CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances

Hdl Handle:
http://hdl.handle.net/10545/620878
Title:
CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances
Authors:
Li, Bo; Li, Jianxin; Liu, Lu ( 0000-0003-1013-4507 )
Abstract:
The networked intrusion detection system virtual appliance (NIDS-VA), also known as virtualized NIDS, plays an important role in the protection and safeguard of IaaS cloud environments. However, it is nontrivial to guarantee both of the performance of NIDS-VA and the resource efficiency of cloud applications because both are sharing computing resources in the same cloud environment. To overcome this challenge and trade-off, we propose a novel system, named CloudMon, which enables dynamic resource provision and live placement for NIDS-VAs in IaaS cloud environments. CloudMon provides two techniques to maintain high resource efficiency of IaaS cloud environments without degrading the performance of NIDS-VAs and other virtual machines (VMs). The first technique is a virtual machine monitor based resource provision mechanism, which can minimize the resource usage of a NIDS-VA with given performance guarantee. It uses a fuzzy model to characterize the complex relationship between performance and resource demands of a NIDS-VA and develops an online fuzzy controller to adaptively control the resource allocation for NIDS-VAs under varying network traffic. The second one is a global resource scheduling approach for optimizing the resource efficiency of the entire cloud environments. It leverages VM migration to dynamically place NIDS-VAs and VMs. An online VM mapping algorithm is designed to maximize the resource utilization of the entire cloud environment. Our virtual machine monitor based resource provision mechanism has been evaluated by conducting comprehensive experiments based on Xen hypervisor and Snort NIDS in a real cloud environment. The results show that the proposed mechanism can allocate resources for a NIDS-VA on demand while still satisfying its performance requirements. We also verify the effectiveness of our global resource scheduling approach by comparing it with two classic vector packing algorithms, and the results show that our approach improved the resource utilization of cloud environments and reduced the number of in-use NIDS-VAs and physical hosts.
Affiliation:
University of Derby
Citation:
Bo, L. et al. (2015) 'CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances', Concurrency and Computation: Practice and Experience, 27 (8):1861
Publisher:
Wiley
Journal:
Concurrency and Computation: Practice and Experience
Issue Date:
10-Jun-2015
URI:
http://hdl.handle.net/10545/620878
DOI:
10.1002/cpe.3166
Additional Links:
http://doi.wiley.com/10.1002/cpe.3166
Type:
Article
Language:
en
ISSN:
15320626
Sponsors:
The authors gratefully acknowledge the anonymous reviewers for their helpful suggestions and insightful comments to improve the quality of the paper. The work reported in this paper has been partially supported by National Nature Science Foundation of China (No. 61202424, 61272165, 91118008), China 863 program (No. 2011AA01A202), Natural Science Foundation of Jiangsu Province of China (BK20130528) and China 973 Fundamental R&D Program (2011CB302600).
Appears in Collections:
Department of Electronics, Computing & Maths

Full metadata record

DC FieldValue Language
dc.contributor.authorLi, Boen
dc.contributor.authorLi, Jianxinen
dc.contributor.authorLiu, Luen
dc.date.accessioned2016-11-16T18:26:03Z-
dc.date.available2016-11-16T18:26:03Z-
dc.date.issued2015-06-10-
dc.identifier.citationBo, L. et al. (2015) 'CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances', Concurrency and Computation: Practice and Experience, 27 (8):1861en
dc.identifier.issn15320626-
dc.identifier.doi10.1002/cpe.3166-
dc.identifier.urihttp://hdl.handle.net/10545/620878-
dc.description.abstractThe networked intrusion detection system virtual appliance (NIDS-VA), also known as virtualized NIDS, plays an important role in the protection and safeguard of IaaS cloud environments. However, it is nontrivial to guarantee both of the performance of NIDS-VA and the resource efficiency of cloud applications because both are sharing computing resources in the same cloud environment. To overcome this challenge and trade-off, we propose a novel system, named CloudMon, which enables dynamic resource provision and live placement for NIDS-VAs in IaaS cloud environments. CloudMon provides two techniques to maintain high resource efficiency of IaaS cloud environments without degrading the performance of NIDS-VAs and other virtual machines (VMs). The first technique is a virtual machine monitor based resource provision mechanism, which can minimize the resource usage of a NIDS-VA with given performance guarantee. It uses a fuzzy model to characterize the complex relationship between performance and resource demands of a NIDS-VA and develops an online fuzzy controller to adaptively control the resource allocation for NIDS-VAs under varying network traffic. The second one is a global resource scheduling approach for optimizing the resource efficiency of the entire cloud environments. It leverages VM migration to dynamically place NIDS-VAs and VMs. An online VM mapping algorithm is designed to maximize the resource utilization of the entire cloud environment. Our virtual machine monitor based resource provision mechanism has been evaluated by conducting comprehensive experiments based on Xen hypervisor and Snort NIDS in a real cloud environment. The results show that the proposed mechanism can allocate resources for a NIDS-VA on demand while still satisfying its performance requirements. We also verify the effectiveness of our global resource scheduling approach by comparing it with two classic vector packing algorithms, and the results show that our approach improved the resource utilization of cloud environments and reduced the number of in-use NIDS-VAs and physical hosts.en
dc.description.sponsorshipThe authors gratefully acknowledge the anonymous reviewers for their helpful suggestions and insightful comments to improve the quality of the paper. The work reported in this paper has been partially supported by National Nature Science Foundation of China (No. 61202424, 61272165, 91118008), China 863 program (No. 2011AA01A202), Natural Science Foundation of Jiangsu Province of China (BK20130528) and China 973 Fundamental R&D Program (2011CB302600).en
dc.language.isoenen
dc.publisherWileyen
dc.relation.urlhttp://doi.wiley.com/10.1002/cpe.3166en
dc.rightsArchived with thanks to Concurrency and Computation: Practice and Experienceen
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/en
dc.subjectCloud environmentsen
dc.subjectNIDS virtual applianceen
dc.subjectFuzzy controlen
dc.subjectResource managementen
dc.subjectDynamic provisionen
dc.titleCloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliancesen
dc.typeArticleen
dc.contributor.departmentUniversity of Derbyen
dc.identifier.journalConcurrency and Computation: Practice and Experienceen
dc.contributor.institutionState Key Laboratory of Software Development Environment; Beihang University; Beijing China-
dc.contributor.institutionState Key Laboratory of Software Development Environment; Beihang University; Beijing China-
dc.contributor.institutionSchool of Computing and Mathematics; University of Derby; Derby UK-
This item is licensed under a Creative Commons License
Creative Commons
All Items in UDORA are protected by copyright, with all rights reserved, unless otherwise indicated.