Read Anytime Anywhere Easy Ebook Downloads at ebookmeta.

com

Machine Learning Techniques and Analytics for

Cloud Security Advances in Learning Analytics for
Intelligent Cloud IoT Systems 1st Edition
Chakraborty
https://ebookmeta.com/product/machine-learning-techniques-
and-analytics-for-cloud-security-advances-in-learning-
analytics-for-intelligent-cloud-iot-systems-1st-edition-
chakraborty/

OR CLICK HERE

DOWLOAD EBOOK

Visit and Get More Ebook Downloads Instantly at https://ebookmeta.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Machine Learning Approach for Cloud Data Analytics in IoT

1st Edition Sachi Nandan Mohanty (Editor)

https://ebookmeta.com/product/machine-learning-approach-for-cloud-
data-analytics-in-iot-1st-edition-sachi-nandan-mohanty-editor/

ebookmeta.com

Machine Learning for Intelligent Multimedia Analytics

Techniques and Applications Pardeep Kumar Amit Kumar Singh
Eds
https://ebookmeta.com/product/machine-learning-for-intelligent-
multimedia-analytics-techniques-and-applications-pardeep-kumar-amit-
kumar-singh-eds/
ebookmeta.com

Machine Learning and IoT for Intelligent Systems and Smart

Applications 1st Edition

https://ebookmeta.com/product/machine-learning-and-iot-for-
intelligent-systems-and-smart-applications-1st-edition/

ebookmeta.com

An Analysis of Emile Durkheim s On Suicide 1st Edition

Robert Easthope

https://ebookmeta.com/product/an-analysis-of-emile-durkheim-s-on-
suicide-1st-edition-robert-easthope/

ebookmeta.com
Moonrise Exile Moonrise 1 1st Edition Avelina Kelde

https://ebookmeta.com/product/moonrise-exile-moonrise-1-1st-edition-
avelina-kelde/

ebookmeta.com

Inflammation and Natural Products 1st Edition Sreeraj Gopi

https://ebookmeta.com/product/inflammation-and-natural-products-1st-
edition-sreeraj-gopi/

ebookmeta.com

A World to Live In An Ecologist s Vision for a Plundered

Planet 1st Edition George M Woodwell

https://ebookmeta.com/product/a-world-to-live-in-an-ecologist-s-
vision-for-a-plundered-planet-1st-edition-george-m-woodwell/

ebookmeta.com

Lonely Planet California s Best Trips 33 Amazing Road

Trips 4th Edition Lonely Planet

https://ebookmeta.com/product/lonely-planet-california-s-best-
trips-33-amazing-road-trips-4th-edition-lonely-planet/

ebookmeta.com

Simply Psychology 5th Edition Michael W. Eysenck

https://ebookmeta.com/product/simply-psychology-5th-edition-michael-w-
eysenck/

ebookmeta.com
Engineering Deep Learning Systems (MEAP V04) 1 / MEAP v04
Edition Chi Wang

https://ebookmeta.com/product/engineering-deep-learning-systems-
meap-v04-1-meap-v04-edition-chi-wang/

ebookmeta.com
 Machine Learning Techniques
and Analytics for Cloud Security
 Scrivener Publishing
100 Cummings Center, Suite 541J
Beverly, MA 01915-6106

Advances in Learning Analytics for Intelligent Cloud-IoT Systems

Series Editor: Dr. Souvik Pal and Dr. Dac-Nhuong Le

The role of adaptation, learning analytics, computational Intelligence, and data analytics in the field
of cloud-IoT systems is becoming increasingly essential and intertwined. The capability of an
intelligent system depends on various self-decision-making algorithms in IoT devices. IoT-based
smart systems generate a large amount of data (big data) that cannot be processed by traditional data
processing algorithms and applications. Hence, this book series involves different computational
methods incorporated within the system with the help of analytics reasoning and sense-making in big
data, which is centered in the cloud and IoT-enabled environments. The series publishes volumes that
are empirical studies, theoretical and numerical analysis, and novel research findings.

Submission to the series:

Please send proposals to Dr. Souvik Pal, Department of Computer Science and Engineering,
Global Institute of Management and Technology, Krishna Nagar, West Bengal, India.
E-mail: [email protected]

Publishers at Scrivener
Martin Scrivener ([email protected])
Phillip Carmical ([email protected])
 Machine Learning Techniques
and Analytics for Cloud Security

Edited by
Rajdeep Chakraborty
Anupam Ghosh
and
Jyotsna Kumar Mandal
This edition first published 2022 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener
Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA
© 2022 Scrivener Publishing LLC
For more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or
by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to
obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

Wiley Global Headquarters

111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.
wiley.com.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no rep­resentations or warran-
ties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation any implied warranties of merchant-­ability or fitness for a particular purpose. No warranty may be created
or extended by sales representa­tives, written sales materials, or promotional statements for this work. The fact that an orga-
nization, website, or product is referred to in this work as a citation and/or potential source of further informa­tion does not
mean that the publisher and authors endorse the information or services the organiza­tion, website, or product may provide or
recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering pro-
fessional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with
a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial
damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware
that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

Library of Congress Cataloging-in-Publication Data

ISBN 978-1-119-76225-6

Cover images: Pixabay.Com

Cover design by Russell Richardson

Set in size of 11pt and Minion Pro by Manila Typesetting Company, Makati, Philippines

Printed in the USA

10 9 8 7 6 5 4 3 2 1
 Contents

Preface xix
Part I: Conceptual Aspects on Cloud and Applications
of Machine Learning 1
1 Hybrid Cloud: A New Paradigm in Cloud Computing 3
Moumita Deb and Abantika Choudhury
1.1 Introduction 3
1.2 Hybrid Cloud 5
1.2.1 Architecture 6
1.2.2 Why Hybrid Cloud is Required? 6
1.2.3 Business and Hybrid Cloud 7
1.2.4 Things to Remember When Deploying Hybrid Cloud 8
1.3 Comparison Among Different Hybrid Cloud Providers 9
1.3.1 Cloud Storage and Backup Benefits 11
1.3.2 Pros and Cons of Different Service Providers 11
1.3.2.1 AWS Outpost 12
1.3.2.2 Microsoft Azure Stack 12
1.3.2.3 Google Cloud Anthos 12
1.3.3 Review on Storage of the Providers 13
1.3.3.1 AWS Outpost Storage 13
1.3.3.2 Google Cloud Anthos Storage 13
1.3.4 Pricing 15
1.4 Hybrid Cloud in Education 15
1.5 Significance of Hybrid Cloud Post-Pandemic 15
1.6 Security in Hybrid Cloud 16
1.6.1 Role of Human Error in Cloud Security 18
1.6.2 Handling Security Challenges 18
1.7 Use of AI in Hybrid Cloud 19
1.8 Future Research Direction 21
1.9 Conclusion 22
References 22

v
vi Contents

2 Recognition of Differentially Expressed Glycan Structure

of H1N1 Virus Using Unsupervised Learning Framework 25
Shillpi Mishrra
2.1 Introduction 25
2.2 Proposed Methodology 27
2.3 Result 28
2.3.1 Description of Datasets 29
2.3.2 Analysis of Result 29
2.3.3 Validation of Results 31
2.3.3.1 T-Test (Statistical Validation) 31
2.3.3.2 Statistical Validation 33
2.3.4 Glycan Cloud 37
2.4 Conclusions and Future Work 38
References 39
3 Selection of Certain Cancer Mediating Genes Using a Hybrid
Model Logistic Regression Supported by Principal Component
Analysis (PC-LR) 41
Subir Hazra, Alia Nikhat Khurshid and Akriti
3.1 Introduction 41
3.2 Related Methods 44
3.3 Methodology 46
3.3.1 Description 47
3.3.2 Flowchart 49
3.3.3 Algorithm 49
3.3.4 Interpretation of the Algorithm 50
3.3.5 Illustration 50
3.4 Result 51
3.4.1 Description of the Dataset 51
3.4.2 Result Analysis 51
3.4.3 Result Set Validation 52
3.5 Application in Cloud Domain 56
3.6 Conclusion 58
References 59

Part II: Cloud Security Systems Using Machine Learning

Techniques 61
4 Cost-Effective Voice-Controlled Real-Time Smart Informative
Interface Design With Google Assistance Technology 63
Soumen Santra, Partha Mukherjee and Arpan Deyasi
4.1 Introduction 64
4.2 Home Automation System 65
4.2.1 Sensors 65
4.2.2 Protocols 66
4.2.3 Technologies 66
 Contents vii

4.2.4 Advantages 67
4.2.5 Disadvantages 67
4.3 Literature Review 67
4.4 Role of Sensors and Microcontrollers in Smart Home Design 68
4.5 Motivation of the Project 70
4.6 Smart Informative and Command Accepting Interface 70
4.7 Data Flow Diagram 71
4.8 Components of Informative Interface 72
4.9 Results 73
4.9.1 Circuit Design 73
4.9.2 LDR Data 76
4.9.3 API Data 76
4.10 Conclusion 78
4.11 Future Scope 78
References 78
5 Symmetric Key and Artificial Neural Network With Mealy Machine:
A Neoteric Model of Cryptosystem for Cloud Security 81
Anirban Bhowmik, Sunil Karforma and Joydeep Dey
5.1 Introduction 81
5.2 Literature Review 85
5.3 The Problem 86
5.4 Objectives and Contributions 86
5.5 Methodology 87
5.6 Results and Discussions 91
5.6.1 Statistical Analysis 93
5.6.2 Randomness Test of Key 94
5.6.3 Key Sensitivity Analysis 95
5.6.4 Security Analysis 96
5.6.5 Dataset Used on ANN 96
5.6.6 Comparisons 98
5.7 Conclusions 99
References 99
6 An Efficient Intrusion Detection System on Various Datasets Using
Machine Learning Techniques 103
Debraj Chatterjee
6.1 Introduction 103
6.2 Motivation and Justification of the Proposed Work 104
6.3 Terminology Related to IDS 105
6.3.1 Network 105
6.3.2 Network Traffic 105
6.3.3 Intrusion 106
6.3.4 Intrusion Detection System 106
6.3.4.1 Various Types of IDS 108
6.3.4.2 Working Methodology of IDS 108
viii Contents

6.3.4.3 Characteristics of IDS 109

6.3.4.4 Advantages of IDS 110
6.3.4.5 Disadvantages of IDS 111
6.3.5 Intrusion Prevention System (IPS) 111
6.3.5.1 Network-Based Intrusion Prevention System (NIPS) 111
6.3.5.2 Wireless Intrusion Prevention System (WIPS) 112
6.3.5.3 Network Behavior Analysis (NBA) 112
6.3.5.4 Host-Based Intrusion Prevention System (HIPS) 112
6.3.6 Comparison of IPS With IDS/Relation Between IDS and IPS 112
6.3.7 Different Methods of Evasion in Networks 113
6.4 Intrusion Attacks on Cloud Environment 114
6.5 Comparative Studies 116
6.6 Proposed Methodology 121
6.7 Result 122
6.8 Conclusion and Future Scope 125
References 126
7 You Are Known by Your Mood: A Text-Based Sentiment Analysis
for Cloud Security 129
Abhijit Roy and Parthajit Roy
7.1 Introduction 129
7.2 Literature Review 131
7.3 Essential Prerequisites 133
7.3.1 Security Aspects 133
7.3.2 Machine Learning Tools 135
7.3.2.1 Naïve Bayes Classifier 135
7.3.2.2 Artificial Neural Network 136
7.4 Proposed Model 136
7.5 Experimental Setup 138
7.6 Results and Discussions 139
7.7 Application in Cloud Security 142
7.7.1 Ask an Intelligent Security Question 142
7.7.2 Homomorphic Data Storage 142
7.7.3 Information Diffusion 144
7.8 Conclusion and Future Scope 144
References 145
8 The State-of-the-Art in Zero-Knowledge Authentication Proof
for Cloud 149
Priyanka Ghosh
8.1 Introduction 149
8.2 Attacks and Countermeasures 153
8.2.1 Malware and Ransomware Breaches 154
8.2.2 Prevention of Distributing Denial of Service 154
8.2.3 Threat Detection 154
8.3 Zero-Knowledge Proof 154
 Contents ix

