A general cloud firewall framework with dynamic resource allocation

Cloud is becoming a dominant computing platform. However, we see few work on how to protect cloud data centers. As a cloud usually hosts many different type of applications, the traditional packet level firewall mechanism is not suitable for cloud platforms in case of complex attacks. It is necessary to perform anomaly detection at the event level. Moreover, protecting objects are more diverse than the traditional firewall. Motivated by this, we propose a general framework of cloud firewall, which features event level detection chain with dynamic resource allocation. We establish a mathematical model for the proposed framework. Moreover, a linear resource investment function is proposed for economical dynamical resource allocation for cloud firewalls. A few conclusions have been extracted for the reference of cloud service providers and designers.