Скачать книгу

physical host, the control manager instance OpenNebula can manage users request regarding cloud storage, networks, and software services.

      The authentication gives the user access to VMs within the cloud [37]. All the physical hosts share multiple virtual machines, and these machines monitor by virtual machine monitors (VMM). OpenNebula perform overall management of a cloud system; it helps the network investigator to analyse forensically captured data of vulnerabilities, risk, cyber-threats, and malicious attacks on cloud network environment for further investigations.

      2.3.2 NetworkMiner Analysis Tool

      NetworkMiner analysis is an open-source network forensics analysis tool that aims to collect malicious attacks or threats over the cloud; these things help in the forensics investigation. In the implementation phase, cloud user direct data collection and separation or filtration layer, where it can start/ stop/reset cloud VMs that running as a forensics service.

      The actual cloud environment provided by OpenNebula and Network Miner is as under:

       The first is to start data collection, trigger to start the forensics process on the cloud network;

       Next is stop data collection, trigger to stop the network forensics process;

       Virtual machine identity (VM-ID) used by OpenNebula for setting the action parameter of an individual virtual machine;

       OpenNebula translating VM-ID into MAC network address;

       Filtering the MAC address;

       Help to capture the PCAP file (Package capture file) used for tackle network traffic;

       An additional component of network forensics Network Miner analysis tool manages the entire VMs analysis (VMM); the main task is to collect, separate, accumulate, and analyze data for proper communication;

       The control manager triggers the overall system action.

      In the next section, we calculate the performance matrix of OpenNebula and NetworkMiner, and also compare both the accuracy and efficiency of the tools to the other well-known network forensics tools.

      2.3.3 Performance Matrix Evaluation & Result Discussion

      Performance evaluation of the proposed architecture is to verify our network forensics cloud-based system performs well enough as compared to the previously published model. The setup of measuring the performance impact on the running VMM manages all VMs in the cloud environment with network forensics. The process consumes computational and power resources to evaluate the model performance, communicate resources that would capture, aggregate and analyse, and transfer network traffic.

      The performance measurement was done by setting the tune of the host system, as well as mention the crucial software specification of the hosts, described below:

       System Software: Linux Ubuntu 18.04;

       Application Software: OpenNebula and NetworkMiner;

       System Specification: x64 2.4GHz Octa-Core 7th Generation CPU with 32GB RAM connected via highly powerful ether-net connectivity up to Gigabit.

Bar chart depicts the measurement of the performance of network forensics while running cloud infrastructure systems.

       Call Function: More than 2,800 times with minimum 20 concurrent requests;

       The time it takes to calculate the call function of cloud users is less than 2 minutes;

       The average performance of VMs is almost 89%;

       Average performance reduction between 3% to 18%.

      Recently, cloud service provides offered Forensics-as-a-Service. Similar to the other cloud services, FaaS is a business service model for digital investigators. One is the addition of cloud resources for the analysis of forensics data by cloud users, and the second is the most prominent aspect that, not account for VMM plus network forensics cloud-based system. Estimate the sets of forensics transferred data to the accumulator that aggregate and then the analyzation process-layer.

      In the next section, we have taken a real-world scenario of cloud security impact on M2M communication and how we can utilize the cloud application in the fourth industrial revolution.

      For an authorized and secure communication channel an autonomous system is required [38], many parts of a system where a machine can communicate with others, such as (i) daemon to backend, (ii) service to service, (iii) IoT tools, and (iv) CLI (client to internet service). Establishing an authorized trust system between client [39], means authorization process attempts to build trust in the cloud environment by authorizing a client. In this case, a cloud client can simply utilize cloud applications, services, and securely processes cloud infrastructure. There is no need to typically authenticate like username/password, two-way authentication, social login, and others. However, provide protected, and secure machines communication, cloud client grant credentials, this credential has two pieces of information, one is the client ID, and the second is secret. This piece of information

Скачать книгу