ATOM - Efficient Tracking, Monitoring, and Orchestration of Cloud Resources

International Journal of Scientific Research in Computer Science, Engineering and Information Technology
© 2018 IJSRCSEIT | Volume 4 | Issue 2 | ISSN : 2456-3307
ATOM : Efficient Tracking, Monitoring, and Orchestration of Cloud

Resources
K Sandhya Rani *1, Kunta Srinu2
1* sandnyakaviti@gmail.com,srinukunta78gmail.com
ABSTRACT
The emergence of Infrastructure as a Service framework brings new opportunities, that conjointly
accompanies with new challenges in auto-scaling, resource allocation, and security. A elementary
challenge underpinning these issues is that the continuous tracking and monitoring of resource usage
within the system. during this paper, we tend to present ATOM, AN efficient and effective
framework to automatically track, monitor, ANd orchestrate resource usage in an Infrastructure as a
Service (IaaS) system that's wide employed in cloud infrastructure. we tend to use novel trailing
methodology to ceaselessly track vital system usage metrics with low overhead, and develop a
Principal part Analysis (PCA) primarily based approach to ceaselessly monitor and automatically
notice anomalies supported the approximated trailing results. we tend to show a way to dynamically
set the trailing threshold supported the detection results, and more, a way to regulate trailing rule to
confirm its optimality beneath dynamic workloads. Lastly, once potential anomalies square measure
known, we tend to use introspection tools to perform memory forensics on VMs guided by analyzed
results from trailing and monitoring to spot malicious behavior within a VM. we tend to demonstrate
the extensibility of ATOM through virtual machine (VM) bunch. The performance of our framework
is evaluated in AN open supply IaaS system.
Keywords : Infrastructure as a Service, cloud, tracking, monitoring, anomaly detection, virtual

machine introspection
INTRODUCTION
Atom is a free and open- on Electron (formerly known as Atom Shell),[9] a

