CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances
Journal article
Authors | Li, Bo, Li, Jianxin and Liu, Lu |
---|---|
Abstract | The networked intrusion detection system virtual appliance (NIDS-VA), also known as virtualized NIDS, plays an important role in the protection and safeguard of IaaS cloud environments. However, it is nontrivial to guarantee both of the performance of NIDS-VA and the resource efficiency of cloud applications because both are sharing computing resources in the same cloud environment. To overcome this challenge and trade-off, we propose a novel system, named CloudMon, which enables dynamic resource provision and live placement for NIDS-VAs in IaaS cloud environments. CloudMon provides two techniques to maintain high resource efficiency of IaaS cloud environments without degrading the performance of NIDS-VAs and other virtual machines (VMs). The first technique is a virtual machine monitor based resource provision mechanism, which can minimize the resource usage of a NIDS-VA with given performance guarantee. It uses a fuzzy model to characterize the complex relationship between performance and resource demands of a NIDS-VA and develops an online fuzzy controller to adaptively control the resource allocation for NIDS-VAs under varying network traffic. The second one is a global resource scheduling approach for optimizing the resource efficiency of the entire cloud environments. It leverages VM migration to dynamically place NIDS-VAs and VMs. An online VM mapping algorithm is designed to maximize the resource utilization of the entire cloud environment. Our virtual machine monitor based resource provision mechanism has been evaluated by conducting comprehensive experiments based on Xen hypervisor and Snort NIDS in a real cloud environment. The results show that the proposed mechanism can allocate resources for a NIDS-VA on demand while still satisfying its performance requirements. We also verify the effectiveness of our global resource scheduling approach by comparing it with two classic vector packing algorithms, and the results show that our approach improved the resource utilization of cloud environments and reduced the number of in-use NIDS-VAs and physical hosts. |
Keywords | Cloud environments; NIDS virtual appliance; Fuzzy control; Resource management; Dynamic provision |
Year | 2015 |
Journal | Concurrency and Computation: Practice and Experience |
Publisher | Wiley |
ISSN | 15320626 |
Digital Object Identifier (DOI) | https://doi.org/10.1002/cpe.3166 |
Web address (URL) | http://hdl.handle.net/10545/620878 |
http://creativecommons.org/licenses/by-nc-nd/4.0/ | |
hdl:10545/620878 | |
Publication dates | 10 Jun 2015 |
Publication process dates | |
Deposited | 16 Nov 2016, 18:26 |
Rights | Archived with thanks to Concurrency and Computation: Practice and Experience |
Contributors | University of Derby, State Key Laboratory of Software Development Environment; Beihang University; Beijing China, State Key Laboratory of Software Development Environment; Beihang University; Beijing China and School of Computing and Mathematics; University of Derby; Derby UK |
File | File Access Level Open |
File | File Access Level Open |
File | File Access Level Open |
https://repository.derby.ac.uk/item/9472y/cloudmon-a-resource-efficient-iaas-cloud-monitoring-system-based-on-networked-intrusion-detection-system-virtual-appliances
Download files
54
total views20
total downloads0
views this month0
downloads this month