In EDS ansehen

Adaptive and scalable protection framework for virtual machines leveraging deep learning and dynamic defense.

Gespeichert in:

Bibliographische Detailangaben
Titel:	Adaptive and scalable protection framework for virtual machines leveraging deep learning and dynamic defense.
Autoren:	Kanthasamy D; Department of Networking and Communications, School of Computing, College of Engineering and Technology (CET), SRM Institute of Science and Technology, Kattankulathur, Tamil Nadu, 603203, India., Vinoth Kumar CNS; Department of Networking and Communications, School of Computing, College of Engineering and Technology (CET), SRM Institute of Science and Technology, Kattankulathur, Tamil Nadu, 603203, India. vinothks1@srmist.edu.in.
Quelle:	Scientific reports [Sci Rep] 2025 Nov 26; Vol. 15 (1), pp. 42172. Date of Electronic Publication: 2025 Nov 26.
Publikationsart:	Journal Article
Sprache:	English
Info zur Zeitschrift:	Publisher: Nature Publishing Group Country of Publication: England NLM ID: 101563288 Publication Model: Electronic Cited Medium: Internet ISSN: 2045-2322 (Electronic) Linking ISSN: 20452322 NLM ISO Abbreviation: Sci Rep Subsets: PubMed not MEDLINE; MEDLINE
Imprint Name(s):	Original Publication: London : Nature Publishing Group, copyright 2011-
Abstract:	Virtual Machines (VMs) serve as dynamic execution environments that trade-off workload isolation, performance, and elastic scalability in the cloud. However, the flexibility of VMs which allows for efficiency also makes them susceptible to stealthy and adaptive cyber threats such as resource exhaustion, privilege escalation, and lateral movement. In such environments, the traditional signature- and heuristic-based defenses often encounter difficulties, resulting in high false-positive rates and low-rank under changing attack conditions. To mitigate these limitations, we present a flexible defense system which combines feature extraction, anomaly detection, classification and mitigation in a single pipeline. The system consists of an Adaptive Feature Encoder for concise behavior representation, a Density-Aware Clustering for anomaly detection, a Transformer-Boosting Classifier for timely threat identification, and a Dynamic Mitigation Controller for prompt decision making at runtime, and with low overhead. Experiments on benchmark VM telemetry datasets (ToN-IoT and CSE-CIC-IDS2018) indicate that VMShield provides 99.8% accuracy, 99.7% precision, 99.6% F1-score, and reduces false positives by 35% compared to state-of-the-art baselines. Stress testing ensures scalability, keeping detection latency at ~ 240 ms and overhead under 7%. By integrating the accuracy with operational resilience, proposed adaptive and scalable protection framework offers a practical defense to protect the cloud-hosted VMs from the emerging adversarial threats. (© 2025. The Author(s).)
Competing Interests:	Declarations. Competing interests: The authors declare no competing interests.