source[4][5] text and source code framework that enables cross-platform desktop
editor for macOS, Linux, and Microsoft applications
Windows[6] with support for plug-ins written using Chromium and Node.js.[10][11] It is written
in Node.js, and embedded Git Control, in CoffeeScript and Less.[12] It can also be used as
developed by GitHub. Atom is a desktop an integrated development
application built using web technologies. Most [7] environment (IDE). [13][14][15][16] Atom was released
of the extending packages have free software from beta, as version 1.0, on 25 June 2015.[17] Its
licenses and are community-built and developers call it a "hackable text editor for the
maintained.[8] Atom is based 21st Century".[18]
CSEIT1833614 | Received : 01 April 2018 | Accepted : 15 April 2018 | March-April-2018 [ (4) 2 : 71-76] 71
Security is another paramount system. For These observations illustrate that a fundamental
example, it was reported saries attacked Amazon challenge underpinning several important
cloud by service (DDoS) bots on user VMs by in problems in an IaaS system is the continuous
Elasticsearch [2]. Resource usage insights to tracking and monitoring of resource usage in the
address security concerns. to constantly monitor system. Furthermore, several applications (e.g.,
resource usage not only for resource allocation, security) also need intelligent and automated
but in the system. Until now, the best practices orchestration of system resources, by going
for mitigating DDoS and other attacks in AWS beyond passive tracking and monitoring, and
include using CloudWatch to create simple introducing auto-detection of abnormal
threshold alarms on monitored metrics and alert behavior in the system, and active introspection
users for potential attacks [3]. In our work we and correction once anomaly has been identified
show how to detect the anomalies automatically and confirmed. This motivates us to design and
while saving users the trouble on setting magic implement ATOM, an efficient and effective
threshold values. framework to automatically track, orchestrate,
and monitor resource usage in an IaaS system.
Fig. 1. A simplified architecture of Eucalyptus.
A motivating example Eucalyptus is a paid and Architecture for Linking Your Programs To
open-source computer software for building Useful Systems.[2] Eucalyptus enables pooling
Amazon Web Services (AWS)-compatible compute, storage, and network resources that
private and hybrid cloud computing can be dynamically scaled up or down as
environments, originally developed by the application workloads change.[3] Mårten Mickos
company Eucalyptus Systems. Eucalyptus is an was the CEO of Eucalyptus.[4] In September
acronym for Elastic Utility Computing 2014, Eucalyptus was acquired by Hewlett-
Packard and then maintained by DXC orchestrate resource usage and allocation in the
Technology. IaaS system to achieve a more secure system
and/or better performance. Note that VM
Eucalyptus provides an AWS-like service called
introspection is expensive. Without continuous
CloudWatch.CloudWatch is able to monitor
tracking and online monitoring and
resource usage of each VM. To reduce overhead,
orchestration, it is almost impossible to figure
such data are only collected from each VM at
out when to do VM introspection and what
every minute, and then reported to the CLC
specific target to introspect in a host VM. Our
through a CC. Clearly,gathering resource usage
goal is to automate this process and trigger VM
in real time introduces overhead in the system
introspection only when needed. We refer to
(e.g., communication overhead from a NC to the
this process as resource orchestration.
CLC). When there are plenty of VMs to
monitor, the problem becomes even worse and ATOM introduces an online tracking module
will bring significant overhead to the that runs at NC and continuously tracks various
system.CloudWatch addresses this problem by performance metrics and resource usage values
collecting measurements only once every of all VMs. The CLC is denoted as the tracker,
minute, but this provides only a discrete, and the NCs are denoted as the observers. The
sampled view of the system status and is not goal is to replace the sampled view at the CLC
sufficient to providing continuous with a continuous understanding of system
understanding and protection of the system. status, with minimum overhead.
Another limitation in existing approaches like ATOM then uses an automated monitoring
CloudWatch is that they only do passive module that continuously monitors the resource
monitoring. No active online resource usage data reported by the online tracking
orchestration is in place towards detecting module. The goal is to detect anomaly by mining
system anomalies, potential threats and attacks. the resource usage data. This is especially helpful
We observe that, e.g., in the aforementioned for detecting attacks that could cause changes in
DDoS attack to Amazon cloud, alarming signals resource usage, for example, one VM consumes
can be learned automatically from resource all available resources and starves all other VMs
usage data, which are readily to analyze without running on the same physical computer [7]. The
any pre-processing like system logs [6]. Active baseline for online monitoring is to simply
online resource monitoring and orchestration is define a threshold value for any metric of
very useful in achieving a more secure and interest. Clearly, this approach is not very
reliable system. Active online resource effective against dynamic and complex attacks
monitoring gives us the opportunities to trigger and anomalies. ATOM uses a dynamic online
VM introspection to debug the system and monitoring method that is developed based on
figure out what has possibly gone wrong. The PCA. We design a PCA-based method that
introspection into VMs then allows to continuously analyzes the dominant subspace
defined by the measurements from the tracking online monitoring, and orchestration (for VM
module, and automatically raises an alarm introspection) into one framework, whereas
whenever a shift in the dominant subspace has UBL focuses on anomaly detection in
been detected. Even though PCA-based methods performance data without the integration of
have been used for anomaly detection in various tracking and orchestration. Hence, UBL is
contexts, a new challenge in our setting is to “equivalent ” to the monitoring component in
cope with approximate measurements produced ATOM.
by online tracking, and design methods that are
RELATED WORK
able to automatically adapting to and adjusting
the tracking errors. To the best of our knowledge, none of existing
IaaS platforms is able to provide continuous
Lastly, virtual machine introspection (VMI) is
tracking, monitoring, and orchestration of
used to detect and identify malicious behavior
system resource usage. Furthermore, none of
inside a VM. VMI techniques such as analyzing
them is able to do intelligent, automated
VM memory space tends to be of great cost. If
monitoring for a large number of VMs and carry
we don’t know where and when an attack might
out orchestration inside a VM.
have happened,we will need to go through the
entire memory constantly, which is clearly Cloud monitoring. Most existing IaaS systems
expensive, especially if VMs to be analyzed are follow the general, hierarchical architecture as
so many. ATOM provides two options here. The shown in Figure 1. Inside these sys-tems, there
first option is to set a threshold for each resource are imperative needs for the controller to
