In the existing French Named Entity Recognition (NER) research, the machine learning models mostly use the character morphological features of words, and the multilingual generic named entity models use the semantic features represented by word embedding, both without taking into account the semantic, character morphological and grammatical features comprehensively. Aiming at this shortcoming, a deep neural network based model CGC-fr was designed to recognize French named entity. Firstly, word embedding, character embedding and grammar feature vector were extracted from the text. Then, character feature was extracted from the character embedding sequence of words by using Convolution Neural Network (CNN). Finally, Bi-directional Gated Recurrent Unit Network (BiGRU) and Conditional Random Field (CRF) were used to label named entities in French text according to word embedding, character feature and grammar feature vector. In the experiments, F1 value of CGC-fr model can reach 82.16% in the test set, which is 5.67 percentage points, 1.79 percentage points and 1.06 percentage points higher than that of NERC-fr, LSTM(Long Short-Term Memory network)-CRF and Char attention models respectively. The experimental results show that CGC-fr model with three features is more advantageous than the others.

In cloud environment, the code of pivotal business in Virtual Machine (VM) can be modified by malicious software in many ways, which can pose a threat to its stable operation. Traditional measurement systems based on host are liable to be bypassed or attacked. To solve the problem that it is difficult to obtain a complete virtual machine running process code and verify its integrity at Virtual Machine Monitor (VMM) layer, a paging-measurement method based on hardware virtualization was proposed. The Kernel-based Virtual Machine (KVM) was used as the VMM to capture the system calls of virtual machine process in VMM and regarde it as the trigger point of the measurement process; the semantic differences of different virtual machine versions were solved by using relative address offset, then the paging-measurement method could verify the code integrity of running process in virtual machine transparently at VMM layer. The implemented prototype system of VMPMS (Virtual Machine Paging-Measurement System) can effectively measure the virtual machine process code with acceptable performance loss.

In order to protect the integrity of the Virtual Machine (VM) sensitive files and make up for the shortcomings such as high performance overhead, low compatibility and poor flexibility in out-of-box monitoring based on the instruction monitoring methods, OFM (Out-of-box File Monitoring) based on hardware virtualization was proposed. In OFM, Kernel-based Virtual Machine (KVM) was used as the virtual machine monitor to dynamically configure sensitive file access control strategy in real-time; in addition, OFM could modify the call table entries related to file operations of virtual machine system to determine the legitimacy of the VM process operation files, and deal with the illegal processes. Unixbench was deployed in a virtual machine to test the performance of OFM. The experimental results demonstrate that OFM outperforms to instruction monitoring methods in file monitoring and has no affect on other types of system calls for virtual machines. Meanwhile, OFM can effectively monitor the integrity of the virtual machine files and provide better compatibility, flexibility and lower performance losses.

In Infrastructure-as-a-Service (IaaS) environment, the limited security service resources and uneven allocation of security resources for multiple tenants causes low efficiency of security service scheduling. To resolve this problem, a tenant security service scheduling framework was designed. Based on the minimum fairness algorithm and the scheduling idea of Fair Scheduler, the minimum sharing resources and resource demand attribute were set for the tenant. Then, the security service resource allocation algorithm was used to satisfy the tenant's resource demand as fair as possible to ensure the minimum sharing resources of the tenant. Finally, a tenant security service scheduling framework was implemented by combining the job scheduling algorithm within tenant and resource preemption algorithm among tenants. The experimental results show that under the condition of random allocation of resources, the proposed security service resource allocation algorithm is better than traditional algorithms in the aspects of resource utilization and operation efficiency, and the security service scheduling framework can solve the uneven allocation of security resources for multiple tenants.

Concerning the problem that the network access control of Virtual Machines (VM) in the cloud computing Infrastructure as a Service (IaaS) platforms, a method of communication access control for VM in IaaS platforms was proposed. The method based on Software Defined Networking (SDN) was realized to customize the communication access control rules from Layer 2 to Layer 4. The experimental results show that the method can manage communication access permissions of tenants' VM flexibly, and ensure the security of tenants' network.

The virtual machines in cloud computing platform exchange data in the shared memory of physical machine. In view of the problem that the traffic cannot be captured and detected in firewall or other security components, the OpenFlow technology was analyzed, and a traffic redirection method based on OpenFlow was presented. To control traffic forwarding process and redirect it to security components, the method provided network connection for virtual machines with OpenFlow controller and virtual switches instead of physical switches, and built a traffic detection system composed of four modules including virtual switch, control unit, intrusion detection and system configuration management. The experimental results show that the proposed scheme can realize traffic redirection and the subsequent detection processing, and the system can provide switch-level and host-level control granularity. It also solves traffic detection problem under cloud computing environment in traditional scene by traffic redirection, and provides great expansion of the traffic processing based on OpenFlow.

Hot topic mining is an important technical foundation for monitoring public opinion. As current hot topic mining methods cannot solve the affection of word noise and have single hot degree evaluation way, a new mining method based on topic cluster evaluation was proposed. After forum data was modeled by Latent Dirichlet Allocation (LDA) topic model and topic noise was cut off, the data were then clustered by improved cluster center selection algorithm K-means++. Finally, clusters were evaluated in three aspects: abruptness, purity and attention degree of topics. The experimental results show that both cluster quality and clustering speed can rise up by setting topic noise threshold to 0.75 and cluster number to 50. The effectiveness of ranking clusters by their probability of the existing hot topic with this method has also been proved on real data sets tests. At last a method was developed for displaying hot topics.

Nutch crawling performance was optimized by tunning Nutch MapReduce job configurations. In order to optimize Nutch performance, firstly Nutch crawling processes were studied from the view of Hadoop. And based on that, the characters of Nutch jobs workflows were analyzed in detail. Then tunned job configurations were generated by profiling Nutch crawling process. The tunned configurations were set before the next job running of the same type. The appropriate profiling interval was selected to consider the balance between cluster environmental error and profiling load, which improved optimization result. The experimental results show that it is indeed more efficient than the original programs by 5% to 14%. The interval value of 5 makes the best optimization result.