8.4 Machine Learning for Cloud Computing 156

8.4.1 Types of Learning Algorithms 156
8.4.1.1 Supervised Learning 156
8.4.1.2 Supervised Learning Approach 156
8.4.1.3 Unsupervised Learning 157
8.4.2 Application on Machine Learning for Cloud Computing 157
8.4.2.1 Image Recognition 157
8.4.2.2 Speech Recognition 157
8.4.2.3 Medical Diagnosis 158
8.4.2.4 Learning Associations 158
8.4.2.5 Classification 158
8.4.2.6 Prediction 158
8.4.2.7 Extraction 158
8.4.2.8 Regression 158
8.4.2.9 Financial Services 159
8.5 Zero-Knowledge Proof: Details 159
8.5.1 Comparative Study 159
8.5.1.1 Fiat-Shamir ZKP Protocol 159
8.5.2 Diffie-Hellman Key Exchange Algorithm 161
8.5.2.1 Discrete Logarithm Attack 161
8.5.2.2 Man-in-the-Middle Attack 162
8.5.3 ZKP Version 1 162
8.5.4 ZKP Version 2 162
8.5.5 Analysis 164
8.5.6 Cloud Security Architecture 166
8.5.7 Existing Cloud Computing Architectures 167
8.5.8 Issues With Current Clouds 167
8.6 Conclusion 168
References 169
9 A Robust Approach for Effective Spam Detection Using Supervised
Learning Techniques 171
Amartya Chakraborty, Suvendu Chattaraj, Sangita Karmakar
and Shillpi Mishrra
9.1 Introduction 171
9.2 Literature Review 173
9.3 Motivation 174
9.4 System Overview 175
9.5 Data Description 176
9.6 Data Processing 176
9.7 Feature Extraction 178
9.8 Learning Techniques Used 179
9.8.1 Support Vector Machine 179
9.8.2 k-Nearest Neighbors 180
9.8.3 Decision Tree 180
9.8.4 Convolutional Neural Network 180
x Contents

9.9 Experimental Setup 182

9.10 Evaluation Metrics 183
9.11 Experimental Results 185
9.11.1 Observations in Comparison With State-of-the-Art 187
9.12 Application in Cloud Architecture 188
9.13 Conclusion 189
References 190
10 An Intelligent System for Securing Network From Intrusion Detection
and Prevention of Phishing Attack Using Machine Learning Approaches 193
Sumit Banik, Sagar Banik and Anupam Mukherjee
10.1 Introduction 193
10.1.1 Types of Phishing 195
10.1.1.1 Spear Phishing 195
10.1.1.2 Whaling 195
10.1.1.3 Catphishing and Catfishing 195
10.1.1.4 Clone Phishing 196
10.1.1.5 Voice Phishing 196
10.1.2 Techniques of Phishing 196
10.1.2.1 Link Manipulation 196
10.1.2.2 Filter Evasion 196
10.1.2.3 Website Forgery 196
10.1.2.4 Covert Redirect 197
10.2 Literature Review 197
10.3 Materials and Methods 199
10.3.1 Dataset and Attributes 199
10.3.2 Proposed Methodology 199
10.3.2.1 Logistic Regression 202
10.3.2.2 Naïve Bayes 202
10.3.2.3 Support Vector Machine 203
10.3.2.4 Voting Classification 203
10.4 Result Analysis 204
10.4.1 Analysis of Different Parameters for ML Models 204
10.4.2 Predictive Outcome Analysis in Phishing URLs Dataset 205
10.4.3 Analysis of Performance Metrics 206
10.4.4 Statistical Analysis of Results 210
‌10.4.4.1 ANOVA: Two-Factor Without Replication 210
10.4.4.2 ANOVA: Single Factor 210
10.5 Conclusion 210
References 211

Part III: Cloud Security Analysis Using Machine Learning

Techniques 213
11 Cloud Security Using Honeypot Network and Blockchain: A Review 215
Smarta Sangui and Swarup Kr Ghosh
*

11.1 Introduction 215

 Contents xi

11.2 Cloud Computing Overview 216

11.2.1 Types of Cloud Computing Services 216
11.2.1.1 Software as a Service 216
11.2.1.2 Infrastructure as a Service 218
11.2.1.3 Platform as a Service 218
11.2.2 Deployment Models of Cloud Computing 218
11.2.2.1 Public Cloud 218
11.2.2.2 Private Cloud 218
11.2.2.3 Community Cloud 219
11.2.2.4 Hybrid Cloud 219
11.2.3 Security Concerns in Cloud Computing 219
11.2.3.1 Data Breaches 219
11.2.3.2 Insufficient Change Control and Misconfiguration 219
11.2.3.3 Lack of Strategy and Security Architecture 220
11.2.3.4 Insufficient Identity, Credential, Access,
and Key Management 220
11.2.3.5 Account Hijacking 220
11.2.3.6 Insider Threat 220
11.2.3.7 Insecure Interfaces and APIs 220
11.2.3.8 Weak Control Plane 221
11.3 Honeypot System 221
11.3.1 VM (Virtual Machine) as Honeypot in the Cloud 221
11.3.2 Attack Sensing and Analyzing Framework 222
11.3.3 A Fuzzy Technique Against Fingerprinting Attacks 223
11.3.4 Detecting and Classifying Malicious Access 224
11.3.5 A Bayesian Defense Model for Deceptive Attack 224
11.3.6 Strategic Game Model for DDoS Attacks in Smart Grid 226
11.4 Blockchain 227
11.4.1 Blockchain-Based Encrypted Cloud Storage 228
11.4.2 Cloud-Assisted EHR Sharing via Consortium Blockchain 229
11.4.3 Blockchain-Secured Cloud Storage 230
11.4.4 Blockchain and Edge Computing–Based Security Architecture 230
11.4.5 Data Provenance Architecture in Cloud Ecosystem
Using Blockchain 231
11.6 Comparative Analysis 233
11.7 Conclusion 233
References 234
12 Machine Learning–Based Security in Cloud Database—A Survey 239
Utsav Vora, Jayleena Mahato, Hrishav Dasgupta, Anand Kumar
and Swarup Kr Ghosh
12.1 Introduction 239
12.2 Security Threats and Attacks 241
12.3 Dataset Description 244
12.3.1 NSL-KDD Dataset 244
12.3.2 UNSW-NB15 Dataset 244
xii Contents

12.4 Machine Learning for Cloud Security 245

12.4.1 Supervised Learning Techniques 245
12.4.1.1 Support Vector Machine 245
12.4.1.2 Artificial Neural Network 247
12.4.1.3 Deep Learning 249
12.4.1.4 Random Forest 250
12.4.2 Unsupervised Learning Techniques 251
12.4.2.1 K-Means Clustering 252
12.4.2.2 Fuzzy C-Means Clustering 253
12.4.2.3 Expectation-Maximization Clustering 253
12.4.2.4 Cuckoo Search With Particle Swarm
Optimization (PSO) 254
12.4.3 Hybrid Learning Techniques 256
12.4.3.1 HIDCC: Hybrid Intrusion Detection Approach
in Cloud Computing 256
12.4.3.2 Clustering-Based Hybrid Model in Deep Learning
Framework 257
12.4.3.3 K-Nearest Neighbor–Based Fuzzy C-Means
Mechanism 258
12.4.3.4 K-Means Clustering Using Support Vector Machine 260
12.4.3.5 K-Nearest Neighbor–Based Artificial Neural
Network Mechanism 260
12.4.3.6 Artificial Neural Network Fused With Support
Vector Machine 261
12.4.3.7 Particle Swarm Optimization–Based Probabilistic
Neural Network 261
12.5 Comparative Analysis 262
12.6 Conclusion 264
References 267
13 Machine Learning Adversarial Attacks: A Survey Beyond 271
Chandni Magoo and Puneet Garg
13.1 Introduction 271
13.2 Adversarial Learning 272
13.2.1 Concept 272
13.3 Taxonomy of Adversarial Attacks 273
13.3.1 Attacks Based on Knowledge 273
13.3.1.1 Black Box Attack (Transferable Attack) 273
13.3.1.2 White Box Attack 274
13.3.2 Attacks Based on Goals 275
13.3.2.1 Target Attacks 275
13.3.2.2 Non-Target Attacks 275
13.3.3 Attacks Based on Strategies 275
13.3.3.1 Poisoning Attacks 275
13.3.3.2 Evasion Attacks 276
 Contents xiii

13.3.4 Textual-Based Attacks (NLP) 276

13.3.4.1 Character Level Attacks 276
13.3.4.2 Word-Level Attacks 276
13.3.4.3 Sentence-Level Attacks 276
13.4 Review of Adversarial Attack Methods 276
13.4.1 L-BFGS 277
13.4.2 Feedforward Derivation Attack (Jacobian Attack) 277
13.4.3 Fast Gradient Sign Method 278
13.4.4 Methods of Different Text-Based Adversarial Attacks 278
13.4.5 Adversarial Attacks Methods Based on Language Models 284
13.4.6 Adversarial Attacks on Recommender Systems 284
13.4.6.1 Random Attack 284
13.4.6.2 Average Attack 286
13.4.6.3 Bandwagon Attack 286
13.4.6.4 Reverse Bandwagon Attack 286
13.5 Adversarial Attacks on Cloud-Based Platforms 287
13.6 Conclusion 288
References 288
14 Protocols for Cloud Security 293
Weijing You and Bo Chen
14.1 Introduction 293
14.2 System and Adversarial Model 295
14.2.1 System Model 295
14.2.2 Adversarial Model 295
14.3 Protocols for Data Protection in Secure Cloud Computing 296
14.3.1 Homomorphic Encryption 297
14.3.2 Searchable Encryption 298
14.3.3 Attribute-Based Encryption 299
14.3.4 Secure Multi-Party Computation 300
14.4 Protocols for Data Protection in Secure Cloud Storage 301
14.4.1 Proofs of Encryption 301
14.4.2 Secure Message-Locked Encryption 303
14.4.3 Proofs of Storage 303
14.4.4 Proofs of Ownership 305
14.4.5 Proofs of Reliability 306
14.5 Protocols for Secure Cloud Systems 309
14.6 Protocols for Cloud Security in the Future 309
14.7 Conclusion 310
References 311
xiv Contents