usage measure (the baseline as discussed above), continuously collect resource usage data and
and we consider there may be an anomaly if the monitor system health. AWS [1] and Eucalyptus
reported value is beyond (or below) the [4], [5] use CloudWatch [27] service to monitor
threshold for that measure and trigger a VMI. VMs and other components in some fixed
This is the method that existing systems like intervals, e.g., every minute. This provides cloud
AWS and Eucalyptus have adopted for auto users a system-wide visibility into resource
scaling tasks. The second option is to use the utilization, and allows users to set some simple
online monitoring method in the monitoring threshold based alarms to monitor and ensure
module to automatically detect anomaly and system health. OpenStack [28] is developing a
trigger a VMI, as well as guiding the project called Ceilometer [29], to collect
introspection to specific regions in the VM resources utilization measurements. However,
memory space based on the data from online these approaches only provide a discrete,
monitoring and tracking. We denote the second sampled view of the system. Several emerging
method as orchestration. startup companies such as DATADOG [30] and
librato [31] could monitor in a more fine-
That said, note that ATOM is an end-to-end
grained granularity, provided the required
framework that integrates online tracking,
softwares are installed. However, this inevitably
introduces more network overhead to the cloud, all the nodes and has been used in many
which becomes worse when the monitored clusters. These efforts are similar to the
infrastructure scales up. On the contrary, ATOM CloudWatch module currently used in
significantly reduces the network overhead by AWS/Eucalyptus, and they reduce monitoring
utilizing the optimal online tracking algorithm, overhead by simple aggregations. While the
while providing just about the same amount of purpose of ATOM’s tracking module is to reduce
information. Furthermore, all these cloud data transfer, but it does so using online tracking
monitoring services offer very limited capability instead of simply aggregating which delivers
in monitoring and ensuring system health. UBL much more fine-grained information.
[8] uses collected VM usage data to train Self-
STAR [36] is a hierarchical algorithm for
Organizing Maps for anomaly prediction, which
scalable aggregation that reduces
serves a similar purpose to ATOM’s monitoring
communication overhead by carefully
component. Besides the detailed comparison in
distributing the allowed error budgets. It suites
Section 1, SOM requires an explicit training
systems like SDIMS [34] well. InfoEye [37] is a
stage and needs to be trained by normal data,
model-based information management system
while PCA could identify what is normal
for large-scale service overlay networks through
directly from the history data provided normal
a set of monitoring sensors deployed on different
data is the majority. Unlike UBL and ATOM
overlay nodes with reduced overhead achieved
which only require VM usage data, PerfCompass
by ad-hoc conditions filters. InfoTrack
collects system call traces and checks the
execution units being affected [32] to identify [38] is a monitoring system that is similar to
whether a VM performance anomaly is caused ATOM’s tracking module, in that it tries to
by internal fault like software bugs, or from an minimize continuous monitoring cost with most
external source such as co-existing VMs. information precision preserved, by leveraging
temporal and spatial correlation of monitored
Astrolabe [33] is a monitoring service for
attributes, while ATOM uti-lizes an optimal
distributed re-sources, to perform user-defined
online tracking algorithm that is proved to
aggregation (e.g. number of nodes that satisfy
achieve the best saving in network cost without
certain property) on-the-fly for the host hi-
any prior knowledge on the data. MELA [39] is a
erarchy. It is intended as a “summarizing
monitoring framework for cloud service which
mechanism”. Similar to Astrolabe, SDIMS [34] is
collects different dimensions of data tailored for
another system that aggregates information
analyzing cloud elasticity purpose (e.g. scale up
about large-scale networked systems with better
and scale down). ATOM may use MELA to
scal-ability, flexibility, and administrative
collect, track, and monitor different types of
isolation. Ganglia [35] is a general-purpose
metrics than those already available through
scalable distributed monitoring system for high
CloudWatch.
performance computing systems which also has
a hierarchical design to monitor and aggregate
Cloud security. IaaS system also brings us a new [43], [44], [45]. As we have argued in Section
set of secu-rity problems. Leading cloud 4.1, adapting a PCA-based approach to our
providers have developed advanced mechanism setting has not been studied before and
to ensure the security of their IaaS systems. presented significant new challenges.
AWS [40] has many built-in security features
The security challenges in IaaS system were
such as firewalls, encrypted storage and security
analyzed in [7], [46], [47], [48]. Virtual machine
logs. OpenStack uses a security component
attacks is considered a major security threat.
called Keystone [41] to do authentication and
ATOM’s introspection component leverages
authorization. It also has security rules for
existing open source VMI tools such as Stackdb
network communication in its network
[10] and Volatility [18] to pinpoint the anomaly
component Neutron [42]. Other IaaS platforms
to the exact process.
have similar se-curity solutions, which are
mainly firewalls and security groups. VMI is a well-known method for ensuring VM
Nevertheless, it is still possible that hackers security [49], [50], [51], [52]. It has also been
could bypass known security policies, or cloud studied for IaaS systems [53], [54], [55].
users may accidentally run some mali-cious However, to constantly secure VM using VMI
software. It is thus critical to be able to detect tech-nique, the entire VM memory needs to be
such anomaly in near real-time to avoid leaving traversed and analyzed periodically. It may also
hackers plenty of time to cause significant require the VM to be suspended in order to gain
damage. Hence we need a monitoring solution access to VM memory. Blacksheep [19] is such a
that could actively detect anomaly, and identify system that detects rootkit by dumping and
potentially malicious behavior over a large comparing groups of similar machines. Though
number of VM instances. AWS recently adopts the performance overhead is claimed to be
its CloudWatch service for DDoS attacks [3], but acceptably low to support real-time monitoring,
it re-quires user to check historical data and set a clearly user programs will be negatively affected.
”magic value” as the threshold manually, which Another solution was suggested [56] for cloud
is unrealistic if user’s underlying workloads users to verify the integrity of their VMs.
change frequently. However, this is not an “active detection and
reaction” system. In contrast, ATOM enables
In contrast, ATOM could automatically learn
triggering VMI only when a potential attack is
the normal behavior from previous monitored
identified, and it also helps locate the relevant
data, and detect more complex attacks besides
memory region to analyze and introspect much
DDoS attacks using PCA. PCA has been widely
more effectively and efficiently using its
used to detect anomaly in network traffic
orchestration component.
volume in backbone networks [12], [13], [17],
from the tracking results, and

