云虚拟机异常检测场景下改进的LOF算法

针对云服务中由于资源超额预定造成负载不均衡的云虚拟机异常,提出了一种基于密度空间的局部离群因子（Local Outlier Factor Based on Density Space,LOFBDS）算法。LOFBDS算法参考DBSCAN（Density-Based Spatial Clustering of Applications with Noise）算法,将云虚拟机在密度空间中的性质融合至LOF算法之中,提出对云虚拟机的判断规则,以达到优化对正常云虚拟机的检测过程,提高检测效率。实验结果表明,所提出的算法对云服务负载不均造成的云虚拟机异常有着良好的检测效率,并且时间花费较少。     

基于图上随机游走的离群点检测算法

离群点检测算法在网络入侵检测、医疗辅助诊断等领域具有十分广泛的应用。针对LDOF、CBOF及LOF算法在大规模数据集和高维数据集的检测过程中存在的执行时间长及检测率较低的问题,提出了基于图上随机游走(BGRW)的离群点检测算法。首先初始化迭代次数、阻尼因子以及数据集中每个对象的离群值;其次根据对象之间的欧氏距离推导出漫步者在各对象之间的转移概率;然后通过迭代计算得到数据集中每个对象的离群值;最后将数据集中离群值最高的对象判定为离群点并输出。在UCI真实数据集与复杂分布的合成数据集上进行实验,将BGRW算法与LDOF、CBOF和LOF算法在执行时间、检测率和误报率指标上进行对比。实验结果表明,BGRW算法能够有效降低执行时间并在检测率及误报率指标上优于对比算法。     

一种云环境下的高效异常检测策略研究

针对虚拟机进行异常检测是提高云计算系统可靠性的重要手段之一。然而,云环境中虚拟机的性能指标数据具有维度高、信息冗余等特点,会降低检测效率和准确度。同时,传统异常检测方法难以定量刻画系统的异常状态,而局部异常因子(Local Outlier Factor,LOF)算法虽可量化其异常程度,但它以相同权重计算不同维度变量对系统状态的影响,导致算法对异常的区分能力减弱。针对以上问题,提出一种高效的异常检测策略。该策略以最大相关最小冗余算法和主成分分析法对性能指标进行筛选降维,提高了异常检测的效率;为LOF算法中不同维度的变量赋予不同权重,强化了不同指标对异常的区分度。实验表明,该策略相对于传统异常检测方法,效率和检测率都有显著提高。     

加权LOF结合上下文判断的云环境中服务运行数据异常检测方法

云环境中服务运行数据是服务运行状态的反映，如果服务运行数据出现异常将会影响相关软件的运行和用户的使用。传统的软件异常检测方法通常忽略软件运行数据各维度属性提供的信息量及软件运行时的上下文环境，从而影响异常检测的准确率。因此，提出一种加权LOF结合上下文判断的云环境中服务运行数据异常检测方法，首先使用信息熵法给服务运行数据的各维度属性赋权，使用改进的加权LOF算法对服务运行数据进行初次异常判断；然后综合考虑服务运行时的上下文信息，对服务运行数据进行二次异常判断后得到相应结果。实验表明，此方法能够有效检测出云环境中的服务运行数据异常。     

A machine learning based intrusion detection scheme for data fusion in mobile clouds involving heterogeneous client networks

The combination of traditional cloud computing and mobile computing leads to the novel paradigm of mobile cloud computing. Due to the mobility of network nodes in mobile cloud computing, security has been a challenging problem of paramount importance. When a mobile cloud involves heterogeneous client networks, such as Wireless Sensor Networks and Vehicular Networks, the security problem becomes more challenging because the client networks often have different security requirements in terms of computational complexity, power consumption, and security levels. To securely collect and fuse the data from heterogeneous client networks in complex systems of this kind, novel security schemes need to be devised. Intrusion detection is one of the key security functions in mobile clouds involving heterogeneous client networks. A variety of different rule-based intrusion detection methods could be employed in this type of systems. However, the existing intrusion detection schemes lead to high computation complexity or require frequent rule updates, which seriously harms their effectiveness. In this paper, we propose a machine learning based intrusion detection scheme for mobile clouds involving heterogeneous client networks. The proposed scheme does not require rule updates and its complexity can be customized to suit the requirements of the client networks. Technically, the proposed scheme includes two steps: multi-layer traffic screening and decision-based Virtual Machine (VM) selection. Our experimental results indicate that the proposed scheme is highly effective in terms of intrusion detection.     