Part IV: Case Studies Focused on Cloud Security 313

15 A Study on Google Cloud Platform (GCP) and Its Security 315
Agniswar Roy, Abhik Banerjee and Navneet Bhardwaj
15.1 Introduction 315
15.1.1 Google Cloud Platform Current Market Holding 316
15.1.1.1 The Forrester Wave 317
15.1.1.2 Gartner Magic Quadrant 317
15.1.2 Google Cloud Platform Work Distribution 317
15.1.2.1 SaaS 318
15.1.2.2 PaaS 318
15.1.2.3 IaaS 318
15.1.2.4 On-Premise 318
15.2 Google Cloud Platform’s Security Features Basic Overview 318
15.2.1 Physical Premises Security 319
15.2.2 Hardware Security 319
15.2.3 Inter-Service Security 319
15.2.4 Data Security 320
15.2.5 Internet Security 320
15.2.6 In-Software Security 320
15.2.7 End User Access Security 321
15.3 Google Cloud Platform’s Architecture 321
15.3.1 Geographic Zone 321
15.3.2 Resource Management 322
15.3.2.1 IAM 322
15.3.2.2 Roles 323
15.3.2.3 Billing 323
15.4 Key Security Features 324
15.4.1 IAP 324
15.4.2 Compliance 325
15.4.3 Policy Analyzer 326
15.4.4 Security Command Center 326
15.4.4.1 Standard Tier 326
15.4.4.2 Premium Tier 326
15.4.5 Data Loss Protection 329
15.4.6 Key Management 329
15.4.7 Secret Manager 330
15.4.8 Monitoring 330
15.5 Key Application Features 330
15.5.1 Stackdriver (Currently Operations) 330
15.5.1.1 Profiler 330
15.5.1.2 Cloud Debugger 330
15.5.1.3 Trace 331
15.5.2 Network 331
15.5.3 Virtual Machine Specifications 332
 Contents xv

15.5.4 Preemptible VMs 332

15.6 Computation in Google Cloud Platform 332
15.6.1 Compute Engine 332
15.6.2 App Engine 333
15.6.3 Container Engine 333
15.6.4 Cloud Functions 333
15.7 Storage in Google Cloud Platform 333
15.8 Network in Google Cloud Platform 334
15.9 Data in Google Cloud Platform 334
15.10 Machine Learning in Google Cloud Platform 335
15.11 Conclusion 335
References 337
16 Case Study of Azure and Azure Security Practices 339
Navneet Bhardwaj, Abhik Banerjee and Agniswar Roy
16.1 Introduction 339
16.1.1 Azure Current Market Holding 340
16.1.2 The Forrester Wave 340
16.1.3 Gartner Magic Quadrant 340
16.2 Microsoft Azure—The Security Infrastructure 341
16.2.1 Azure Security Features and Tools 341
16.2.2 Network Security 342
16.3 Data Encryption 342
16.3.1 Data Encryption at Rest 342
16.3.2 Data Encryption at Transit 342
16.3.3 Asset and Inventory Management 343
16.3.4 Azure Marketplace 343
16.4 Azure Cloud Security Architecture 344
16.4.1 Working 344
16.4.2 Design Principles 344
16.4.2.1 Alignment of Security Policies 344
16.4.2.2 Building a Comprehensive Strategy 345
16.4.2.3 Simplicity Driven 345
16.4.2.4 Leveraging Native Controls 345
16.4.2.5 Identification-Based Authentication 345
16.4.2.6 Accountability 345
16.4.2.7 Embracing Automation 345
16.4.2.8 Stress on Information Protection 345
16.4.2.9 Continuous Evaluation 346
16.4.2.10 Skilled Workforce 346
16.5 Azure Architecture 346
16.5.1 Components 346
16.5.1.1 Azure Api Gateway 346
16.5.1.2 Azure Functions 346
16.5.2 Services 347
16.5.2.1 Azure Virtual Machine 347
xvi Contents

16.5.2.2 Blob Storage 347

16.5.2.3 Azure Virtual Network 348
16.5.2.4 Content Delivery Network 348
16.5.2.5 Azure SQL Database 349
16.6 Features of Azure 350
16.6.1 Key Features 350
16.6.1.1 Data Resiliency 350
16.6.1.2 Data Security 350
16.6.1.3 BCDR Integration 350
16.6.1.4 Storage Management 351
16.6.1.5 Single Pane View 351
16.7 Common Azure Security Features 351
16.7.1 Security Center 351
16.7.2 Key Vault 351
16.7.3 Azure Active Directory 352
16.7.3.1 Application Management 352
16.7.3.2 Conditional Access 352
16.7.3.3 Device Identity Management 352
​16.7.3.4 Identity Protection 353
16.7.3.5 Azure Sentinel 353
16.7.3.6 Privileged Identity Management 354
16.7.3.7 Multifactor Authentication 354
16.7.3.8 Single Sign On 354
16.8 Conclusion 355
References 355
17 Nutanix Hybrid Cloud From Security Perspective 357
Abhik Banerjee, Agniswar Roy, Amar Kalvikatte and Navneet Bhardwaj
17.1 Introduction 357
17.2 Growth of Nutanix 358
17.2.1 Gartner Magic Quadrant 358
17.2.2 The Forrester Wave 358
17.2.3 Consumer Acquisition 359
17.2.4 Revenue 359
17.3 Introductory Concepts 361
17.3.1 Plane Concepts 361
17.3.1.1 Control Plane 361
17.3.1.2 Data Plane 361
17.3.2 Security Technical Implementation Guides 362
17.3.3 SaltStack and SCMA 362
17.4 Nutanix Hybrid Cloud 362
17.4.1 Prism 362
17.4.1.1 Prism Element 363
17.4.1.2 Prism Central 364
17.4.2 Acropolis 365
17.4.2.1 Distributed Storage Fabric 365
 Contents xvii

17.4.2.2 AHV 367

17.5 Reinforcing AHV and Controller VM 367
17.6 Disaster Management and Recovery 368
17.6.1 Protection Domains and Consistent Groups 368
17.6.2 Nutanix DSF Replication of OpLog 369
17.6.3 DSF Snapshots and VmQueisced Snapshot Service 370
17.6.4 Nutanix Cerebro 370
17.7 Security and Policy Management on Nutanix Hybrid Cloud 371
17.7.1 Authentication on Nutanix 372
17.7.2 Nutanix Data Encryption 372
17.7.3 Security Policy Management 373
17.7.3.1 Enforcing a Policy 374
17.7.3.2 Priority of a Policy 374
17.7.3.3 Automated Enforcement 374
17.8 Network Security and Log Management 374
17.8.1 Segmented and Unsegmented Network 375
17.9 Conclusion 376
References 376

Part V: Policy Aspects 379

18 A Data Science Approach Based on User Interactions to Generate
Access Control Policies for Large Collections of Documents 381
Jedidiah Yanez-Sierra, Arturo Diaz-Perez and Victor Sosa-Sosa
18.1 Introduction 381
18.2 Related Work 383
18.3 Network Science Theory 384
18.4 Approach to Spread Policies Using Networks Science 387
18.4.1 Finding the Most Relevant Spreaders 388
18.4.1.1 Weighting Users 389
18.4.1.2 Selecting the Top  Spreaders 390
18.4.2 Assign and Spread the Access Control Policies 390
18.4.2.1 Access Control Policies 391
18.4.2.2 Horizontal Spreading 391
18.4.2.3 Vertical Spreading (Bottom-Up) 392
18.4.2.4 Policies Refinement 395
18.4.3 Structural Complexity Analysis of CP-ABE Policies 395
18.4.3.1 Assessing the WSC for ABE Policies 396
18.4.3.2 Assessing the Policies Generated in the Spreading
Process 397
18.4.4 Effectiveness Analysis 398
18.4.4.1 Evaluation Metrics 399
18.4.4.2 Adjusting the Interaction Graph to Assess Policy
Effectiveness 400
18.4.4.3 Method to Complement the User Interactions
(Synthetic Edges Generation) 400
xviii Contents

18.4.5 Measuring Policy Effectiveness in the User Interaction Graph 403

18.4.5.1 Simple Node-Based Strategy 403
18.4.5.2 Weighted Node-Based Strategy 404
18.5 Evaluation 405
18.5.1 Dataset Description 405
18.5.2 Results of the Complexity Evaluation 406
18.5.3 Effectiveness Results From the Real Edges 407
18.5.4 Effectiveness Results Using Real and Synthetic Edges 408
18.5.4.1 Results of the Effectiveness Metrics for the Enhanced
G+ Graph 410
18.6 Conclusions 413
References 414
19 AI, ML, & Robotics in iSchools: An Academic Analysis for an Intelligent
Societal Systems 417
P. K. Paul
19.1 Introduction 417
19.2 Objective 419
19.3 Methodology 420
19.3.1 iSchools, Technologies, and Artificial Intelligence,
ML, and Robotics 420
19.4 Artificial Intelligence, ML, and Robotics: An Overview 427
19.5 Artificial Intelligence, ML, and Robotics as an Academic Program:
A Case on iSchools—North American Region 428
19.6 Suggestions 431
19.7 Motivation and Future Works 435
19.8 Conclusion 435
References 436
Index 439
 Preface

Our objective in writing this book was to provide the reader with an in-depth knowledge
of how to integrate machine learning (ML) approaches to meet various analytical issues
in cloud security deemed necessary due to the advancement of IoT networks. Although
one of the ways to achieve cloud security is by using ML, the technique has long-­standing
challenges that require methodological and theoretical approaches. Therefore, because the
conventional cryptographic approach is less frequently applied in resource-constrained
devices, the ML approach may be effectively used in providing security in the constantly
growing cloud environment. Machine learning algorithms can also be used to meet various
cloud security issues for effective intrusion detection and zero-knowledge authentication
systems. Moreover, these algorithms can also be used in applications and for much more,
including measuring passive attacks and designing protocols and privacy systems. This
book contains case studies/projects for implementing some security features based on ML
algorithms and analytics. It will provide learning paradigms for the field of artificial intelli-
gence and the deep learning community, with related datasets to help delve deeper into ML
for cloud security.
This book is organized into five parts. As the entire book is based on ML techniques,
the three chapters contained in “Part I: Conceptual Aspects of Cloud and Applications of
Machine Learning,” describe cloud environments and ML methods and techniques. The
seven chapters in “Part II: Cloud Security Systems Using Machine Learning Techniques,”
describe ML algorithms and techniques which are hard coded and implemented for pro-
viding various security aspects of cloud environments. The four chapters of “Part III: Cloud
Security Analysis Using Machine Learning Techniques,” present some of the recent studies
and surveys of ML techniques and analytics for providing cloud security. The next three
chapters in “Part IV: Case Studies Focused on Cloud Security,” are unique to this book as
they contain three case studies of three cloud products from a security perspective. These
three products are mainly in the domains of public cloud, private cloud and hybrid cloud.
Finally, the two chapters in “Part V: Policy Aspects,” pertain to policy aspects related to
the cloud environment and cloud security using ML techniques and analytics. Each of the
chapters mentioned above are individually highlighted chapter by chapter below.