PROPOSE SYSTEM automatically detect anomaly by identi-
fying notable shift in the interesting
THE ATOM FRAMEWORK
subspace. It also generates anomaly
information for further analysis by the
orchestration com-ponent when this
happens. The monitoring component also
adjusts the tracking threshold from the
tracking component dynamically online
based on the data trends and a desired false
alarm rate.
(3) Orchestration component (introspection

Figure 2 the ATOM framework and debugging): when a potential anomaly
is identified by the monitoring compo-
CC and one NC are shown in this example. nent, an INTROSPECT request along with
ATOM adds three components to an IaaS anomaly information is sent to the
system like AWS and Eucalyptus: orchestration component on NC, in which
VMI tools (such as LibVMI [9]) and VM
debugging tools (such as StackDB [10]) are
(1) Tracking component: ATOM adapts the used to identify the anomalous behavior
optimal online tracking algorithm for one- inside a VM and raise an alarm to cloud
dimension online tracking inside the users for further analysis.
monitoring service on NCs. This
dramatically reduces the over-head used to ORCHESTRATION COMPONENT
monitor cloud resources and enables
continuous measurements to CC and CLC;
(2) Monitoring component (anomaly The monitoring component in Section 4 detects
detection): ATOM adds this component in the abnormal state and identifies which
CLC to analyze tracking results by the measurement on which VM might be respon-
tracking component, which provides sible. In this section, we describe how
continuous resource usage data in real orchestration component is able to
time. It uses a modified PCA method to automatically mitigate the malicious behavior
continuously track the divided subspace, after an anomaly is detected.
as defined by the multi-dimensional values
Modern IaaS cloud vendors offer services target VM, and then analyze each piece,
mostly in the form of VMs, which makes it typically by comparing with what’s defined a
critical to ensure VM security in order to “normal” state. Thus to protect VMs in real
attract more customers. VMI technique has time, the whole memory space needs to be
been widely studied to introspect VM for analyzed constantly, introducing much
security purpose. There are also several popular overhead into the production system.
open source general-purpose VMI tools such as
ATOM implements its orchestration
LibVMI [9], Volatility [18], and StackDB [10],
component based on Volatility (with LibVMI
for researchers to explore and develop more
plug-in for live introspection) and StackDB. A
sophisticated applications. LibVMI has many
crucial difference with other systems is that,
basic APIs that support memory read and write
ATOM only introspects the VM when an
on live memory. Volatility itself supports
anomaly happens, and only on the relevant
memory forensics on a VM memory snapshot
memory space of the suspicious VMs. The
file, and it has many Linux plugins that are
monitoring component in ATOM serves as a
ready to use. StackDB is designed to be a multi-
trigger to inform VMI tools when and where to
level debugger, while also serves well as a
do introspection. The anomalies are found by
memory-forensics tool. Other more
analyzing previously monitored resource usage
sophisticated techniques developed for special-
data, in monitoring component, which is much
purpose VMI anomaly detection are generally
more lightweight than analyzing the whole
based on these tools. Blacksheep [19], for
memory space. Then the metrics identification
instance, utilizes Volatility and specifically
process in monitoring component could locate
developed plug-ins to imple-ment a distributed
which dimensions are suspi-cious, indicating
system for detecting anomalies inside VMs
the relevant metrics on some particular VMs.
among groups of similar machines. However, as
This information is sent to orchestration
most other VMI strategies to secure VMs, it
component along with a VMI request, which
needs to dump the whole memory space of the
then only introspects the relevant memoy
Fig. 3. Memory space introspected by ATOM.
After the orchestration component identifies be easily extended to detect more complex
potential abnor-mal processes, an alarm is raised attacks. First, more metrics could be easily added
with associated information identified by VMI to monitor for each VM. Also, many other auto-
tools. The alarm and such information are debugging tools could be developed, which are
provided to the VM user. If user confirms this as useful to find various kinds of attacks and
an abnormal behavior, ATOM is able to perform different desirable actions.
terminate the malicious processes inside a VM
instance by using tools like StackDB [10].
StackDB could be used to debug, inspect, Note that killing the identified, potentially
modify, and analyze the behavior of running malicious process is just one possible choice
programs inside a VM instance. To kill a process, provided by ATOM, which is performed only if
it first finds the task_struct object of the running user agrees to (ATOM is certainly able to
process using process name or id, and then automate this as well if desired). Alternatives