DFA-VMP: An efficient and secure virtual machine placement strategy under cloud environment

The problem of Virtual Machine (VM) placement is critical to the security and efficiency of the cloud infrastructure. Nowadays most research focuses on the influences caused by the deployed VM on the data center load, energy consumption, resource loss, etc. Few works consider the security and privacy issues of the tenant data on the VM. For instance, as the application of virtualization technology, the VM from different tenants may be placed on one physical host. Hence, attackers may steal secrets from other tenants by using the side-channel attack based on the shared physical resources, which will threat the data security of the tenants in the cloud computing. To address the above issues, this paper proposes an efficient and secure VM placement strategy. Firstly, we define the related security and efficiency indices in the cloud computing system. Then, we establish a multi-objective constraint optimization model for the VM placement considering the security and performance of the system, and find resolution towards this model based on the discrete firefly algorithm. The experimental results in OpenStack cloud platform indicates that the above strategy can effectively reduce the possibility of malicious tenants and targeted tenants on the same physical node, and reduce energy consumption and resource loss at the data center.     

Chunk mode VM migration in XIA and triple-way pipeline for performance optimization

Traditional TCP/IP network is showing lots of shortages and research for future networks is becoming a hotspot. FIA (Future Internet Architecture) and FIA-NP (Next Phase) are supported by US NSF for future Internet designing. Moreover, virtual machine migration is a significant technique in cloud computing. As a network application, it should also be supported in XIA (eXpressive Internet Architecture), which is in both FIA and FIA-NP projects. Current research just achieved to conduct VM migration in XIA, but the performance is not satisfactory. In this paper, we firstly present three methods including DAG design and routing table modification to maintain VM’s connectivity and communication states, concerning performance and overhead. VM migration experiments are conducted intra-AD, inter-AD and across IP network with KVM instances. The procedure is achieved by a migration control protocol which is suitable for the characters of XIA. Secondly, we propose a triple-way pipeline to improve the performance of chunk mode data transfer and greatly reduce total migration time and downtime. Evaluation results show that our solutions can well supports full live VM migration over XIA network respectively, keeping services seamless and performance improved. Furthermore, the optimization scheme can greatly improve the speed of VM migration, especially on XIA testbed.     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

一种基于虚拟机的安全监测方法

随着虚拟化广泛应用于如云计算等各种领域,渐渐成为各种恶意攻击的目标.虚拟机的运行时安全是重中之重.针对此问题,提出一种适用于虚拟化环境下的监测方法,并且在Xen中实现虚拟机的一个安全监测原型系统.通过这个系统,特权虚拟机可以对同一台物理机器上的大量客户虚拟机进行动态、可定制的监控.特别地,本系统对于潜伏在操作系统内核中的rootkit的检测十分有效.这种安全监测方法能有效提高客户虚拟机以及整个虚拟机系统的安全性.     

基于密度的离群点挖掘在入侵检测中的应用

给出一种基于密度的局部离群点挖掘方法。采用KDD99数据集进行实验,对数据集中的41个属性提取特征,利用基于密度的聚类对统计处理过的数据集实行剪枝操作,剪除数据集中大部分密集的数据对象,保留未被剪除的候选离群对象集。采用局部离群挖掘方法计算离群候选对象的离群因子,检测出异常攻击。实验结果表明,该方法能保证较高的检测率和较低的误报率。     