Part I: Conceptual Aspects of Cloud and Applications of Machine Learning

–– Chapter 1 begins with an introduction to various parameters of cloud such
as scalability, cost, speed, reliability, performance and security. Next, hybrid
cloud is discussed in detail along with cloud architecture and how it func-
tions. A brief comparison of various cloud providers is given next. After the

xix
xx Preface

use of cloud in education, finance, etc., is described, the chapter concludes

with a discussion of security aspects of a cloud environment.
–– Chapter 2 discusses how to recognize differentially expressed glycan struc-
ture of H1N1 virus using unsupervised learning framework. This chap-
ter gives the reader a better understanding of machine learning (ML) and
analytics. Next, the detailed workings of an ML methodology are presented
along with a flowchart. The result part of this chapter contains the analytics
for the ML technique.
–– Chapter 3 presents a hybrid model of logistic regression supported by PC-LR
to select cancer mediating genes. This is another good chapter to help bet-
ter understand ML techniques and analytics. It provides the details of an
ML learning methodology and algorithms with results and analysis using
datasets.

Part II: Cloud Security Systems Using Machine Learning Techniques

–– Chapter 4 shows the implementation of a voice-controlled real-time smart
informative interface design with Google assistance technology that is more
cost-effective than the existing products on the market. This system can be
used for various cloud-based applications such as home automation. It uses
microcontrollers and sensors in smart home design which can be connected
through cloud database. Security concerns are also discussed in this chapter.
–– Chapter 5 discusses a neoteric model of a cryptosystem for cloud security
by using symmetric key and artificial neural network with Mealy machine.
A cryptosystem is used to provide data or information confidentiality and a
state-based cryptosystem is implemented using Mealy machine. This chapter
gives a detailed algorithm with results generated using Lenovo G80 with pro-
cessor Intel® Pentium® CPU B950@210GHz and RAM 2GB and program-
ming language Turbo C, DebC++ and disc drive SA 9500326AS ATA and
Windows 7 Ultimate (32 Bits) OS.
–– Chapter 6 describes the implementation of an effective intrusion detection
system using ML techniques through various datasets. The chapter begins
with a description of an intrusion detection system and how it is beneficial
for cloud environment. Next, various intrusion attacks on cloud environment
are described along with a comparative study. Finally, a proposed methodol-
ogy of IDS in cloud environment is given along with implementation results.
–– Chapter 7 beautifully describes text-based sentiment analysis for cloud secu-
rity that extracts the mood of users in a cloud environment, which is an
evolving topic in ML. A proposed model for text-based sentiment analysis
is presented along with an experimental setup with implementation results.
Since text-based sentiment analysis potentially identifies malicious users in a
cloud environment, the chapter concludes with applications of this method
and implementation for cloud security.
–– Chapter 8 discusses zero-knowledge proof (ZKP) for cloud, which is a
method for identifying legitimate users without revealing their identity. The
ZKP consist of three parts: the first is ticket generator, the second is user,
 Preface xxi

and the third is verifier. For example, to see a movie in a theater we purchase
ticket. So, the theater counter is the ticket generator; and while purchasing
a ticket here we generally don’t reveal our identifying information such as
name, address or social security number. We are allowed to enter the theater
when this ticket is verified at the gate, so, this is the verifier algorithm. This
chapter also discusses ZKP for cloud security.
–– Chapter 9 discusses an effective spam detection system for cloud secu-
rity using supervised ML techniques. Spam, which is an unwanted mes-
sage that contains malicious links, viral attachments, unwelcome images
and misinformation, is a major security concern for any digital system and
requires an effective spam detection system. Therefore, this chapter begins
by discussing the requirements for such a system. Then, it gradually moves
towards a supervised ML-technique-based spam detection system, mainly
using a support vector machine (SVM) and convolutional neural network
(CNN). Implementation results are also given with application in cloud
environment.
–– Chapter 10 describes an intelligent system for securing network from intru-
sion detection and phishing attacks using ML approaches, with a focus on
phishing attacks on the cloud environment. It begins by describing different
fishing attacks on cloud environment and then proposes a method for detect-
ing these attacks using ML. Next, analysis of different parameters for ML
models, predictive outcome analysis in phishing URLs dataset, analysis of
performance metrics and statistical analysis of results are presented.

Part III: Cloud Security Analysis Using Machine Learning Techniques

–– Chapter 11 discusses cloud security using honeypot network and blockchain.
It begins with an overview of cloud computing and then describes cloud
computing deployment models and security concerns in cloud computing.
Then the honeypot network and its system design are discussed, followed by
the use of blockchain-based honeypot network. A good comparative analysis
is given at the end of the chapter.
–– Chapter 12 includes a survey on ML-based security in cloud database. The
chapter starts with a discussion of the various ML techniques used to provide
security in a cloud database. Then a study is presented which mainly con-
sists of three parts: first, supervised learning methods, such as support vector
machine (SVM), artificial neural network, etc., are given; second, unsuper-
vised learning methods, such as K-means clustering, fuzzy C-means cluster-
ing, etc., are given; third, hybrid learning techniques, such as hybrid intrusion
detection approach (HIDCC) in cloud computing, clustering-based hybrid
model in deep learning framework, etc., are given. Comparative analyses are
also given at the end.
–– Chapter 13 provides a survey on ML-based adversarial attacks on cloud
environment. The chapter starts with the concepts of adversarial learning
followed by the taxonomy of adversarial attacks. Various algorithms found
in the literature for ML-based adversarial attacks on cloud environment are
xxii Preface

also presented. Then, various studies on adversarial attacks on cloud-based

platforms and their comparative studies are discussed.
–– Chapter 14 provides a detailed study of the protocols used for cloud secu-
rity. The chapter starts by discussing the system and adversarial models, and
then the protocols for data protection in secure cloud computing are given
followed by a discussion of the protocols for data protection in secure cloud
storage. Finally, various protocols for secure cloud systems are discussed. The
authors also attempt to give a futuristic view of the protocols that may be
implemented for cloud security.

Part IV: Case Studies Focused on Cloud Security

–– Chapter 15 is a detailed presentation of the Google cloud platform (GCP) and
its security features. It begins by discussing GCP’s current market holdings
and then describes the work distribution in GCP. Next, the chapter gradually
moves towards a basic overview of security features in GCP and describes the
GCP architecture along with its key security and application features. Then,
an interesting part is presented that describes various computations used in
GCP, followed by a discussion of the storage, network, data and ML policies
used in GCP.
–– Chapter 16 presents a case study of Microsoft Azure cloud and its security
features. The beginning of the chapter covers Azure’s current market hold-
ings and the Forrester Wave and Gartner Magic Quadrant reports. Then, the
security infrastructure of Azure is given, which covers its security features
and tools, Azure network security, data encryption used in Azure, asset and
inventory management, and the Azure marketplace. Next, details of Azure
cloud security architecture are presented along with its working and design
principles, followed by the components and services of Azure architecture.
The chapter ends with a discussion of its various features and why Azure is
gaining popularity.
–– Chapter 17 presents a case study on Nutanix hybrid cloud from a security
perspective. Nutanix is a fast-growing hybrid cloud in the current scenario.
The chapter begins with the growth of Nutanix and then presents introduc-
tory concepts about it. Next, Nutanix hybrid cloud architecture is discussed
in relation to computation, storage and networking. Then, reinforcing AHV
and controller VM are described, followed by disaster management and
recovery used in Nutanix hybrid cloud. A detailed study on security and pol-
icy management in Nutanix hybrid cloud is then presented. The chapter con-
cludes with a discussion of network security and log management in Nutanix
hybrid cloud.

Part V: Policy Aspects

–– Chapter 18 describes a data science approach based on user interactions to
generate access control policies for large collections of documents in cloud
environment. After a general introduction to network science theory, various
 Preface xxiii

approaches for spreading policies using network science are discussed. Then,
evaluations and matrices to evaluate policies for cloud security are described.
This chapter concludes with a presentation of all the simulation results.
–– Chapter 19 discusses the policies of iSchools with artificial intelligence,
machine learning, and robotics through analysis of programs, curriculum and
potentialities towards intelligent societal systems on cloud platform. iSchools
are a kind of consortium that develops with the collection of information and
technology-related schools and academic units. In the last decade there has
been a significant growth in the development of such academic bodies. This
chapter provides a policy framework for iSchools, the methodology involved
and a list of available iSchools. The chapter concludes with some policy sug-
gestions and future work related to iSchools.

The Editors
October 2021
 Part I
CONCEPTUAL ASPECTS ON CLOUD AND
APPLICATIONS OF MACHINE LEARNING
 1
Hybrid Cloud: A New Paradigm
in Cloud Computing
Moumita Deb* and Abantika Choudhury†

RCC Institute of Information Technology, Kolkata, West Bengal, India

Abstract
Hybrid cloud computing is basically a combination of cloud computing with on-premise resources
to provide work portability, load distribution, and security. Hybrid cloud may include one public
and one private cloud, or it may contain two or more private clouds or may have two or more public
clouds depending on the requirement. Public clouds are generally provided by third party vendors
like Amazon, Google, and Microsoft. These clouds traditionally ran off premise and provide ser-
vices through internet. Whereas private clouds also offer computing services to selected user either
over the internet or within a private internal network and conventionally ran on-premise. But this
scenario is changing nowadays. Earlier distinction between private and public clouds can be done
on the location and ownership information, but currently, public clouds are running in on-premise
data centers of customer and private clouds are constructed on off premise rented, vendor-owned
data centers as well. So, the architecture is becoming complex. Hybrid cloud reduces the potential
exposure of sensitive or crucial data from the public while keeping non-sensitive data into the cloud.
Thus, secure access to data while enjoying attractive services of the public cloud is the key factor in
hybrid cloud. Here, we have done a survey on hybrid cloud as it is one of the most promising areas
in cloud computing, discuss all insight details. Security issues and measures in hybrid cloud are also
discussed along with the use of artificial intelligence. We do not intend to propose any new findings
rather we will figure out some of future research directions.

Keywords: PaaS, SaaS, IaaS, SLA, agility, encryption, middleware, AI

1.1 Introduction
Cloud computing is catering computing services such as storage, networking, servers, ana-
lytics, intelligence, and software though the internet on demand basis. We typically have
to pay for only for the services we use. IT is a growing industry and catering its service
requirement is challenging. On-premise resources are not sufficient always, so leveraging
attractive facilities provided by cloud service providers is often required. Typical services

*Corresponding author: [email protected]

†Corresponding author: [email protected]

Rajdeep Chakraborty, Anupam Ghosh and Jyotsna Kumar Mandal (eds.) Machine Learning Techniques and Analytics for
Cloud Security, (3–24) © 2022 Scrivener Publishing LLC

3
4 Machine Learning Techniques and Analytics for Cloud Security

provided by cloud computing are Platform as a service (PaaS), Software as a service (SaaS),
and Infrastructure as a service (IaaS). But all the clouds are not same and no one particular
cloud can satisfy all the customer. As a result, various types of services are emerging to cater
the need of any organization. The following are the facilities cater by cloud computing.

