CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances

摘要

The networked intrusion detection system virtual appliance (NIDS-VA), also known as virtualized NIDS, playsrnan important role in the protection and safeguard of IaaS cloud environments. However, it is nontrivial tornguarantee both of the performance of NIDS-VA and the resource efficiency of cloud applications because bothrnare sharing computing resources in the same cloud environment. To overcome this challenge and trade-off, wernpropose a novel system, named CloudMon, which enables dynamic resource provision and live placement forrnNIDS-VAs in IaaS cloud environments. CloudMon provides two techniques to maintain high resourcernefficiency of IaaS cloud environments without degrading the performance of NIDS-VAs and other virtualrnmachines (VMs). The first technique is a virtual machine monitor based resource provision mechanism, whichrncan minimize the resource usage of a NIDS-VA with given performance guarantee. It uses a fuzzy model torncharacterize the complex relationship between performance and resource demands of a NIDS-VA and developsrnan online fuzzy controller to adaptively control the resource allocation for NIDS-VAs under varying networkrntraffic. The second one is a global resource scheduling approach for optimizing the resource efficiency of thernentire cloud environments. It leverages VM migration to dynamically place NIDS-VAs and VMs. An onlinernVM mapping algorithm is designed to maximize the resource utilization of the entire cloud environment.rnOur virtual machine monitor based resource provision mechanism has been evaluated by conducting comprehensivernexperiments based on Xen hypervisor and Snort NIDS in a real cloud environment. The results showrnthat the proposed mechanism can allocate resources for a NIDS-VA on demand while still satisfying itsrnperformance requirements. We also verify the effectiveness of our global resource scheduling approach byrncomparing it with two classic vector packing algorithms, and the results show that our approach improvedrnthe resource utilization of cloud environments and reduced the number of in-use NIDS-VAs and physical hosts.