# A Security Monitoring Framework For Virtualization Based HEP   Infrastructures

**Authors:** A. Gomez Ramirez, M. Martinez Pedreira, C. Grigoras, L. Betev, C. Lara, and U. Kebschull (for the ALICE Collaboration)

arXiv: 1704.04782 · 2019-08-14

## TL;DR

This paper presents a comprehensive security monitoring framework for virtualization-based High Energy Physics infrastructures, including a dataset for machine learning intrusion detection and a proof-of-concept implementation at CERN.

## Contribution

It introduces a novel security framework tailored for HEP virtualized environments, integrating data collection, anomaly detection, and automated response capabilities.

## Key findings

- Achieved a fully virtualized, secure environment with minimal performance impact.
- Collected a diverse dataset for machine learning-based intrusion detection.
- Demonstrated potential for automated attack detection and response.

## Abstract

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware. This malware was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1704.04782/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/1704.04782/full.md

## References

25 references — full list in the complete paper: https://tomesphere.com/paper/1704.04782/full.md

---
Source: https://tomesphere.com/paper/1704.04782