) or potential RNA editings, as well as all possible fuzzy combinations. IsomiR Window includes all required databases for analysis and annotation, and is freely distributed as a Linux virtual machine, including all required software.ResultsIsomiR Window processes several datasets in an automated manner, without restrictions of input file size. It generates high quality interactive figures and tables which can be exported into different formats. The performance of isomiR detection and quantification was assessed using simulated small-RNA-seq data. For correctly mapped reads, it identified different types of isomiRs with high confidence and 100% accuracy. The analysis of a small RNA-seq data from Basal Cell Carcinomas (BCCs) using isomiR Window confirmed that miR-183-5p is up-regulated in Nodular BCCs, but revealed that this effect was predominantly due to a novel 5′end variant. This variant displays a different seed region motif and 1756 isoform-exclusive mRNA targets that are significantly associated with disease pathways, underscoring the biological relevance of isomiR-focused analysis. IsomiR Window is available at https://isomir.fc.ul.pt/.

Automated Deployment Pipelines for Enterprise Software Using Ansible with Linux Virtual Machines

Automated Deployment Pipelines for Enterprise Software Using Ansible with Linux Virtual Machines

Design of technological strategy for Big Data with Hadoop software

The objective of this research project is the design and implementation of a technological strategy for the use of big data technologies as Apache Hadoop, as well as its supporting software projects that allows to prepare medium-sized companies in new innovative technologies. As part of the methodology, an analysis of the best big data practices, analysis of the software for design and configure big data in a linux server for the technological proposal. As a first result, a roadmap for the installation and configuration of Hadoop software running on a Linux virtual machine has been obtained, as well as the proposal of the technological strategy whose main components are: analysis of the technological architecture, selection of processes or data to be analyzed and installation of Hadoop, among others.

Keystroke biometrics in the encrypted domain: a first study on search suggestion functions of web search engines

A feature of search engines is prediction and suggestion to complete or extend input query phrases, i.e. search suggestion functions (SSF). Given the immediate temporal nature of this functionality, alongside the character submitted to trigger each suggestion, adequate data is provided to derive keystroke features. The potential of such biometric features to be used in identification and tracking poses risks to user privacy.For our initial experiment, we evaluate SSF traffic with different browsers and search engines on a Linux PC and an Android mobile phone. The keystroke network traffic is captured and decrypted using mitmproxy to verify if expected keystroke information is contained, which we call quality assurance (QA). In our second experiment, we present first results for identification of five subjects searching for up to three different phrases on both PC and phone using naive Bayesian and nearest neighbour classifiers. The third experiment investigates potential for identification and verification by an external observer based purely on the encrypted traffic, thus without QA, using the Euclidean distance. Here, ten subjects search for two phrases across several sessions on a Linux virtual machine, and statistical features are derived for classification. All three test cases show positive tendencies towards the feasibility of distinguishing users within a small group. The results yield lowest equal error rates of 5.11% for the single PC and 11.37% for the mobile device with QA and 23.61% for various PCs without QA. These first tendencies motivate further research in feature analysis of encrypted network traffic and prevention approaches to ensure protection and privacy.

Comparison of Linux virtual machines and containers for a service migration in 5G multi-access edge computing

Abstract Multi-access Edge Computing (MEC) has emerged as a novel and efficient technology to enable a new breed of time sensitive applications in the 5G era. By installing small computing infrastructures at the network edges, it solves the current centralized structure problem of the cloud infrastructure (i.e., high end-to-end communication latency between a user equipment and the cloud). As users move across different sites over time, continuous seamless service support to the users is also required. A service migration in 5G MEC is a promising approach for continuous seamless service support by migrating active services to a new MEC host near the current user location. In this paper, a comparison result for the service migration implemented either in a virtual machine or container is presented. The motivation behind this paper is to understand the fundamental performance differences between the virtual machine and container for the service migration in 5G MEC.

A high-performance virtual machine filesystem monitor in cloud-assisted cognitive IoT

Cloud-assisted Cognitive Internet of Things has powerful data analytics abilities based on the computing and data storage capabilities of cloud virtual machines, which makes protecting virtual machine filesystem very important for the whole system security. Agentless periodic filesystem monitors are optimal solutions to protect cloud virtual machines because of the secure and low-overhead features. However, most of the periodic monitors usually scan all of the virtual machine filesystem or protected files in every scanning poll, so lots of secure files are scanned again and again even though they are not corrupted. In this paper, we propose a novel agentless periodic filesystem monitor framework for virtual machines with different image formats to improve the performance of agentless periodic monitors. Our core idea is to minimize the scope of the scanning files in both file integrity checking and virus detection. In our monitor, if a file is considered secure, it will not be scanned when it has not been modified. Since our monitor only scans the newly created and modified files, it can check fewer files than other filesystem monitors. To that end, we propose two monitor methods for different types of virtual machine disks to reduce the number of scanning files. For virtual machine with single disk image, we hook the backend driver to capture the disk modification information. For virtual machine with multiple copy-on-write images, we leverage the copy-on-write feature of QCOW2 images to achieve the disk modification analysis. In addition, our system can restore and remove the corrupted files. The experimental results show that our system is effective for both Windows and Linux virtual machines with different image formats and can reduce the number of scanning files and scanning time.

