Problems with Existing Security Approaches

Traditionally, for protecting internal resources like hardware, software or network equipment, perimeter security is commonly used, which puts a barrier separating internal resources from intrusion from outside. The intrusion detection system can have a combination of firewall, anti- malware functionality and access control mechanisms to establish perimeter defense. Despite all these efforts, the strategy fails as attackers become more and more sophisticated. In cloud-based

deployments the boundaries are fuzzy as resources gets distributed across geographically disparate clouds. Establishing a perimeter defense in such a situation becomes difficult. Virtual resources created for different tenants on the same physical resources may also prove to be a security problem.

Traditional security solutions rely on signatures, predefined database of known attack patterns or bursts of activity [107] [108]. Not only the traditional signature based systems are penetrable, they are not useful for unseen threat models [109]. Other traditional methods like firewalls to secure critical assets like electronic health records have often been breached by hackers through unhardened IoT devices. Security approaches involving manual filtering of exceptions and analyzing each alert become time consuming. Some traditional methods may not be effective when attacks involve multiple tactics, multiple end-points and change their nature [110]. In cloud computer network visibility is limited and east-west traffic cannot be easily monitored on virtual networks. Traditional methods involving Layer 3 and 4 packet filtering and security controls are not effective when virtual resources are leased across heterogeneous clouds.

To tackle the problems of unseen attacks researchers have examined machine-learning solutions in a bid to differentiate between ‘normal’ and ‘anomalous’ behavior. The shallow machine learning solutions may prove to be inadequate in the virtual healthcare environment. Data in healthcare are high dimensional and, with the shallow machine learning techniques, extracting relevant features requires human intervention. The curse of dimensionality renders the available data sparse and finding statistical significance difficult. On the other hand, using all the features would make the training process time consuming. Also, these methods usually have relatively high false positive rates for detection [111], which causes the risk of over medication or unnecessary procedures.

3.5 Challenges Addressed by this Dissertation

Based on the discussion of the state-of-the-art and the remaining challenges, in this section we describe the challenges that we have addressed in different parts of the problem.

The combination technique for multi-cloud platform optimization: Both of the top-level

challenges – collecting behavioral data of the platform and analyzing the data to produce actionable results- have been addressed in our work. These results have then been used to carry out optimization of OpenADN. In Chapter 4, we have discussed the results of optimization to see how far the two-level techniques have been successful in the optimization of the multi-cloud management platform.

At the first level, we have used multi-level behavioral data collection techniques in the form of onion rings. It starts with a top-level view of the platform software and works down to the function and statement levels. Top-level analysis provides the overall CPU time utilization among the system and the user activities as well as the idle time. The detailed statement-by- statement profiling gives a tentative idea of the factors that prevent the platform from operating at the optimum level. At the second level, we use a technique for confirming which of the factors identified are significant. We use for the first time the two factorial analysis to confirm the factors before launching into an expensive full-scale optimization. We evaluate the model and find that our method can accurately identify the factors, taking care of which improves the performance.

1) Elaborate how the behavior of a complex multi-cloud platform can be analyzed, while it is in operation, to obtain data for optimization, i.e., obtaining and using virtual resources from multiple clouds.

2) Evolve a methodology to examine the usefulness of the identified factors for optimization of the platform and avoid unnecessary optimization efforts.

3) Carry out the optimization of the OpenADN platform using the result of the above analysis to show the usefulness of the techniques evolved.

The P-ART framework for placement of virtual network services: The primary challenge for

creating network services over multiple clouds is the placement VNFs of the service under several constraints. The placement has to meet the policies and objectives defined by the carrier and embodied in the SLA with the CSP. These usually include cost and quality of service parameters. Other important requirements, which we have seen in the last chapter, are speed and accuracy of placement. In this research, elaborated in Chapter 5, we have comprehensively addressed each of these requirements. The challenges have been addressed through multiple criteria optimization in an innovative placement strategy. Specifically, placements have been carried out to optimize cost and keep latency within the specified threshold. The placement is based on prediction of the state of the clouds at the time of placement. A number of innovations have been proposed in this part of the work. One such refinement, that makes predictions more accurate, is the compensation of the concept drift due to diurnal variation of traffic. The selection of clouds is through a generalized random selection algorithm. To the best of our knowledge, all of these techniques have been developed and used by us for the first time. We have also seen that the ILP solutions are slow in giving optimal solution. This limits their utility in responding fast

to the change of state of the multi-cloud system and renders the method unusable in real-time applications. We avoid the ILP route and use machine learning for placement, which reduces the time taken even for large placements and renders the re-evaluation problem trivial. The method that we have developed falls in the category of dynamic and proactive placement algorithms rather than being either of those. Our objective and constraint-based determination of clouds, on which the SFC will be placed, removes the tight binding between resources and the VNFs of the SFC. During operation, the placement is frequently re-evaluated to ensure continued optimality. If required, new placement and virtual resource dimensioning will be done consistent with the carrier SLA requirements and CSP policies. The methods adopted also lead to the high efficiency of the placement process, which ensures that placement requests are successful in all cases where enough capacity is available and constraints can be met. The high speed of placements allows the CSP to make changes in the network dynamically, in real-time or near real-time, as the factors like demand, traffic congestion on links, availability of resources on various clouds change.

The HYPERVINES fault and performance management framework: This part of the work

deals with the examination of the major reasons for performance and availability challenges in NFV and cloud-based VNS deployments. One of the major reasons is found to be the absence of a credible fault and management system. We find that handling detection and localization of fault and performance issues is difficult because of multiple layers in implementation of VNSs and the ill-defined interfaces among different management platforms for handling the distributed and overlapping responsibilities of fault and performance management. To address these challenges we have carried out the following work:

i) Develop an architectural framework for detection and localization of manifest and impending fault and performance problems.

ii) Develop mechanisms, within the described architectural framework, which make use of the network’s operational markers for detection and localization of faults and performance issues.

iii) The innovative use of shallow and deep predictive algorithms to obtain high accuracy of detection and localization. We achieve accuracies markedly better than the baselines and any other reported result in similar environment.

iv) Demonstration of the feasibility and effectiveness of the proposed framework using real network data

The merged hierarchical model with layer reuse for dataflow security: Subsystems of IoT and

Multi-cloud based (also referred to as the next generation in conformity with a funded proposal in this area) healthcare would be connected in cyberspace, and therefore, prone to new vulnerabilities. Protection of patients' data, as it flows between domains and from cloud to cloud within the cloud hierarchy, against the effects of malicious intrusions, is an important part of the overall security strategy of the healthcare system.

To address the inter-cloud dataflow security challenges, our contributions are as follows: i) Evolving system and security architecture for the next generation healthcare. ii) Evolving a threat model for the system

iii) Innovative use of deep neural network, in the form of stacked autoencoders at the edge clouds and public cloud, for protecting dataflow in motion among the clouds.

iv) Developing a merged model for reducing the training time and improving accuracy of models in the public cloud.