云工作流中基于多任务时序卷积网络的异常检测方法

云计算数据中心在日常部署和运行过程中产生的大量日志可以帮助系统运维人员进行异常分析。路径异常和时延异常是云工作流中常见的异常。针对传统的异常检测方法分别对两种异常检测任务训练相应的学习模型,而忽略了两种异常检测任务之间的关联性,导致异常检测准确率下降的问题,提出了一种基于多任务时序卷积网络的日志异常检测方法。首先,基于日志流的事件模板,生成事件序列和时间序列;然后,训练基于多任务时序卷积网络的深度学习模型,该模型通过共享时序卷积网络中的浅层部分来从系统正常执行的流程中并行地学习事件和时间特征;最后,对云计算工作流中的异常进行分析,并设计了相关异常检测逻辑。在OpenStack数据集上的实验结果表明,与日志异常检测的领先算法DeepLog和基于主成分分析（PCA）的方法比较,所提方法的异常检测准确率至少提升了7.7个百分点。     

A secure cloud-assisted urban data sharing framework for ubiquitous-cities

With the accelerated process of urbanization, more and more people tend to live in cities. In order to deal with the big data that are generated by citizens and public city departments, new information and communication technologies are utilized to process the urban data, which makes it more easier to manage. Cloud computing is a novel computation technology. After cloud computing was commercialized, there have been lot of cloud-based applications. Since the cloud service is provided by the third party, the cloud is semi-trusted. Due to the features of cloud computing, there are many security issues in cloud computing. Attribute-based encryption (ABE) is a promising cryptography technique which can be used in the cloud to solve many security issues. In this paper, we propose a framework for urban data sharing by exploiting the attribute-based cryptography. In order to fit the real world ubiquitous-cities utilization, we extend our scheme to support dynamic operations. In particular, from the part of performance analysis, it can be concluded that our scheme is secure and can resist possible attacks. Moreover, experimental results and comparisons show that our scheme is more efficient in terms of computation.     

基于数据场的改进LOF算法

LOF（Local Outlier Factor）是一种经典基于密度的局部离群点检测算法，为提高算法的精确度，以便更精准挖掘出局部离群点，在LOF算法的基础上，提出了一种基于数据场的改进LOF离群点检测算法。通过对数据集每一维的属性值应用数据场理论，计算势值，进而引入平均势差的概念，针对每一维度中大于平均势差的任意两点在计算距离时加入一个权值，从而提高离群点检测的精确度，实验结果表明该算法是可行的，并且拥有更高的精确度。     

Software consolidation as an efficient energy and cost saving solution

Virtual machines (VM) are used in cloud computing environments to isolate different software. They also support live migration, and thus dynamic VM consolidation. This possibility can be used to reduce power consumption in the cloud. However, consolidation in cloud environments is limited due to reliance on VMs, mainly due to their memory overhead. For instance, over a 4-month period in a real cloud located in Grenoble (France), we observed that 805 VMs used less than 12% of the CPU (of the active physical machines). This paper presents a solution introducing dynamic software consolidation. Software consolidation makes it possible to dynamically collocate several software applications on the same VM to reduce the number of VMs used. This approach can be combined with VM consolidation which collocates multiple VMs on a reduced number of physical machines. Software consolidation can be used in a private cloud to reduce power consumption, or by a client of a public cloud to reduce the number of VMs used, thus reducing costs. The solution was tested with a cloud hosting JMS messaging and Internet servers. The evaluations were performed using both the SPECjms2007 benchmark and an enterprise LAMP benchmark on both a VMware private cloud and Amazon EC2 public cloud. The results show that our approach can reduce the energy consumed in our private cloud by about 40% and the charge for VMs on Amazon EC2 by about 40.5%.     

基于局部密度的快速离群点检测算法

已有的密度离群点检测算法LOF不能适应数据分布异常情况离群点检测,INFLO算法虽引入反向k近邻点集有效地解决了数据分布异常情况的离群点检测问题,但存在需要对所有数据点不加区分地分析其k近邻和反向k近邻点集导致的效率降低问题。针对该问题,提出局部密度离群点检测算法--LDBO,引入强k近邻点和弱k近邻点概念,通过分析邻近数据点的离群相关性,对数据点区别对待;并提出数据点离群性预判断策略,尽可能避免不必要的反向k近邻分析,有效提高数据分布异常情况离群点检测算法的效率。理论分析和实验结果表明,LDBO算法效率优于INFLO,算法是有效可行的。     