The Minimum Relative Delay First Strategy for Multipath Transmission

The Stream Control Transmission Protocol (SCTP) [1] is a transport protocol which was proposed and standardized by the Internet Engineering Task Force (IETF). The Concurrent Multipath Transfer (CMT) that was evolved based on SCTP’s multi-homing feature had become a hot research issue. CMT utilizes all available paths inside the SCTP association to further improve end to end throughput and fault tolerance capacity during the data transmission. Since the typical scheduling algorithms define how to schedule multi-streaming and multi-homing fixedly, the CMT cannot meet the speific requirements of different applications which limits the felxibility of the transmission protocol. Firstly, this paper introduced four kinds of scheduling algorithms, then a Minimum Ralative Delay First (MRDF) strategy was proposed to compare the relative one way delay of different paths without clock synchronisation. The NS2 simulation platform operated in Linux virtual machine is adopted to compare the system performance.

CrocoBLAST: Running BLAST efficiently in the age of next-generation sequencing.

CrocoBLAST is a tool for dramatically speeding up BLAST+ execution on any computer. Alignments that would take days or weeks with NCBI BLAST+ can be run overnight with CrocoBLAST. Additionally, CrocoBLAST provides features critical for NGS data analysis, including: results identical to those of BLAST+; compatibility with any BLAST+ version; real-time information regarding calculation progress and remaining run time; access to partial alignment results; queueing, pausing, and resuming BLAST+ calculations without information loss. CrocoBLAST is freely available online, with ample documentation (webchem.ncbr.muni.cz/Platform/App/CrocoBLAST). No installation or user registration is required. CrocoBLAST is implemented in C, while the graphical user interface is implemented in Java. CrocoBLAST is supported under Linux and Windows, and can be run under Mac OS X in a Linux virtual machine. jkoca@ceitec.cz. Supplementary data are available at Bioinformatics online.

A Cyber Attack-Resilient Server Using Hybrid Virtualization

This paper describes a novel, cyber attack-resilient server using hybrid virtualization that can reduce the downtime of the server and enhance the diversity of operating systems by adding a Linux virtual machine. The hybrid virtualization consists of machine- and application-level virtualization. The prototype system virtualizes a machine using VMware ESXi, while the prototype system virtualizes a server application using Docker on a Linux virtual machine. Docker increases the speed at which a server application starts while requiring fewer resources such as memory and storage. Performance tests showed that the prototype system reduced the downtime of the DNS service by exploiting a vulnerability with no false positive detections compared with our previous work.

A Smart Manufacturing Use Case: Furnace Temperature Balancing in Steam Methane Reforming Process via Kepler Workflows

The industrial scale production of hydrogen gas through steam methane reforming (SMR) process requires an optimum furnace temperature distribution to not only maximize the hydrogen yield but also increase the longevity of the furnace infrastructure which usually operates around 1300 degree Kelvin (K). Kepler workflows are used in temperature homogenization, termed as balancing of this furnace through Reduced Order Model (ROM) based Matlab calculations using the dynamic temperature inputs from an array of infrared sensors. The outputs of the computation are used to regulate the flow rate of fuel gases which in turn optimizes the temperature distribution across the furnace. The input and output values are stored in a data Historian which is a database for real-time data and events. Computations are carried out on an OpenStack based cloud environment running Windows and Linux virtual machines. Additionally, ab initio computational fluid dynamics (CFD) calculation using Ansys Fluent software is performed to update the ROM periodically. ROM calculations complete in few minutes whereas CFD calculations usually take a few hours to complete. The Workflow uses an appropriate combination of the ROM and CFD models. The ROM only workflow currently runs every 30minutes to process the real-time data from the furnace, while the ROM CFD workflow runs on demand. ROM only workflow can also be triggered by an operator of the furnace on demand.

The Berkeley Phonetics Machine

Author(s): Sprouse, Ronald L.; Johnson, Keith | Abstract: The Berkeley Phonetics Machine is a Linux virtual machine imageproduced and used by the UC Berkeley Phonology Lab asa platform for phonetic research. It contains a full data analysisstack based on Python and R and also specialized tools for phoneticresearch. The machine is designed as a flexible and productiveplatform for established and novel research agendas thatcan be easily shared and reproduced. We list the software availablein the machine, which includes many command-line toolsfor acoustic analysis and media file manipulation, as well asspecialized Python libraries. We also discuss the use of this machinein the Phonology Lab and in phonetics courses. The overallexperience with the machine has been positive, as facultyand graduate students are able to share and execute scripts ina common working environment. Undergraduate students haveless opportunity to master the virtual machine environment butbenefit from simplified instructions and fewer installation andoperating problems. The primary difficulty that we have encounteredhas been with a few underpowered student computersthat cannot run the virutual machine or do not run it well.