passes in SIGKILL signal. Next time the process could be to terminate the network connections
is being scheduled, it is killed immediately. or to close file handles. A more sophisticated
way is to study a rich dataset of known attacks
(e.g., Exploits Database) and design rule-based
Although the anomalies that could be approaches to mitigate attacks based on different
detected by ATOM is limited compared with patterns. We refer these active actions, together
other systems which analyze the whole memory with introspection, as ATOM’s orchestration
space, we argue the framework of ATOM could module. Orchestration in ATOM can be greatly
customized to suite the needs for different tasks, where the principal components (PCs) are
such as identification of different attacks, and ordered by the amount of variations on each
dynamic resource allocation in an IaaS system. direction (as explained in Figure 3). Thus, if two
VMs share similar workloads, the directions of
VM CLUSTERING
the corre-sponding PCs between the two should
ATOM enables a continuous understanding of also be similar. That said,
the VMs in an IaaS system. In addition to
anomaly detection, this framework is also useful Step 1. On CLC, a data matrix for each VM is
for many other decision making and analytics maintained, where the columns are metric types
applications. Hence, in addition to using a PCA- and rows are time instances (i.e., a t d0 matrix for
based approach in the monitoring component, each VM with a sliding window of t), and is
we will demonstrate that it is possible to design updated over time.
and implement a VM clustering module to be
used in the monitoring component. Step 2. ATOM performs a PCA on each VM
data matrix without standardization; since for
The objective of VM clustering is to cluster a clustering purposes, not only the variations on
set of VMs into different clusters so that VMs each direction is important, but also the average
with similar workload characteris-tics end up in usage on each dimension. For example, a VM
the same group. This operation assists making having a disk usage that oscillates between
load balancing decisions, as well as developing 10,000 and 20,000 bytes is obviously not the
customized, fine-tuned monitoring modules for same as one having oscillation between 100 and
each cluster. For instance, a cloud provider 200 bytes on the same dimension; whereas a
standardization procedure which first performs
may want to evenly distribute the VMs having mean-center and then normalization will make
similar resource usage patterns to different the two oscillations look similar.This step yields
physical nodes, in order to make sure the a set of PCs for each VM. The direction of each
physical resources are fully utilized and fewer PC is denoted by the corresponding eigen vector
VMs may suffer from resource starvation. In while the variation is shown by the associated
another example, we may want to use different eigen value.
anomaly detection techniques for VMs running Step 3. Suppose VM1 has eigen vectors
a database server workload than those running a (v11;v12;:::) and corresponding eigen values
web server. (l11;l12;:::), while VM2 has (v21;v22;:::) and
(l21;l22;:::). We measure the distance be-tween
The basic idea of our proposed approach is as two directions using cosine distance; defined as
follows. The monitoring component in ATOM, (1 cosine similarity). Intuitively, the bigger the
using its PCA-based approach, transforms the angle between two directions (the less similar
original coordinates to a new coordinate system they are), the smaller their cosine similarity is,
hence the larger the cosine distance becomes.
Finally, the distance between the two VMs is cluster, and we want to find a large enough
defined as: “inner cluster” distance and use it as the
threshold value e to determine whether two
points belong to the same cluster.
of each corresponding pair of eigen vectors from
VM1 and VM2, weighted by the difference of CONCLUSION
the corresponding eigen values to ensure that
the variations do not differ a lot.
We exhibit the ATOM-framework that can be
effectively incorporated into a standard IaaS
Step 4. Using VMdist as the distance measure
framework to give mechanized, constant
between any two VMs, we use DBSCAN [20] to
tracking, monitoring, and orchestration of
cluster similar VMs together. DBSCAN is a
framework asset use in about ongoing. ATOM is
threshold-based (aka density based) clustering
to a great degree valuable for abnormality
algorithm which requires two parameters: e
identification, auto-scaling, and dynamic asset
which is the density threshold, and minPts
designation and load adjusting in IaaS
which is the number of minimum points to form
frameworks. Intriguing future work incorporates
a cluster. DBSCAN expands a cluster from an
expanding ATOM for more advanced asset
un-visited data point towards all its neighboring
orchestration and joining the barrier against
points provided the distance is within e, and
considerably more intricate assaults in ATOM.
then recursively expands from each of the
neighboring point. Points are marked as an REFERENCES