• Scalability: IT services are not restricted to offline resources anymore,

online cloud services can do a wonder. Any business can be extended
based on the market need through the use of cloud computing services. A
client needs almost nothing but a computer with internet connection, rest
of the services can be borrowed from cloud vendors. Business can grow
according to the requirement. Scalability is the key factor in adoption of
any new paradigm. An organization meant for 100 people can be easily
scaled up to 1,000 (ideally any number) people with the help of the cloud
computing services.
• Cost: Since cloud provides services pay as you use basis, cost of setting up a
business has reduced manifolds. Capital expense in buying server, software,
and experts for managing infrastructure is not mandatory anymore; vendors
can provide all these services. Cost saving is one of the most lucrative features
of cloud computing. Any startup company can afford the cost of the setup
price required for the orchestration of public cloud; thus, they can engage
their selves exclusively for the development of their business.
• Speed: Cloud computing helps to speed up the overall functioning of any
organization. Several lucrative easy-to-use options are just one click away, so
designers and programmers can freely think about their innovations, and as a
result, the speed and performance can be enhanced. Moreover, since most of
the background hazards are handled by the cloud service providers as a result
implementation of any advanced thinking can be made possible quickly and
effortlessly.
• Reliability: Reliability is a key factor where huge data need to handle all the
time. Periodic data backup and use of disaster recovery methods helps to
increase the data reliability in cloud computing. Also, since space is not a
constraint anymore, clients can keep mirrored data. A reliable system often
leads to a secure system. Any organizations need to handle huge user centric
sensitive data as well as business related data. Maintaining the reliability in
the data need several rules and regulations to be enforced.
• Performance: Improved operation, better customer support, and flexible
workplace aid companies to perform better than conventional on-premise
system. Amazon helps Car company Toyota to build cloud-based data cen-
ters. The company is going to use the behavioral data of the user of the car,
and based on that, they will send service and insurance related data [1]. User
can also use Facebook or Twitter in their car dashboard. This is only an exam-
ple; there is lot more. Adaptation of advanced technology excels the perfor-
mance of existing system as cloud plays a crucial role here.
 Hybrid Cloud: New Paradigm in Cloud Computing 5

• Security: Cloud service providers use many security mechanisms like

encryption, authentication of user, authorization, and use of some Artificial
Intelligence (AI)–based method to secure their app, data, and infrastructure
from possible threats.
A combination of secure open source technologies along with integrated network may
be used for secure hybrid cloud deployment like it does in HCDM [16]. But, before deploy-
ment, the customer need to determine what type of cloud computing architecture is best
suitable. There are three different ways to organize cloud: private, public, and hybrid. Here,
we will discuss about hybrid cloud, its benefits, and security aspects.
Thus, motivation of this review is to provide a broad details of hybrid cloud computing,
why it is gaining popularity, how business is going to be affected through the use of cloud
adaption in near future, what security aspects need to dealt by vendors, and how AI can
help in this regard. The following sections deal with all this topics.

1.2 Hybrid Cloud

If we go by the definition of National Institute of Standards and Technology [3], hybrid
cloud is a “composition of two or more different types of cloud infrastructure that are bind
together with the help of proprietary and standardized technology for the purpose of data
and application portability. So, Simple amalgamation of cloud and on-premise data should
not misinterpret as hybrid cloud. It should also provide the following facilities [2]:

• Workload distribution by portability.

• Networking between system and devices, by the use of LAN, WAN, or VPN.
• Use of a comprehensive unified automation tool.
• A complex powerful middleware for abstracting the background details.
• Incorporating availability and scalability of resources.
• Integrating disaster management and recovery strategies.

Thus, it enables the customer to extend their business by leveraging the attractive services
provided by public cloud as well as securing the delicate data through the use of private
cloud. When the demand of a business fluctuates that may be sudden peak in the business
come or sudden fall down, in those scenarios, hybrid cloud is the best possible option as
it has that flexibility [8]. Organizations can seamlessly use public cloud amenities without
directly giving access to their data centers which are part of their on-premise servers. So,
business critical data and applications can be kept safe behind, while computing power of
the public cloud can be used for doing complex tasks. Organizations will only have to pay
for the services it is using without considering the capital expenditure involve in purchasing,
programming and maintaining new resources which can be used for a short span of time and
may remain idle for long. Private cloud on the other hand is more like public cloud, but gen-
erally installed on clients datacenter and mainly focus on self-servicing, scalable structure.
Single tone service nature, service-level agreement (SLA), and similar association make the
relationship between client and cloud stronger and less demanding [33, 34].
6 Machine Learning Techniques and Analytics for Cloud Security

1.2.1 Architecture
There may be any combination of cloud services when to deploy a hybrid cloud. It may
the client has its own on-premise private cloud as IaaS and leverage public cloud as SaaS.
Private cloud may be on premise or sometimes off premise on a dedicated server [10]. There
is no fixed fits for all architecture. Private clouds can be made individually, whereas public
cloud can be hired from vendors like Amazon, Microsoft, Alibaba, Google, and IBM. Next,
a middleware is required to combine public and private cloud mostly provided by the cloud
vendors as a part of their package. Figure 1.1 gives general diagram of a hybrid cloud.
In case of hybrid cloud architecture, the following is a list of properties that must to be
kept in mind [4]:

a. Multiple devices need to be connected via LAN, WAN, or VPN with a com-
mon middleware that provides an API for user services. Rather than using a
vast network of API, a single operating system must be used throughout the
network and APIs can be built on top of that.
b. Resources are made available to all the connected devices via virtualization
and it can be scaled up to any limit.
c. The middleware does all the coordination between devices and resources are
made available on demand basis with proper authentication.

1.2.2 Why Hybrid Cloud is Required?

Hybrid cloud means different service to different people [5]. Need of an organization
depends on diverse aspects of IT. As the perspective of application designer, business devel-
oper, and infrastructure support personnel is different from one another, their expectation
from the system also varies.

HYBRID CLOUD MODEL

On-Premise Apps
PUBLIC CLOUD

SQL SQL

Off-Premise Apps
SaaS, Iaas and PasS

Mobile Applications

PRIVATE CLOUD

Figure 1.1 General architecture of hybrid cloud.

 Hybrid Cloud: New Paradigm in Cloud Computing 7

• Application programmer always requires support for edge technologies.

Availability of high-end resources and cutting edge technology support is
the primary concern of a developer. Off premise support for such is essential.
Flexibility in deployment of changing technology services, speedy availability
of the new resources required by the solution, peak support for on-premise
system, and seamless and continuous integration of system services are key
issues need to be dealt in hybrid cloud. Disaster management is also an inte-
gral part of it.
• On the contrary, infrastructure support personnel always look for a steady
build in support for smooth execution of overall activities of the organiza-
tion. Off premise support for virtualized computing resources is often nec-
essary in IT. In this scenario, the role of infrastructure support team is very
crucial. Visibility of all the resources wherever it is, monitoring them in fed-
erated way following SLA, management of deployed setup for auditing and
security management, accessibility of all resources, and control provisioning
are key consideration in case of hybrid cloud.
• Business developer, on the other hand, focuses on consumer marketing in
cost-effective manner [6]. The need of IT business has manifolds. Support
for newly growing technology like mobile or web-based application requires
agile and easy to extend network, and at the same time, consistent system and
stable process management services cannot be replaced. So, business devel-
opers have to look into all these aspects, and at the same time, they have to
focus on the cost. The maintenance and management cost should not exceed
the overall financial budget. Looking at the SLAs and software license expo-
sure, they need to design financial plans that can fulfill the whole organiza-
tion’s prerequisites.

No matter how well we plan the future, it still remains uncertain and hybrid cloud pro-
vides the facility to use cloud services as and when it is required. It is also quite unlikely
that workload of an organization remains same throughout the whole year. Suppose an
organization is working on big data analytics, it can take help of public cloud computing
resources for high complex computations but that too is not needed for long run, may be
require for few months. Here, public cloud resources can be borrowed for few months only.
In the same way, startup companies can start with some trivial private resources and take
cloud services for rest of the processing. Then, based on the performance, they can plan
to expand the business with the help of public cloud. All these are possible only in case of
hybrid cloud as it has agility, scalability, data reliability, speedy recovery, and improved
connectivity and security.

1.2.3 Business and Hybrid Cloud

According to Hybrid Cloud Market report, in 2018, hybrid cloud market was USD 44.6 bil-
lion and expected to grow to USD 97.6 billion by the end of 2023 with Compound Annual
Growth Rate (CAGR) of 17.0% [9]. IaaS is expected to hold a large market in the fore-
cast period as it facilitates to migrate workload from on premise to off premise in high
peak hours. Hybrid web hosting also hold a big market as it provides management of all
8 Machine Learning Techniques and Analytics for Cloud Security

Hybrid Cloud Market - Growth Rate by Region (2020 - 2025)

Regional Growth Rates

High
Mid
Low
Source: Mordor Intelligence

Figure 1.2 Market trend of hybrid cloud [14].

hosting services in just single point of contact. North America was the most promising
hybrid cloud market place in 2018 and Asia Pacific areas shows the highest CAGR. So,
hybrid cloud is a promising area in business. Major sectors using hybrid cloud computing
are healthcare, retail, government, or public sectors, banking, entertainment media, insur-
ance, finance, communication media, etc. [14]. According to a report published by Mordor
Intelligence, North America, Middle East, Africa, Europe, and Asia Pacific are top growing
regions worldwide. Figure 1.2 shows the hybrid cloud market. Green portions represent
highly growing market. Hybrid cloud management software solution is the main reason of
this popularity. Starting from deployment to quota management, customization of service
library, costing, performance management, and governance, everything is taken care of,
like the software management tool. Mostly, the services provided by public providers are
restricted to some architecture or technology and vendor specific. But the management
tool provided by hybrid providers helps to amalgamate different services provided by var-
ious vendors. Amazon and Microsoft, the giants in this field, are working hard in the up
gradation of their management software by including advanced infrastructure templates,
libraries, API, and apps. In India, IBM is also approaching toward hybrid cloud and AI [15].
IBM invested $1 billion into a cloud ecosystem project in the month of August. They are
expected to invest more in the coming time. In India, 17% of organizations are planning to
spend investment from 42% to 49% on hybrid cloud by 2023 according to a study by IBM
IBV. Since India is heading toward a digital transformation and self-reliant camping, so the
opportunity of new technology adaptation also increasing.

1.2.4 Things to Remember When Deploying Hybrid Cloud

Having an understanding what hybrid cloud is and how it facilitates the activities of any
organization, now, we need to understand some factors that have to be considered before
the deployment of hybrid cloud.

• Selection of best suitable platform for cloud: As discussed, the need of every
organization is not same. Before deployment of the hybrid cloud, organi-
zations need to have a plan for the services; it will borrow from the public
 Hybrid Cloud: New Paradigm in Cloud Computing 9

cloud. If it is going to use only SaaS, then it is not a problem but it is going
to use IaaS or PaaS and then it is very important to take the correct decision
from the commencement of the service as building a hybrid structure that
would not be able to handle additional workload generates severe problem.
• Whether to use unified OS or not: In true hybrid cloud, a unified OS is
installed in the middleware that basically governs the overall functionalities.
But in some cases, on-premise system may be operated by its own OS then
just with the help of internet they can connect to public cloud. The perfor-
mance of this architecture will be vast different from unified OS. OpenStack,
VMWare cloud, Nutanix, and Kubernetes are some example of cloud OS
framework. These frameworks are sufficient building the middleware and it
provides OS and all supporting application for the smooth execution of all
activities in hybrid cloud.
• How to manage different activity: Huge amount of data need to be handled
in case of hybrid cloud. A hybrid system should look into smooth accessi-
bility of data, and at the same time, security of data needs to be guaranteed.
Anyone cannot host any data onto the public cloud. Proper personnel with
adequate experience need to be engaged for the management of dedicated
applications.
• How security of data will be guaranteed: Since data is moving in between
public and private cloud, it needs to be secured. Through security mecha-
nisms of public cloud, it has developed much from its early date but still it is
not 100% secure. There are always threats of data breach. Migration of sensi-
tive need special care as sight alteration in business sensitive data might cause
severe problem in the business.
• How to integrate public cloud with existing on-premise system: Amalgamation
of public cloud onto an existing on-premise system often needs several alter-
ations in the working of the existing on-premise system. Overall performance
of the system should always improve with the addition of the public cloud,
and it should not degrade.
• How to manage common backup and disaster recovery: Data need to be
backed up to ensure reliability and availability. Backing up of all the data both
in private and public cloud need to be done. At the same time, the system
should be able to handle catastrophic failure or disaster. How to maintain a
common routine for all the operational data to accommodate those situa-
tions is key to the success of hybrid cloud deployment.