A platform for big data analytics on distributed scale-out storage system

Big data analytics is the process of examining large amounts of data of a variety of types to uncover hidden patterns, unknown correlations and other useful information. Hadoop-based platform emerges to deal with big data. In Hadoop NameNode is used to store metadata in a single system's memory, which is a performance bottleneck for scale-out. Gluster file system has no performance bottlenecks related to metadata. To achieve massive performance, scalability and fault tolerance for big data analytics, a big data platform is proposed. The proposed big data platform consists of big data storage and big data processing. The Hadoop big data platform and the proposed big data platform are implemented on commodity Linux virtual machines clusters and performance evaluations are conducted. According to the evaluation analysis, the proposed big data platform provides better scalability, fault tolerance, and faster query response time than the Hadoop platform.

Performance analysis of the Microsoft Kinect sensor for 2D Simultaneous Localization and Mapping (SLAM) techniques.

This paper presents a performance analysis of two open-source, laser scanner-based Simultaneous Localization and Mapping (SLAM) techniques (i.e., Gmapping and Hector SLAM) using a Microsoft Kinect to replace the laser sensor. Furthermore, the paper proposes a new system integration approach whereby a Linux virtual machine is used to run the open source SLAM algorithms. The experiments were conducted in two different environments; a small room with no features and a typical office corridor with desks and chairs. Using the data logged from real-time experiments, each SLAM technique was simulated and tested with different parameter settings. The results show that the system is able to achieve real time SLAM operation. The system implementation offers a simple and reliable way to compare the performance of Windows-based SLAM algorithm with the algorithms typically implemented in a Robot Operating System (ROS). The results also indicate that certain modifications to the default laser scanner-based parameters are able to improve the map accuracy. However, the limited field of view and range of Kinect's depth sensor often causes the map to be inaccurate, especially in featureless areas, therefore the Kinect sensor is not a direct replacement for a laser scanner, but rather offers a feasible alternative for 2D SLAM tasks.

Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications: Securing Data Stored on the Third Party Servers while Processing through Applications

Confidentiality in third party services like cloud computing has become a major concern. IT industry and government organizations are very serious about security factor in cloud computing, because its usage has reached all the way from a common man having a mobile phone to large scale business enterprises. In this paper, we present security threats in social and business applications accessing the data stored in cloud computing scenario. Also, we critically discuss homomorphic encryption and CryptDB schemes which are applicable to protect data from malicious third party service environments (cloud computing) and also from insiders for these applications. We also present empirical results of partial homomorpic encryption algorithms over one lakh 10-digit numbers, using Linux virtual machine on VirtualBox, VMPlayer and KVM. The result for four algorithms (namely Paillier, ElGamal, RSA and Benaloh) as performed on the above four different platforms are computed to show their respective overhead values as compared to plain data operations. In case of Paillier Algorithm the overhead is 17, 15, 22 and 12 times for addition operation and 278, 399,518 and 346 times for multiplication operation respectively. Similarly, in case of Elgamal algorithm 1.72, 1.6, 11.7 and 8.9 times for multiplication operation; in case of RSA algorithm 1.79, 1.5, 3.48 and 1.5 times for multiplication operation and in case of Benaloh algorithm is 5.6, 5.36, 5.48 and 3.5 times for addition operation respectively. These performances clearly indicate that these algorithms are quite feasible enough to be used in context of social and business applications by third party service providers

Exploiting content centric networking to develop topic-based, publish–subscribe MANET systems

Mobile Ad-hoc NETworks (MANETs) connect mobile wireless devices without an underlying communication infrastructure. Communications occur in a multi-hop fashion, using mobile devices as routers. Several MANET distributed applications require to exchange data (GPS position, messages, pictures, etc.) by using a topic-based publish–subscribe interaction. Participants of these applications can publish information items on a given topic (identified by a name) and can subscribe to a topic to receive the related published information. An efficient dissemination of publish–subscribe data in MANET environments demands for robust systems, able to face radio resource scarcity, network partitioning, frequent topology changes. Many MANET publish–subscribe systems have been proposed so far in the literature assuming an underlying TCP/IP network.In this paper, we discuss the benefits of building a MANET publish–subscribe system exploiting Content Centric Networking (CCN) technology, rather than TCP/IP. We show how CCN functionality, such as in-network caching and multicasting can be used to achieve an efficient and reliable data dissemination in MANET environments, including the support of delay tolerant delivery. We present different design approaches, describe our topic-based publish–subscribe CCN system, and report the results of a performance evaluation study carried out with real software in an emulated environment. The emulation environment is based on Linux virtual machines. The performance evaluation required also a CCN MANET routing engine, which we developed as a plug-in of the OLSR Linux daemon.