References:	Sane, B. O. et al. Interdependency attack-Aware secure and performant virtual machine allocation policies with low attack efficiency and coverage. IEEE Access. 12, 74944–74960. https://doi.org/10.1109/ACCESS.2024.3404949 (2024). (PMID: 10.1109/ACCESS.2024.3404949) Witharana, H., Weerasena, H. & Mishra, P. Formal verification of virtualization-based trusted execution environments. IEEE transactions on computer-aided design of integrated circuits and systems 43, 4262–4273 (2024). (PMID: 10.1109/TCAD.2024.3443008) Gurrala, R. R., Kumar, T. S., Anuradha, K. & Systems, C. Virtual Machine Security Issues and Solutions When it is in Host, 2024 10th International Conference on Advanced Computing and (ICACCS), Coimbatore, India, pp. 441–449, (2024). https://doi.org/10.1109/ICACCS60874.2024.10716932. Ha, G., Chen, Y., Cai, Z., Jia, C. & Shan, X. Random coding responses for resisting side-channel attacks in client-side deduplicated cloud storage. IEEE Trans. Serv. Comput. 18(3), 1697–1710 (2025). (PMID: 10.1109/TSC.2025.3568252) Tabrizchi, H. & Rafsanjani, M. K. A survey on security challenges in cloud computing: issues, threats, and solutions. J. Supercomputing. 76, 9493–9532. https://doi.org/10.1007/s11227-020-03213-1 (2020). (PMID: 10.1007/s11227-020-03213-1) Xing, F., Tong, F., Yang, J., Cheng, G. & He, S. RAM: A Resource-Aware DDoS attack mitigation framework in clouds. IEEE Trans. Cloud Comput. 12 (4), 1387–1400. https://doi.org/10.1109/TCC.2024.3480194 (2024). (PMID: 10.1109/TCC.2024.3480194) Madhubalan, A., Tiwary, P. & Gautam, A. Securing from Unseen: Connected Pattern Kernels (CoPaK) for Zero-Day Intrusion Detection, 2024 1st International Conference on Cyber Security and Computing (CyberComp), Melaka, Malaysia, pp. 137–143, (2024). https://doi.org/10.1109/CyberComp60759.2024.10913579. Suganya, N., Gouthami, P., Sathiya, R., Sivaranjani, S. & Murugesan, M. Enhancing Data Security and Privacy in Cloud Computing: A Survey of Modern Techniques, 2025 3rd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), pp. 530–534, (2025). https://doi.org/10.1109/IDCIOT64235.2025.10914776. Ghadge, N. Enhancing threat detection in identity and access management (IAM) systems. Int. J. Sci. Res. Archive. 11 (02), 2050–2057. https://doi.org/10.30574/ijsra.2024.11.2.0761 (2024). (PMID: 10.30574/ijsra.2024.11.2.0761) Usman Inayat, M. et al. Insider threat mitigation: systematic literature review. Ain Shams Eng. J. 15, Issue 12,, 103068. https://doi.org/10.1016/j.asej.2024.103068 (2024). (PMID: 10.1016/j.asej.2024.103068) Ntambu, P. & Adeshina, S. A. Machine Learning-Based Anomalies Detection in Cloud Virtual Machine Resource Usage, 2021 1st International Conference on Multidisciplinary Engineering and Applied Science (ICMEAS), Abuja, Nigeria, 2021, pp. 1–6. https://doi.org/10.1109/ICMEAS52683.2021.9692308. Zhao, X. et al. DeepVMUnProtect: neural Network-Based recovery of VM-Protected android apps for Semantics-Aware malware detection. IEEE Trans. Inf. Forensics Secur. 20, 3689–3704. https://doi.org/10.1109/TIFS.2025.3550049 (2025). (PMID: 10.1109/TIFS.2025.3550049) Matheus Torquato, P., Maciel, M. & Vieira Evaluation of time-based virtual machine migration as moving target defense against host-based attacks. J. Syst. Softw. 