A Secure VM Allocation Strategy Based on Tenant Behavior Analysis and Anomaly Identification

Cloud computing is gaining popularity due to prominent advantages of dynamic provisioning, economies of scale and low expenditures. However, co-resident attacks pose great threats to security and reliability of cloud infrastructure. Previous work has shown the effectiveness of secure virtual machine (VM) allocation strategies to defend against attacks and improve security. Unfortunately, existing approaches cannot distinguish potential malicious tenants before running VMs, so they adopt a reckless strategy of stacking VMs, which indirectly mitigates threats but fails to provide adequate security or balance workload. This paper presents an approach to reduce attack risk and balance workload by recognizing potential attackers before VM allocation and applying a secure allocation strategy to prevent malicious tenants from accessing normal ones. We analyze tenant behavior and VM usage data to identify potential attackers, assisted by machine learning methods. A new metric is proposed to measure co-resident attack risk and a novel risk-control VM allocation strategy is designed to minimize it. Implementation and evaluation on a dataset consisting of real-world VM workload demonstrate that our approach significantly outperforms existing approaches in minimizing the risk of co-resident attacks and balancing workload of datacenter as well as individual tenants.