Extension of Research on Security as a Service for VMs in IaaS Platform
To satisfy security concerns including infrastructure as a service (IaaS) security framework, security service access, network anomaly detection, and virtual machine (VM) monitoring, a layered security framework is built which composes of a physical layer, a virtualization layer, and a security mana...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2020-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2020/8538519 |
| id |
doaj-822ad04f409440cca1c3d8cb3e623f26 |
|---|---|
| record_format |
Article |
| spelling |
doaj-822ad04f409440cca1c3d8cb3e623f262020-11-25T03:46:42ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/85385198538519Extension of Research on Security as a Service for VMs in IaaS PlatformXueyuan Yin0Xingshu Chen1Lin Chen2Hui Li3College of Computer Science, Sichuan University, Chengdu 610065, ChinaCybersecurity Research Institute, Sichuan University, Chengdu 610065, ChinaCollege of Computer Science, Sichuan University, Chengdu 610065, ChinaCollege of Computer Science, Sichuan University, Chengdu 610065, ChinaTo satisfy security concerns including infrastructure as a service (IaaS) security framework, security service access, network anomaly detection, and virtual machine (VM) monitoring, a layered security framework is built which composes of a physical layer, a virtualization layer, and a security management layer. Then, two security service access methods are realized for various security tools from the perspective of whether security tools generate communication traffic. One without generating traffic employs the VM traffic redirection technology and the other leveraged the mechanism of multitasking process access. Moreover, a stacked LSTM-based network anomaly detection agentless method is proposed, which has advantages of a higher ratio of precision and recall. Finally, a Hypervisor-based agentless monitoring method for VMs based on dynamic code injection is proposed, which has benefits of high security of the external monitoring method and good context analysis of the internal monitoring mechanism. The experimental results demonstrate the effectiveness of the proposed protection framework and the corresponding security mechanisms, respectively.http://dx.doi.org/10.1155/2020/8538519 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Xueyuan Yin Xingshu Chen Lin Chen Hui Li |
| spellingShingle |
Xueyuan Yin Xingshu Chen Lin Chen Hui Li Extension of Research on Security as a Service for VMs in IaaS Platform Security and Communication Networks |
| author_facet |
Xueyuan Yin Xingshu Chen Lin Chen Hui Li |
| author_sort |
Xueyuan Yin |
| title |
Extension of Research on Security as a Service for VMs in IaaS Platform |
| title_short |
Extension of Research on Security as a Service for VMs in IaaS Platform |
| title_full |
Extension of Research on Security as a Service for VMs in IaaS Platform |
| title_fullStr |
Extension of Research on Security as a Service for VMs in IaaS Platform |
| title_full_unstemmed |
Extension of Research on Security as a Service for VMs in IaaS Platform |
| title_sort |
extension of research on security as a service for vms in iaas platform |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2020-01-01 |
| description |
To satisfy security concerns including infrastructure as a service (IaaS) security framework, security service access, network anomaly detection, and virtual machine (VM) monitoring, a layered security framework is built which composes of a physical layer, a virtualization layer, and a security management layer. Then, two security service access methods are realized for various security tools from the perspective of whether security tools generate communication traffic. One without generating traffic employs the VM traffic redirection technology and the other leveraged the mechanism of multitasking process access. Moreover, a stacked LSTM-based network anomaly detection agentless method is proposed, which has advantages of a higher ratio of precision and recall. Finally, a Hypervisor-based agentless monitoring method for VMs based on dynamic code injection is proposed, which has benefits of high security of the external monitoring method and good context analysis of the internal monitoring mechanism. The experimental results demonstrate the effectiveness of the proposed protection framework and the corresponding security mechanisms, respectively. |
| url |
http://dx.doi.org/10.1155/2020/8538519 |
| work_keys_str_mv |
AT xueyuanyin extensionofresearchonsecurityasaserviceforvmsiniaasplatform AT xingshuchen extensionofresearchonsecurityasaserviceforvmsiniaasplatform AT linchen extensionofresearchonsecurityasaserviceforvmsiniaasplatform AT huili extensionofresearchonsecurityasaserviceforvmsiniaasplatform |
| _version_ |
1715119555616964608 |