Building a hybrid cloud is a complex procedure but successful implementation will pro-
vide scalability, flexibility, security, and cost saving. More and more organizations approach-
ing toward hybrid cloud for the current benefit and future growth.

1.3 Comparison Among Different Hybrid Cloud Providers

The major famous leading cloud computing vendors are Google Cloud, AWS, and
Microsoft Azure. They have their some advantages and disadvantages. These three leading
10 Machine Learning Techniques and Analytics for Cloud Security

cloud providers have important role in the PaaS and IaaS markets. Synergy Research Group
reported that the growth of Amazon is very significantly high in overall growth of market.
It possesses a share of 33% of cloud market throughout the world. In second position, there
is Microsoft. Microsoft is very fast growing and in the last four quarters, and its share has
been increased by 3% and it reaches at 18%. Nowadays, cloud computing is become much
matured. It is becoming hybrid cloud, and it also becomes more enhanced as market share.
New trends have come to improve cloud computing system in 2020 than that of 2017, 2018,
and 2019 [17].
Hybrid cloud [17] provides strategy for enterprises that involve operational part of vari-
eties of job in varieties infrastructure, whether on private cloud and public cloud with a
proprietary different layers at the top level. Multi-cloud concept is similar kind of but not
to involve any private cloud. Hybrid cloud is the most popular strategy among enterprises;
58% of respondents stated that it is their choice able approach while 10% for a single public
cloud provider and 17% for multiple public clouds.

• Microsoft Azure Stack: Microsoft is a popular vendor that provides

hybrid cloud. Because it has huge on-premises legacy. The services of MS
Azure are developed on Windows Server. The .Net framework and the
Visual Studio provide better features of on apps for their smoother ser-
vices [17].
• AWS Outposts: Amazon’s Amazon Web Services (AWS) is a one of the best
product. It is one of the most popular in market and its share is next to the
Microsoft leading competitor. This company has variety of services and larg-
est data center that continues to provide facilities to billions of customers.
AWS is very well-known public cloud that offers many services to connect
for installations to the cloud. It also serves everything like disaster recovery
and burst capacity [17].
• Google Cloud Anthos: The Google Cloud Platform is another one popular in
hybrid cloud. It is a competitor of Microsoft AWS and IBM. Google primarily
made pure cloud system, but later, they changed policy and started to work
with on-premise systems for disaster recovery, elastic infrastructure, Big
Data, and DevOps. It also provides a huge number of cloud-based services.
The services are based on AI efforts based on AI processor and TensorFlow.
No one can buy TensorFlow system but can run AI and machine learning
apps on Google Cloud [17, 18].
• Oracle Cloud at Customer: This is another one popular hybrid cloud ser-
vice provider. It provides mostly on-demand service, in its own cloud system.
Unlike Azure, AWS, and GCP, this provider does not allow its software to
execute in virtual instances for any operation. But it runs on metal servers;
Oracle also offers this kind of service. Oracle cloud is also very easy to run its
apps on-premise on the cloud [18].
• IBM: IBM merged all of its cloud services, called IBM Cloud. It possesses
more than 170 types of services for public cloud and on-premise. These ser-
vices are not only limited to bare metal hosting and virtualized mode, con-
tainers, and server less computing, DevOps, AI/ML, HPC, and blockchain.
 Hybrid Cloud: New Paradigm in Cloud Computing 11

It also offers to do lift and shift on-premise apps, executing on IBM plat-
forms [18].
• Cisco Cloud Center: Cisco is popular for private cloud that also offers hybrid
solutions via its partner. Cisco Cloud Center is more secured to manage and
deploy the applications in different data centers in both private and public
cloud environments. Cisco’s partner networks are Google, CDW, Accenture,
and AT&T. Google is the biggest partner among them. It offers the hybrid
connectivity and their solutions [18].
• VMware vCloud Suite: VMware provides vendor for virtualized services.
It is relatively new than that of other service providers. VMware has the
vSphere hypervisor. Customers can run in some known public clouds or
their own data centers or cloud provider partners. These cloud providers
are able to run vSphere on-premise that creates a stable hybrid cloud infra-
structure [19].

1.3.1 Cloud Storage and Backup Benefits

Protection of the confidential data is very difficult. Automatic backup of cloud storage is
flexible. It also provides data security.
Microsoft Azure is very effective in SaaS. Whereas, Google Cloud is strong in AI [18].
Table 1.1 gives a comparison among them.

1.3.2 Pros and Cons of Different Service Providers

All the cloud service providers have their own pros and cons. Their make themselves a suit-
able choice for different purposes. Here, the advantages and disadvantages are described for
all the providers. Table 1.2 provides a comparative study on this.

Table 1.1 Comparison between AWS Outpost, Microsoft Azure Stack, and Google Cloud Anthos.
AWS Outpost Microsoft Azure Stack Google Cloud Anthos
Amazon has a huge tool set The customer can run in Google has come to the
and that too is rapidly their own data center. cloud market later. So,
growing. No service Azure tries to incorporate it does not have that
providers can match with that. It provides the much level of focus to
with it. But the pricing facility of hybrid cloud incorporate the customers.
is bit puzzling. Though [19]. But the strength is its
providing service for A customer can replicate technical efficiency. Some
hybrid or public cloud is his environment in Azure of its efficient tools are
not amazon’s primary focus Stack. This is very useful in applicable in data analytics,
thus incorporation of cloud case of backup disaster and machine learning, and
services with on-premise for cutting cost. deep learning.
data is not in top priority
[20]. They primarily focus
on public cloud.
12 Machine Learning Techniques and Analytics for Cloud Security

Table 1.2 Pros and cons between AWS Outpost, Microsoft Azure Stack, and Google Cloud Anthos.
Vendor Strength Weakness
AWS Outpost 1. Dominant market position 1. Managing cost
2. Extensive, mature offerings 2. Very difficult for using
3. Effective use in large organizations 3. Options are overwhelming
Microsoft 1. Second largest service provider 1. Poor documentation
Azure Stack 2. Coupling with Microsoft software 2. Management tooling is incomplete
3. Set of features is vast
4. Provides Hybrid cloud
5. Open source supported
Google Cloud 1. Designed to serve for cloud-native 1. Enters late in IaaS market
Anthos enterprises 2. Less services and features
2. Provides portability and allows 3. Not focused for enterprise
open source
3. Huge discounts and suitable
contracts
4. Expertise in DevOps

1.3.2.1 AWS Outpost

The strongest strength of Amazon is its effectiveness in public cloud. They provide services
through the world for its public cloud infrastructure. This cloud provider is very popular
because of its varieties operational scope. AWS provides different kind of services. It also
has a large network for worldwide data centers. The “Gartner” reported that this provider
is the most mature and enterprise-ready. It also has capabilities to govern a large amount of
resources and customers. But the weakness is its cost. Customers face difficulty to under-
stand its cost structure. It is also difficult to manage the costs while running a large volume
of workloads.

1.3.2.2 Microsoft Azure Stack

Microsoft provides on-premises software—SQL Server, Windows Server, SharePoint,
Office, .Net, Dynamics Active Directory, etc. The reason of its success is most of the
enterprises uses Windows and its related software. As Azure is tightly coupled with its
other software applications, the enterprises, that use many Microsoft software, they
find Azure as a suitable platform. This is how it builds good relationship with their
existing customers. They also provide a remarkable discount on variety of services to
their existing customer. But, Gartner also reported some faults in their some of the
platforms [21].

1.3.2.3 Google Cloud Anthos

AWS and Azure offer the Kubernetes standard which is developed by Google. GCP is expert
in machine learning and Big Data analytics. It provides huge offers on that. It also provides
 Hybrid Cloud: New Paradigm in Cloud Computing 13

offers in load balancing and considerable scale. Google is also efficient knowledge about
different data centers and quick response time. Google stands in third in the field of market
share [21]. But, it is rapidly increasing its offers. As per Gartner, clients choose GCP as a
secondary provider than that of primary provider.

1.3.3 Review on Storage of the Providers

1.3.3.1 AWS Outpost Storage
• SSS to EFS: The storage services of AWS include its Elastic Block Storage
(EBS), Simple Storage Service (S3), and Elastic File System (EFS) for persistent
block storage, object storage, and file storage, respectively. It also provides
some new innovative products for storage that includes the Snowball and
Storage Gateway. Snowball is a physical hardware device, whereas Storage
Gateway creates a hybrid storage environment.
• Database and archiving: Aurora is a compatible database of SQL by
Amazon. It consists of different services like DynamoDB NoSQL database,
Relational Database Service (RDS), Redshift data warehouse, ElastiCache
in-memory data store, Neptune graph database, and Database Migration
Service. Amazon also offers long term storage known as Glacier. It is having
very low charges [20].
• Storage services: The storage services of Microsoft Azure include Queue
Storage, Blob Storage, File and Disk Storage for large-volume workloads, and
REST-based object storage of unstructured data respectively. Data Lake Store
is another storage that is used for big data applications.
• Extensive database: This extensive database provides three SQL-based
options. They are Database for MySQL, SQL Database, and Database for
PostgreSQL. Data Warehouse service is also provided as well. The services
are Table Storage for NoSQL and Cosmos DB. Its in-memory service is Redis
Cache and the hybrid storage service is Server Stretch Database. Those are
designed for the organizations that use Microsoft SQL Servers [22]. Unlike
AWS, Microsoft offers an actual Site Recovery service, Archive Storage, and
Backup service.

1.3.3.2 Google Cloud Anthos Storage

• Unified storage and more: GCP has enormous level of storage services. The
unified object storage service is cloud storage. It also provides persistent disk
storage. It also offers a Transfer Appliance which is a similar kind of AWS
Snowball and online transfer services.
• SQL and NoSQL: GCP possesses the SQL-based Cloud and also provides
a relational database known as Cloud Spanner. Cloud Spanner is designed
for critical and complex workloads. It also provides NoSQL. They are Cloud
Datastore and Cloud Bigtable. No backup services and archive services are
provided.
14 Machine Learning Techniques and Analytics for Cloud Security

Table 1.3 Comparison between VMware Microsoft Amazon AWS.