outlier if the number of points in their cluster is
fewer than minPts. Compared with other [1]. Amazon. http://www.aws.amazon.com/.
Accessed Nov. 5, 2016.
popular clustering methods like k-means,
[2]. ITWORLD.
density-based clustering algorithm does not http://www.itworld.com/security/428920/attac
require the prior-knowledge on the number of kers-install-ddos-bots-amazon-cloud-
clusters, neither does it need to iteratively exploiting-elasticsearch-weakness. Accessed
Nov. 5, 2016.
compute an explicit “centroid” and re-cluster at
[3]. Amazon. AWS Best Practices for DDoS
every iteration. By default, ATOM sets Resiliency. https://d0.awsstatic.
minPts=10, and computes the thresh-old value e com/whitepapers/DDoS White Paper
using a sampling based approach. More specifi- June2015.pdf. Accessed Nov. 5, 2016.
[4]. Eucalyptus.
cally, we randomly select n pairs of VMs and http://www8.hp.com/us/en/cloud/helion-
compute their VMdist. We sort the n VMdist eucalyptus.html. Accessed Nov. 5, 2016.
values, and set e = VMdisti if VMdisti+1 > 5 [5]. D Nurmi, R. Wolski, C. Grzegorczyk, G.
Obertelli, S. Soman, L. Yous-eff, and D.
VMdisti. The intuition is that for any point, the
Zagorodnov, “The eucalyptus open-source
distance to a point in a different cluster is much cloud-computing system,” in CCGRID, 2009.
longer than the distance to a point in the same [6]. M Du and F. Li, “Spell: Streaming parsing of
system event logs,” in ICDM, 2016.
[7]. W Dawoud, I. Takouna, and C. Meinel, testbed for benchmarking relational databases,”
“Infrastructure as a service security: Challenges PVLDB, 2013.
and solutions,” in INFOS, 2010. [22]. StackDB.
[8]. D J. Dean, H. Nguyen, and X. Gu, “UBL: http://www.flux.utah.edu/software/stackdb/do
Unsupervised behavior learn-ing for predicting c/all.html#using-eucalyptus-to-run-qemukvm.
performance anomalies in virtualized cloud Accessed Nov. 5, 2016.
systems,” in ICAC, 2012. [23]. I. Goiri, R. Bianchini, S. Nagarakatte, and T. D.
[9]. LibVMI. http://libvmi.com/. Accessed Nov. 5, Nguyen, “Approx-hadoop: Bringing
2016. approximations to mapreduce frameworks,” in
[10]. D. Johnson, M. Hibler, and E. Eide, ASP-LOS, 2015.
“Composable multi-level debugging with [24]. M. T. Al Amin, S. Li, M. R. Rahman, P. T.
Stackdb,” in VEE, 2014. Seetharamu, S. Wang, T. Abdelzaher, I. Gupta,
[11]. K. Yi and Q. Zhang, “Multi-dimensional online M. Srivatsa, R. Ganti, R. Ahmed et al., “Social
tracking,” in SODA, 2009. trove: A self-summarizing storage service for
[12]. H. Ringberg, A. Soule, J. Rexford, and C. Diot, social sensing,” in ICAC, 2015.
“Sensitivity of PCA for traffic anomaly [25]. J. Kelley, C. Stewart, N. Morris, D. Tiwari, Y.
detection,” in SIGMETRICS Performance He, and S. Elnikety, “Mea-suring and
Evaluation Review, 2007. managing answer quality for online data-
[13]. A. Lakhina, M. Crovella, and C. Diot, intensive services,” in ICAC, 2015.
“Diagnosing network-wide traffic anomalies,” [26]. X. Wang, U. Kruger, and G. W. Irwin, “Process
in SIGCOMM, 2004. monitoring approach using fast moving
[14]. V. Varadarajan, T. Kooburat, B. Farley, T. window PCA,” Industrial & Engineering
Ristenpart, and M. M. Swift, “Resource-freeing Chemistry Research, 2005.
attacks: improve your cloud performance (at [27]. Amazon. Amazon cloudwatch.
your neighbor’s expense),” in CCS, 2012. http://aws.amazon.com/cloudwatch/. Ac-
[15]. W. Li, H. H. Yue, S. Valle-Cervantes, and S. J. cessed Nov. 5, 2016.
Qin, “Recursive PCA for adaptive process [28]. OpenStack. http://www.openstack.org/.
monitoring,” Journal of process control, 2000. Accessed Nov. 5, 2016.
[16]. J. E. Jackson and G. S. Mudholkar, “Control [29]. Openstack ceilometer.
procedures for residuals associated with https://wiki.openstack.org/wiki/Ceilometer.
principal component analysis,” Technometrics, Accessed Nov. 5, 2016.
1979. [30]. DATADOG. https://www.datadoghq.com/.
[17]. L. Huang, M. I. Jordan, A. Joseph, M. Accessed Nov. 5, 2016.
Garofalakis, and N. Taft, “In-network PCA and [31]. librato. https://www.librato.com/. Accessed
anomaly detection,” in NIPS, 2006. Nov. 5, 2016.
[18]. Volatility. [32]. D. J. Dean, H. Nguyen, P. Wang, and X. Gu,
http://www.volatilityfoundation.org/. Accessed “Perfcompass: toward runtime performance
Nov. 5, 2016. anomaly fault localization for infrastructure-
[19]. A. Bianchi, Y. Shoshitaishvili, C. Kruegel, and as-a-service clouds,” in HotCloud, 2014.
G. Vigna, “Blacksheep: detecting compromised [33]. R. Van Renesse, K. P. Birman, and W. Vogels,
hosts in homogeneous crowds,” in CCS, 2012. “Astrolabe: A robust and scalable technology
[20]. M. Ester, H.-P. Kriegel, J. Sander, X. Xu et al., for distributed system monitoring,
“A density-based algorithm for discovering management, and data mining,” TOCS, 2003.
clusters in large spatial databases with noise.” [34]. P. Yalagandula and M. Dahlin, “A scalable
in KDD, 1996. distributed information management system,”
[21]. D. E. Difallah, A. Pavlo, C. Curino, and P. in SIGCOMM, 2004.
Cudre-Mauroux, “OLTP-Bench: An extensible [35]. M. L. Massie, B. N. Chun, and D. E. Culler,
“The ganglia distributed monitoring system:
design, implementation, and experience,” [48]. C. R. Li, D. Abendroth, X. Lin, Y. Guo, H.