219, 112222. https://doi.org/10.1016/j.jss.2024.112222 (2025). (PMID: 10.1016/j.jss.2024.112222) Saxena, D., Gupta, I., Gupta, R., Singh, A. K. & Wen, X. An AI-driven VM threat prediction model for multi-risks analysis-based cloud cybersecurity. IEEE Transactions on Systems, Man, and Cybernetics: Systems 53(11), 6815–6827 (2023). (PMID: 10.1109/TSMC.2023.3288081) Nassif, A. B., Talib, M. A., Nasir, Q., Albadani, H. & Dakalbab, F. M. Machine learning for cloud security: a systematic review. IEEE Access 9, 20717–20735 (2021). (PMID: 10.1109/ACCESS.2021.3054129) Viharika, S. & Balaji, N. AI-Driven Intrusion Detection Systems in Cloud Infrastructures: A Comprehensive Review of Hybrid Security Models and Future Directions, 4th International Conference on Ubiquitous Computing and Intelligent Information Systems (ICUIS), pp. 1201–1207, (2024). https://doi.org/10.1109/ICUIS64676.2024.10866856. Thaqi, R., Krasniqi, B., Mazrekaj, A. & Rexha, B. Literature review of machine learning and threat intelligence in cloud security, in. IEEE Access 13, 11663–11678 (2025). (PMID: 10.1109/ACCESS.2025.3529636) Abdallah, A. M. et al. Cloud network anomaly detection using machine and deep learning techniques— recent research advancements, in. IEEE Access 12, 56749–56773 (2024). (PMID: 10.1109/ACCESS.2024.3390844) Ajagbe, S. A., Awotunde, J. B. & Florez, H. Intrusion detection: a comparison study of machine learning models using unbalanced dataset. SN Computer Sci. 5(8), 1028 (2024). (PMID: 10.1007/s42979-024-03369-0) Mehmood, M. et al. Privilege escalation attack detection and mitigation in cloud using machine learning, in. IEEE Access 11, 46561–46576 (2023). (PMID: 10.1109/ACCESS.2023.3273895) Kumar Samriya, J., Kumar, S., Kumar, M., Wu, H. & Singh Gill, S. Machine Learning-Based Network Intrusion Detection Optimization for Cloud Computing Environments, in IEEE Transactions on Consumer Electronics, vol. 70, no. 4, pp. 7449–7460, Nov. (2024). https://doi.org/10.1109/TCE.2024.3458810. Bakro, M. et al. Building a cloud-IDS by hybrid bio-inspired feature selection algorithms along with random forest model,. in IEEE Access 12, 8846–8874 (2024). (PMID: 10.1109/ACCESS.2024.3353055) Mishra, P. et al. VMShield: memory introspection-based malware detection to secure cloud-based services against stealthy attacks. in IEEE Transactions on Industrial Informatics 17(10), 6754–6764 (2021). (PMID: 10.1109/TII.2020.3048791) Sayegh, H. & Ridha, W. Enhanced intrusion detection with LSTM-based model, feature selection, and smote for imbalanced data. Appl. Sci. 14(2), 479 (2024). (PMID: 10.3390/app14020479) Sreelatha, G. Transfer Learning Based Bi-GRU for Intrusion Detection System in Cloud Computing, Communications in Computer and Information Science, Springer, vol 2121. https://doi.org/10.1007/978-3-031-61287-9_1. Zhenyue, L., Shen, H. Y. G., Zhang, X., He, H. & Cheng, L. A Transformer-based network intrusion detection approach for cloud security. J. Cloud Comput. 13, 5. https://doi.org/10.1186/s13677-023-00574-9 (2024). (PMID: 10.1186/s13677-023-00574-9) Zhang, S., Jin, T., Zhang, G. & CNN-BiLSTM Cloud Intrusion Detection Method Based on Contractive Auto-Encoder Feature. Enhancement, 2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT), Nanjing, China, 2024, pp. 2265–2270. https://doi.org/10.1109/AINIT61980.2024.10581444. Wang, M., Zhang, Z., Liu, J., Duan, L. & Liu, C. Deep Unsupervised Workload Sequence Anomaly Detection with Fusion of Spatial and Temporal Features in the Cloud, 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), Beijing, China, pp. 141–148, (2020). https://doi.org/10.1109/CLOUD49709.2020.00032. Alper Sarıkaya, M. et al. A combined intrusion detection model using LightGBM and gated recurrent unit. Expert Systems 39(9), e13067 (2022). (PMID: 10.1111/exsy.13067) Brahmam, M. G. VMMISD: an efficient load balancing model for virtual machine migrations via fused metaheuristics with iterative security measures and deep learning optimizations. IEEE Access. 