云环境面向虚拟域的安全状态一致性保障机制研究

由于云环境虚拟化特性及高动态性（回滚、迁移等操作）给虚拟域带来了时间、空间状态不一致,从而造成了严重的安全威胁。针对该问题,提出了云环境虚拟域安全基础架构、时间安全状态一致性机制、空间安全状态一致性机制,有效地保障了云虚拟域安全状态的一致性,有助于提高公共服务效率和信息安全可控性。     

Detecting anomalies from high-dimensional wireless network data streams: a case study

In this paper, we study the problem of anomaly detection in wireless network streams. We have developed a new technique, called Stream Projected Outlier deTector (SPOT), to deal with the problem of anomaly detection from multi-dimensional or high-dimensional data streams. We conduct a detailed case study of SPOT in this paper by deploying it for anomaly detection from a real-life wireless network data stream. Since this wireless network data stream is unlabeled, a validating method is thus proposed to generate the ground-truth results in this case study for performance evaluation. Extensive experiments are conducted and the results demonstrate that SPOT is effective in detecting anomalies from wireless network data streams and outperforms existing anomaly detection methods.     

基于iForest和LOF的流量异常检测

异常检测在现代大规模分布式系统的安全管理中起着重要作用,而网络流量异常检测则是组成异常检测系统的重要工具。网络流量异常检测的目的是找到和大多数流量数据不同的流量,并将这些离群点视为异常。由于现有的基于树分离的孤立森林(iForest)检测方法存在不能检测出局部异常的缺陷,为了克服这个缺陷,提出一种基于iForest和局部离群因子(LOF)近邻集成的无监督的流量异常检测方法。首先,改进原始的iForest与LOF算法,在提升检测精度的同时控制算法时间;然后分别使用两种改进算法进行检测,并将结果进行融合以得到最终的检测结果;最后在自制数据集上对所提方法进行有效性验证。实验结果表明,所提方法能够有效地隔离出异常,获得良好的流量异常检测效果。     

An efficient job management of computing service using integrated idle VM resources for high-performance computing based on OpenStack

In recent years, various studies on OpenStack-based high-performance computing have been conducted. OpenStack combines off-the-shelf physical computing devices and creates a resource pool of logical computing. The configuration of the logical computing resource pool provides computing infrastructure according to the user’s request and can be applied to the infrastructure as a service (laaS), which is a cloud computing service model. The OpenStack-based cloud computing can provide various computing services for users using a virtual machine (VM). However, intensive computing service requests from a large number of users during large-scale computing jobs may delay the job execution. Moreover, idle VM resources may occur and computing resources are wasted if users do not employ the cloud computing resources. To resolve the computing job delay and waste of computing resources, a variety of studies are required including computing task allocation, job scheduling, utilization of idle VM resource, and improvements in overall job’s execution speed according to the increase in computing service requests. Thus, this paper proposes an efficient job management of computing service (EJM-CS) by which idle VM resources are utilized in OpenStack and user’s computing services are processed in a distributed manner. EJM-CS logically integrates idle VM resources, which have different performances, for computing services. EJM-CS improves resource wastes by utilizing idle VM resources. EJM-CS takes multiple computing services rather than single computing service into consideration. EJM-CS determines the job execution order considering workloads and waiting time according to job priority of computing service requester and computing service type, thereby providing improved performance of overall job execution when computing service requests increase.

     

虚拟机动态迁移中的安全分析

网络计算与"云计算"兴起过程中,其基础技术虚拟化技术发展迅速。计算机虚拟化的动态迁移,是重要的虚拟化应用功能。基础的动态迁移协议较简单,存在安全可信的隐患。在Xen虚拟化的平台下,测试了现有虚拟化动态迁移组件的使用对动态迁移本身的性能影响,提供了基于网络嗅探及地址解析协议(address resolution protocol,ARP)欺骗技术的攻击方案,验证了其安全防护能力的不足,提出了解决方案。