Parallel Computing, 2004. wook Baek, E. Eide, R. Ricci, and J. K. V. der
[36]. N. Jain, D. Kit, P. Mahajan, P. Yalagandula, M. Merwe, “Potassium: Penetration testing as a
Dahlin, and Y. Zhang, “Star: Self-tuning service,” in SoCC, 2015.
aggregation for scalable monitoring,” in VLDB, [49]. T. Garfinkel, M. Rosenblum et al., “A virtual
2007. machine introspection based architecture for
[37]. J. Liang, X. Gu, and K. Nahrstedt, “Self- intrusion detection.” in NDSS, 2003.
configuring information man-agement for [50]. J. Pfoh, C. Schneider, and C. Eckert, “A formal
large-scale service overlays,” in INFOCOM, model for virtual machine introspection,” in
2007. ACM workshop on Virtual machine security,
[38]. Y. Zhao, Y. Tan, Z. Gong, X. Gu, and M. 2009.
Wamboldt, “Self-correlating predictive [51]. B. Dolan-Gavitt, T. Leek, M. Zhivich, J. Giffin,
information tracking for large-scale production and W. Lee, “Virtuoso: Narrowing the
systems,” in ICAC, 2009. semantic gap in virtual machine introspection,”
[39]. D. Moldovan, G. Copil, H.-L. Truong, and S. in IEEE Symposium on Security and Privacy,
Dustdar, “MELA: Moni-toring and analyzing 2011.
elasticity of cloud services,” in CloudCom, [52]. Y. Fu and Z. Lin, “Space traveling across vm:
2013. Automatically bridging the semantic gap in
[40]. Amazon. Aws security center. virtual machine introspection via online kernel
http://aws.amazon.com/security/. Ac-cessed data redirection,” in IEEE Symposium on
Nov. 5, 2016. Security and Privacy, 2012.
[41]. OpenStack. OpenStack Keystone. [53]. A. S. Ibrahim, J. Hamlyn-Harris, J. Grundy,
http://docs.openstack.org/developer/ keystone/. and M. Almorsy, “Cloudsec: a security
Accessed Nov. 5, 2016. monitoring appliance for virtual machines in
[42]. OpenStack Neutron. the iaas cloud model,” in NSS, 2011.
https://wiki.openstack.org/wiki/Neutron. Ac- [54]. F. Zhang, J. Chen, H. Chen, and B. Zang,
cessed Nov. 5, 2016. “CloudVisor: retrofitting protection of virtual
[43]. X. Li, F. Bian, M. Crovella, C. Diot, R. machines in multi-tenant cloud with nested
Govindan, G. Iannaccone, and A. Lakhina, virtu-alization,” in SOSP, 2011.
“Detection and identification of network [55]. H. W. Baek, A. Srivastava, and J. Van der
anomalies using sketch subspaces,” in IMC, Merwe, “CloudVMI: Virtual machine
2006. introspection as a cloud service,” in IC2E,
[44]. Y. Liu, L. Zhang, and Y. Guan, “Sketch-based 2014.
streaming PCA algorithm for network-wide [56]. B. Bertholon, S. Varrette, and P. Bouvry,
traffic anomaly detection,” in ICDCS, 2010. “Certicloud: a novel tpm-based approach to
[45]. L. Huang, X. Nguyen, M. Garofalakis, J. M. ensure cloud iaas security,” in IEEE Cloud
Hellerstein, M. I. Jordan, A. D. Joseph, and N. Computing, 2011.
Taft, “Communication-efficient online [57]. M. Du and F. Li, “ATOM: automated tracking,
detection of network-wide anomalies,” in orchestration and moni-toring of resource
INFOCOM, 2007. usage in infrastructure as a service systems,” in
[46]. A. S. Ibrahim, J. H. Hamlyn-harris, and J. IEEE BigData, 2015.
Grundy, “Emerging security challenges of
cloud virtual infrastructure,” in APSEC 2010
Cloud Work-shop, 2010.
[47]. L. M. Vaquero, L. Rodero-Merino, and D.
Moran,´ “Locking the sky: a survey on iaas
cloud security,” Computing, 2011.
AUTHOR DEATILAS KUNTA SRINU IS PURSUING MCA. Degree