12, 39351–39374 (2024). (PMID: 10.1109/ACCESS.2024.3373465) Pradhan, A., Bisoy, S. K., Kautish, S., Jasser, M. B. & Mohamed, A. W. Intelligent Decision-Making of load balancing using deep reinforcement learning and parallel PSO in cloud environment. IEEE Access. 10, 76939–76952. https://doi.org/10.1109/ACCESS.2022.3192628 (2022). (PMID: 10.1109/ACCESS.2022.3192628) Javadi, S. A. & Gandhi, A. User-Centric Interference-Aware load balancing for Cloud-Deployed applications. IEEE Trans. Cloud Comput. 10 (1), 736–748. https://doi.org/10.1109/TCC.2019.2943560 (2022). (PMID: 10.1109/TCC.2019.2943560) Saxena, D., Singh, A. K. & Buyya, R. OP-MLB: An Online VM Prediction-Based Multi-Objective Load Balancing Framework for Resource Management at Cloud Data Center, IEEE Trans. Cloud Comput., 10, 4, 2804–2816, doi: https://doi.org/10.1109/TCC.2021.3059096 . (2022). Rahdari, A. et al. A survey on privacy and security in distributed cloud computing: exploring federated learning and beyond. IEEE Open. J. Commun. Soc. 6, 3710–3744. https://doi.org/10.1109/OJCOMS.2025.3560034 (2025). (PMID: 10.1109/OJCOMS.2025.3560034) Wang, H., Yang, T., Ding, Y., Tang, S. & Wang, Y. VPPFL: verifiable privacy-preserving federated learning in cloud environment, in IEEE. IEEE Access 12, 151998–152008 (2024). (PMID: 10.1109/ACCESS.2024.3472467) University of New South Wales. [Online]. ToN-IoT dataset, (2020). Available: https://research.unsw.edu.au/projects/toniot-datasets , Accessed: Jan. 2025. Canadian Institute for Cybersecurity. [Online]. CSE-CIC-IDS2018 dataset, (2018). Available: https://www.unb.ca/cic/datasets/ids-2018.html , Accessed: Jan. 2025.
Contributed Indexing:	Keywords: Adaptive defense; Adaptive feature encoder; Anomaly detection; Cloud security; Density-aware clustering; Dynamic mitigation controller; Transformer–boosting classifier; Virtual machine security
Entry Date(s):	Date Created: 20251126 Latest Revision: 20251129
Update Code:	20251129
PubMed Central ID:	PMC12658037
DOI:	10.1038/s41598-025-26221-8
PMID:	41298720
Datenbank:	MEDLINE

Full Text Finder

Nájsť tento článok vo Web of Science

Beschreibung
Abstract:	Virtual Machines (VMs) serve as dynamic execution environments that trade-off workload isolation, performance, and elastic scalability in the cloud. However, the flexibility of VMs which allows for efficiency also makes them susceptible to stealthy and adaptive cyber threats such as resource exhaustion, privilege escalation, and lateral movement. In such environments, the traditional signature- and heuristic-based defenses often encounter difficulties, resulting in high false-positive rates and low-rank under changing attack conditions. To mitigate these limitations, we present a flexible defense system which combines feature extraction, anomaly detection, classification and mitigation in a single pipeline. The system consists of an Adaptive Feature Encoder for concise behavior representation, a Density-Aware Clustering for anomaly detection, a Transformer-Boosting Classifier for timely threat identification, and a Dynamic Mitigation Controller for prompt decision making at runtime, and with low overhead. Experiments on benchmark VM telemetry datasets (ToN-IoT and CSE-CIC-IDS2018) indicate that VMShield provides 99.8% accuracy, 99.7% precision, 99.6% F1-score, and reduces false positives by 35% compared to state-of-the-art baselines. Stress testing ensures scalability, keeping detection latency at ~ 240 ms and overhead under 7%. By integrating the accuracy with operational resilience, proposed adaptive and scalable protection framework offers a practical defense to protect the cloud-hosted VMs from the emerging adversarial threats.<br /> (© 2025. The Author(s).)
ISSN:	2045-2322
DOI:	10.1038/s41598-025-26221-8