Category VMware Microsoft Amazon AWS
Delivery mode Very simple Easy to follow Very easy
Ability to apply the Cost-effective Estimated cost Very affordable, $32 to
technology virtualization was around $255 per month [19]
solution, manage $4.99 per
to virtualize the month [19]
X86 computer
architecture
Integration It is an Edge PC Computes engine Web application,
with other Virtualization, for networking, website and database
applications Workstation 12.5 virtual storefront.
Pro, Fusion 8.5 - machines,
Windows on Mac®, SQL databases,
Workstation 12 storage,
Player- streamlined containers,
PC Virtualization security, API
for Business integration, etc.
Security Secure virtual box is Reliable Tight
possible to create,
manages files, using
SSL, SSH, etc.
Operating system Many operating Windows 8 and Both Linux and
and mobile systems like Windows 10 Windows.
compatibility Windows, Linux Able to compute, storage,
and Mac, etc. database, networking,
and content delivery.
Upgrades On demand Products Able to run
available at less updates.
price.
Service-level Azure Cloud Easy
agreements provides
Container
services
speedily and in
simple way.
Training/support Auditing, monitoring/
logging, storage creating
Scalability and Vendor is dependable
vendor reliability and revenue growth is
stable for Elastic Cloud
Compute (EC2) and
database usage [19]
Other documents randomly have
different content
vesialueeseen. Jo Kaarlo Suurella oli tämmöinen tuuma, mutta vasta
19:llä vuosisadalla se toteutettiin Ludwigin kanavan kautta, jonka
Baijeri rakensi Bambergin ja Kelheimin välille, hyväksi käyttäen
Regnitz ja Altmühl jokia. Tästä kanavasta ei kuitenkaan ole tullut niin
suurta liikkeen välittäjää, kuin oli laskettu, koska se on pitkä, matala
ja käsittää 88 sulkua. Sen merkitystä on rautateitten kehittyminen
vielä entisestäänkin vähentänyt. Mutta Baijeri aikoo rakentaa samalle
välille uuden paremman kanavan, vaikka vaikeudet ovat niin suuret,
että ajatuksen toteuttaminen arveluttaa. Paremmat edellytykset on
niillä kanavilla, joita Itävallassa on suunniteltu Tonavan ja Elben ja
Tonavan ja Oderin välille. Edellisen tulisi Budweisin ja Linzin välillä
voittaa 685 metrin, jälkimäisen Oderbergin ja Preraun välillä vain 300
metrin korkuinen kynnys. Varsinkin viimeksi mainittu kanava saisi
aikaan erinomaisen vilkkaan tavaran vaihdon Ylä-Schlesian
teollisuusalueitten ja Böhmin ja Unkarin maanviljelysalueitten välillä.

Nykyään ei siis ole Välimeren ja Pohjanmeren-Itämeren välillä

suoranaista laivaliikettä. Ludwigin kanava on toistaiseksi arvoton, ja
se kanava, joka Burgundin portin kautta yhdistää Rheinin ja Rhônen,
on niinikään kadottanut melkein kaiken merkityksensä sen jälkeen,
kuin Elsass yhdistettiin Saksan valtakuntaan.

Saksan suuret vesirakennukset ovat etupäässä tarkottaneet jokien

perkausta ja rinnakkain juoksevain jokien yhdistämistä toisiinsa
poikkikanavain kautta. Pohjois-Saksan alangolla on tämä tehtävä
melkein loppuun suoritettu, hyväksi käyttäen jääkauden jälkeisiä
vanhoja poikkilaaksoja. Siten uipi Venäjän puutavara nyt maan poikki
aina Hampurin satamaan saakka. Tämä kanava kulkee pohjoisinta
poikkilaaksoa pitkin; keskimäistä laaksoa on suunniteltu toinen
kanava, joka saa aikaan suoranaisen vesitien Berlinin ja Varsovan
välille. Oderin ja Spreen välinen osa tätä kanavaa on jo kauan ollut
liikkeelle avoinna. Elben ja Rheinin välillä ei vielä ole ainoatakaan
poikki maan kanavaa, ei ainoatakaan sisämaan vesireittiä. Preussin
hallitus on suunnitellut Rheinistä Dortmundin kautta Weseriin ja
edelleen Elbeen kulkevan kanavan, mutta kustannusten suuruuden
vuoksi valtiopäiviä ei ole saatu taipumaan tätä suunnitelmaa
kokonaisuudessaan toteuttamaan. Mutta kaikesta päättäen se
tulevaisuudessa saadaan aikaan, Rheinin teollisuusalueen suunnaton
liike sitä vaatii.

Yhdeksännentoista vuosisadan kuluessa on Keski-Europpakin

saanut rautatieverkkonsa, joka on, missä harvempana, missä
taajempana, vyöttänyt sen täyteen kiskoteitä, avannut liikkeelle
ennen arvaamattomia mahdollisuuksia. Tämä rautatieverkko on vielä
maanlaadun ja viljelyksen mukaan hyvin epätasainen. Nuoressa
Bulgariassa on vain 1 1/2 km rautatietä 100 neliökilometriä kohti,
Saksissa 19, Belgiassa 29, Ruhrin hiilialueella 35 samalla alalla.
Tässä näköjään niin sekavassa rautatieverkossa ilmaantuu jälleen
samat yleiset liikesuunnat, kuin suurissa vanhoissa kauppateissä.
Huomaamme ne uudenaikaisissa pikaliikesuunnissa, jotka eivät
tyydytä yksityisten paikkakuntien tarpeita, vaan yhdistävät toisiinsa
maita. Suureksi osaksi nämä pikareitit kulkevat juuri vanhain
kauppateitten jälkiä, sillä erotuksella vaan, että ne verrattoman
paljon suuremman nopeutensa kautta ovat entistä enemmän voineet
seurata tasaisimpia maita, vaikkapa jonkun verran kiertäenkin. Missä
on suurempia vuoria, siinä nämä reitit kulkevat vuoristojen lievettä.
Suuremmoisin esimerkki siitä on Alppien valtaavaa poimuvuoristoa
seuraileva linja, joka kulkee Marseillesta Geneven, Wienin, Krakovan
kautta Odessaan. Wienistä on kumpaankin päätekohtaan 36 tunnin
matka. Semmoiset kohdat, joissa useampia tämmöisiä vuoriston
sivu- ja poikkisuuntia yhtyy, ovat luonnollisia liikkeen keskustoita,
kuten Basel, Eger ja Oderberg. Vapaammin rautatiet kehittyvät
lakeilla mailla, noudattaen enemmän etäistä päämääräänsä kuin
maan epätasaisuuksia. Lakeilla mailla sen vuoksi syntyy
liikekeskustoitakin, jotka ovat luonnonsuhteista enemmän irrallaan.
Harvalukuisempia, huolellisemmin valittuja ja suurilla töillä
valmistettuja ratoja pitkin liike tunkeutuu vuoristoitten sisään ja
niitten poikki. Mieluimmin ne seuraavat pitkiä, varmasuuntaisia
laaksoja, kuten Rheinin ja Rhônen laaksoa, Alpeissa taas niitä
vuoriston pituussuuntaan kulkevia laaksoja, jotka erottavat
Kalkkialpit Alppien keskivyöhykkeestä. Mutta aina ei ole käytettävänä
tämmöisiä edullisia laaksoja, vaan toisinaan täytyy tierakennuksen,
uudenaikaisen teknikan kaikkia apukeinoja hyväkseen käyttäen,
tunkeutua vuoriston korkeimman osan poikki tunneleita pitkin.
Vanhemmat tunnelit enimmäkseen rakennettiin niin lyhyiksi kuin
suinkin ja radat sitä varten johdettiin korkealle vuoristoon. Uusimmat
tunnelit sitä vastoin mieluummin aljetaan alempaa, lauhkeammista
seuduista, vaikka tunneli itse sen kautta tuleekin paljon pidemmäksi.
Ensimäinen tunneli Alppien poikki oli se, joka viime vuosisadan
keskivaiheilla rakennettiin Länsi-Alppeihin Mon Cenisin puhki. Tämä
tunneli on menettänyt suuren osan merkityksestään uuden
Simplonin tunnelin kautta, joka on lähes 2 penikulmaa pitkä (Mon
Cenisin tunnelin pituus on 12 km.). Simplonin tunneli tunkeutuu
vuoriston sisään vain 700 metriä korkealla meren pinnasta ja on sen
vuoksi erittäin edullinen liikkeelle. Nämä tunnelit yhdistävät
etupäässä Ranskan Italiaan. Saksalle sitä vastoin on tärkein
Gotthardin tunneli, joka on lähes 15 kilometriä pitkä. Gotthardin
tunneli on koko Länsi-Saksan lyhyin tie Pohjois-Italiaan; se se vasta
uudisti Saksanmaan kauan kaivatun yhteyden Italian kanssa ja teki
Genovasta Länsi-Saksan sataman. Siitä syystä sekä Italia että Saksa
melkoisilla summilla otti osaa rakennuskustannuksiin, vaikka tunneli
ja rata ovatkin kokonaan Sveitsin alueella. Gotthardin rata kulkee
suoraan Alppien poikki, ja siitä syystä sillä aina on oleva etusija
naapuriratainsa rinnalla, jotka pitkät matkat käyttävät viistoon
kulkevia vuorilaaksoja. Niin on Brennerin radan laita, joka on
rakennettu solan poikki ilman tunnelia, mutta sen vuoksi onkin
ainaisten vuorenrepeämäin vaarassa. Uuden tunnelin kautta, joka on
rakennettu Tirolista Korkean Tauerin poikki, on Etelä-Saksa ja
Pohjois-Saksakin saanut uuden suoran yhteyden Triestiin, Adrian
meren perukkaan. Tätä yhteyttä vielä parantavat muut suuret
ratarakennukset, joita on Itävallan Alppimaissa suoritettu, muun
muassa Karst-vuoriston poikki, joten Adrian meren pohjukka nyt on
tullut entistä lähemmin liitetyksi Keski-Europpaan. Nämä uudet
yhteydet epäilemättä tulevat vaikuttamaan Keski-Europan kauppaan
Itämailla.

Junain nopeuteen nähden ei Saksa, ja vielä vähemmän monet

muut Keski-Europan maat, voi kilpailla esim. Englannin, eikä
Ranskankaan kanssa. Mutta liikkeen varmuus Saksassa epäilemättä
on sen mukaan suurempi. Saksan nopeimmat junat kulkevat
Berlinistä Hampuriin, 80 kilometriä tunnissa. Mutta laajoja kokeita on
toimitettu, joiden tarkotus on muutamilla, ja varsinkin tällä linjalla,
saada aikaan paljon suurempia nopeuksia, jopa parisataa kilometriä
tunnissa, jos uudet sähkörautatiet voidaan toteuttaa. Tähän liitetty
kartta esittää Berlinin nykyisiä kulkuyhteyksiä Saksan muiden osain
kansa. Siitä näkyy, kuinka pitkän matkan päähän valtakunnan
pääkaupungista voi kuhunkin suuntaan matkustaa saman ajan
kuluessa. Helppo on huomata, kuinka tärkeämmät liikekeskustat
selvästi vaikuttavat puoleensa vetävästi. Ja kartasta tarkoin katsoen
näkyy, miten maanpinnan epätasaisuus hohtaa läpi rautatieverkon
suunnista. Niin kauan, kunnes ihminen on täydelleen vallottanut
ilmameren, niinkauan maanpinnan epätasaisuudet tunneleista ja
vuoriradoista huolimatta ratkaisevalla tavalla määräävät
kulkusuunnat. Missä suuret, luonnon määrittelemät liikesuunnat
toisiaan leikkaavat, niihin paikkoihin yleensä syntyvät tärkeimmät
liikekeskustatkin. Useimmat vanhat kaupungit ovat kasvaneet juuri
semmoisiin paikkoihin ja niissä puoliaan pitäneet. Toinen on
semmoisten keskustain laita, jotka ovat kasvaneet maan kätkemien
aarteitten päälle, niitä ilmoille kaivamaan ja hyväksi käyttämään.
Tämmöiset keskustat, joita Saksanmaassakin on monen monta, ovat
ikäänkuin erämaan keitaita, jotka imevät elinvoimaa maan sisästä
pulppuavasta lähteestä. Muutaman vuosikymmenen kuluessa ne
herättävät vilkkaaseen elämään maakunnan, jonka helmassa rikkaat
aarteet ovat saaneet maata vuosisatoja, talonpojan rauhassa
muokatessa niitten päällä vainioitaan. Parhaita esimerkkejä moisesta
kehityksestä on erinomaisen vilkkaaseen teolliseen elämään
herännyt Ylä-Schlesia. Semmoisissa tapauksissa melkein aina
kehittyy aivan uusia keskustoita, jotka kerrassaan saattavat varjoon
kaikki vanhemmat kaupungit, ja vanhat kauppatiet joutuvat näitten
uusien keskustain vetovoiman vuoksi unhotukseen.