from VIGNAN’S LARA INSTITUTE OF
K SANDHYA RANI is working an assistant
TECHNOLOGY &SCIENCE, Vadlamudi,
professor in VIGNAN’S LARA INSTITUTE
Guntur, Andhra Pradesh, India
OF TECHNOLOGY & SCIENCE... Vadlamudi-
522213 Guntur Dist. She has Experience in the
teaching field For 2 years and her interested
in research area data mining.

ATOM - Efficient Tracking, Monitoring, and Orchestration of Cloud Resources

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ATOM - Efficient Tracking, Monitoring, and Orchestration of Cloud Resources

Uploaded by

Copyright:

Available Formats

International Journal of Scientific Research in Computer Science, Engineering and Information Technology

© 2018 IJSRCSEIT | Volume 4 | Issue 2 | ISSN : 2456-3307

ATOM : Efficient Tracking, Monitoring, and Orchestration of Cloud

Keywords : Infrastructure as a Service, cloud, tracking, monitoring, anomaly detection, virtual

Atom is a free and open- on Electron (formerly known as Atom Shell),[9] a

Fig. 1. A simplified architecture of Eucalyptus.

from the tracking results, and

(3) Orchestration component (introspection

Fig. 3. Memory space introspected by ATOM.

design, implementation, and experience,” [48]. C. R. Li, D. Abendroth, X. Lin, Y. Guo, H.

AUTHOR DEATILAS KUNTA SRINU IS PURSUING MCA. Degree

You might also like