Rautateitten ohella ovat sähkölennätys ja telefoni mahtavalla

tavalla pyrkineet lähentämään valtakunnan eri osia, ja molemmatkin
nämä laitokset ovat Saksassa kehittyneet erinomaisesti, vaikka
telefoniyhteys ehkä onkin väkilukuun verraten vielä kehittyneempi
Skandinavian maissa. Mutta valtameren takaisessa sähköyhteydessä
Saksa vielä on, niinkuin huomautimme, suuressa määrin riippuvainen
Englannista. Suur-Britannia omistaa useimmat niistä kaabeleista,
jotka sähkösanavaihdolla liittävät toisiinsa eri maanosia. Mutta
Saksalaiset, joita tämä holhous suuresti rasittaa, ovat ryhtyneet
toimiin siitä vapautuakseen. Emdenistä, Dollartin lahden rannalta,
josta kaabeli Englantiin alkaa, on niinikään saatu aikaan kaabeli
Vigoon, Espanjan rannalle, ja täältä valtameren poikki
Yhdysvaltoihin. Ainakin "Setä Samin" kanssa "Saksan Mikko" niin
ollen voi keskustella suoraan, ilman että kieroon katsova "John Bull"
on keskustelua kuuntelemassa.

MAANPUOLUSTUS.
Saksanmaalla on naapureina kolme suurvaltaa, Venäjä, Itävalta-
Unkari ja Ranska, kolme pienempää kuningaskuntaa, Hollanti, Belgia
ja Tanska, ja vielä lisäksi kaksi pientä valtakuntaa, Sveitsi ja
Luxemburg. "Myötä- ja vastoinkäymisessä on Saksa saanut kokea",
lausuu Ratzel, "että se on Europan naapuririkkain maa. Kun nämä
naapurit keskenään sotia kävivät, niin niitten mielestä oli mukavinta
sotia sillä alueella, joka ne erotti. Kun ne jälleen sopivat, niin mikä oli
luonnollisempaa, kuin että ne toisiaan hyvittivät tämän alueen
kustannuksella, joka muka ei ollut "kenenkään maata". Koko
Europan laajassa piirissä ei ole ainoatakaan kansaa, Espanjalaisista
mongoleihin, Suomalaisista Maureihin saakka, joka ei olisi Saksan
alueella tapellut. Ja kuinka monen monet ovat Westfalin rauhan
jälkeenkin ne rauhanteot, joissa saksalaista aluetta on paloteltu!
Sana 'kansaintaistelu' on nimenomaan saksalainen. Eikä se tarkota
ainoastaan tuota suurta kansaintaistelua Leipzigin lakeudella, vaan
monen monta samanlaista kansaintaistelua on aikain kuluessa
taisteltu Saksan maassa."
 Kansallistunnon herättyä, taitavain valtiomiesten toimesta, on
Saksa siitä huolimatta saavuttanut kansallisen eheyden, kohonnut
voimalliseksi suurvallaksi, jonka sotavoimat eivät ole ainoankaan
naapurin sotavoimia huonommat. Saksan seisova armeija, joka on yli
puolen miljonan suuruinen, on mallikelpoisesti järjestetty ja
harjotettu, sotalaivastoa taas lisätään niin tarmokkaasti, että Saksa
jo on merelläkin kunnioitettava vastustaja, vaikkei se olekaan
likimainkaan saavuttanut Englantia, eikä voine koskaan
saavuttaakaan.

Mutta yhä edelleenkin on Saksanmaa samanlaisessa asemassa

suurien sotilasvaltain välillä, yhä edelleenkin sen täytyy ponnistaa
kaikki tarmonsa puolustaakseen rajojaan. Läheinen liitto Itävalta-
Unkarin kanssa, joka perustuu syvemmille syille kuin vain paperiseen
sopimukseen, on suuressa määrin vahvistanut molempain valtain
kansainvälistä asemaa. Mutta siltä se ei ole niin turvallinen, että
hetkeäkään voitaisiin laiminlyödä maanpuolustuksen vaatimukset.
Sotavoima on alati pysytettävä mahdollisimman hyvässä
sotakunnossa, maanpuolustuksen kaikkia etuja tarkoin punnittava ja
valvottava. Luomme seuraavassa silmäyksen Saksan
maanpuolustuksen ehtoihin.

Länsiraja.

Saksanmaan länsiraja on viime vuosisatain kuluessa ollut

suurimpain vaihteluiden alainen, ja tällä rajalla on jännitys yhä
edelleenkin suurin. Ranskalaisten pyyteitä vastaan, — he kun jo
toisin ajoin työnsivät tämän rajan Itämeren rannoille saakka, —
ryhdyttiin Wienin kongressissa v. 1815 erinäisiin varokeinoihin
hajaannuksensa kautta heikon Saksanmaan suojelemiseksi.
Sveitsistä ja Yhdistetyistä Alankomaista tehtiin "puhvertti valtiot"
Ranskan ja Saksan välille. Sveitsille vakuutettu puolueettomuus
myönnettiin v. 1832 itsenäiseksi eronneelle Belgian
kuningaskunnallekin. Tämän kautta on Saksan länsiraja epäilemättä
vahvistunut; sillä vaikkei Ranska hätätilassa kunnioittaisikaan
puolueettomien valtain puolueettomuutta, vaan sen rikkoisi, niin ovat
nuo pienet vallat kuitenkin itse ryhtyneet tarmokkaihin
toimenpiteihin voidakseen ase kädessä torjua hyökkäyksen.
Saksalaiset epäilevät kuitenkin, tokko ne uskaltaisivat sen tehdä siinä
tapauksessa, että voittava valtio niiden puolueettomuuden rikkoisi.
Niinkauan kuin sotivain valtain voimat ovat jotenkin tasaväkiset, ei
niistä kumpikaan uskalla hyökätä puolueettomalle alueelle; mutta
kun voimat muuttuvat epätasaisiksi, niin voi viettelys olla siksi suuri,
että puolueettomuus rikotaan. Saksa tuskin tämän kautta voisi etuja
itselleen hankkia, arvelevat Saksalaiset, mutta Ranska sitä
enemmän. Ei edes yhteyden aikaan saaminen Italian kanssa
maksaisi vaivaa, koska se sitoisi enemmän sotavoimia, kuin
saavutettava etu korvaisi. Ranska sitä vastoin voisi Sveitsin kautta
helposti tunkeutua Etelä-Saksan sisäosiin. Ja samoin olisi Ranskalle
suurta etua siitä, jos se voisi Belgian kautta lähettää armeijan syvälle
Luoteis-Saksaan, jossa Saksan rajan puolustus on heikompi. Näitä
mahdollisuuksia on puolueettomien valtain huomioon ottaminen ja
sen mukaan rajojaan vahvistettava.

Sveitsi.

Sveitsi on tämän tehtävän käsittänyt siten, että se on etupäässä

turvannut St. Gotthardin, estääkseen armeijoja sen yli kulkemasta ja
saadakseen vuoristoon laajan vallottamattoman linnotuksen, jonne
sen sotavoimat voivat peräytyä ylivoimaisen vihollisen maahan
hyökätessä. Juran puoli rajasta on sitä vastoin huonommin suojeltu.
Se tosin onkin vaikea puolustaa, koska osa vuoristosta kuuluu
Ranskalle ja tasavallan armeijain olisi jotenkin helppo tunkeutua
Geneveen. Saksalaisilla on sen vuoksi mielestään syytä olla
tyytymättömiä siihen tapaan, miten Sveitsi on länsirajansa turvannut.
Ranskalaiset puolestaan voivat olla huoletta siitä, ettei Saksan
kannata hyökätä Gotthardin solaa vastaan, päästäkseen sen kautta
yhteyteen liittolaisensa Italian kanssa. Sola on tosiaan nykyisine
varustuksineen vallottamaton.

Belgia.

Sveitsillä on kuitenkin kaikitenkin joka puolella erinomaiset

luonnon edut rajainsa puolustamiseksi. Toisin on Belgian laita, jonka
alue sulaa yhteen sekä Ranskan että Saksan kanssa. Maasin ja
Sambren laaksoja kulkee kuningaskunnan kautta vanha sotatie,
jonka varressa on lukemattomia kertoja taisteltu ratkaisevia
taisteluita. Se olisi sodan syttyessä Ranskan ja Saksan välillä lyhyin
tie Berlinistä Parisiin, se kulkee rikkaitten, viljeltyjen maitten kautta,
joissa armeijain olisi helppo toimeen tulla, ja verraten vähäiset ovat
ne luonnon esteet, jotka tällä välillä kohtaisivat vallottajaa. Belgia ei
sen vuoksi ole voinut tyytyä siihen, että se on Sveitsin tavoin maan
keskelle rakentanut lujan asemalinnan, vaan sen on täytynyt
rakentaa rajoilleenkin mahtavia linnotuksia. Maasin laakson suojana
ovat Namurin ja Lüttichin erinomaisen vankat, panssaritorneilla
varustetut linnotukset. Mutta Belgian päävoimia ei käytetä näitten
linnotusten puolustamiseen, vaan ne kootaan Antwerpeniin, suuren,
maan sisässä olevan päälinnotuksen ympärille. Tätä asemaa
suojelevat monet joet ja Antwerpeniä ympäröivä 14 kilometriä pitkä
linnakehä, jossa on yhtä monta linnaa, kuin kehä on kilometrejä
pitkä. Varsinkin meren puolella ovat nämä linnat lujat. Belgia näyttää
toivoneen ulkomaalaista apua itsenäisyytensä puolustamiseksi, kun
se Antwerpenin valitsi päälinnotuksekseen. Englannin politika ei
voisikaan suvaita, että joku vieras suurvalta anastaisi Schelden
suistamon, vastapäätä Thamesin suuta, ja siten "suorastaan ojentaisi
pistoolin Englannin rintaa vastaan", kuten William Pitt aikanaan
lausui.

Alankomaat.

Alankomaat ovat, ehkä Belgian esimerkin mukaan, luopuneet

vanhasta linnotusjärjestelmästä, joka käsitti rajalla suuren joukon
linnoja, ja ovat kääntäneet koko huomionsa suurien kaupunkien ja
niitä ympäröiväin marshimaitten suojelemiseen. Samoin kuin entisinä
vuosisatoina on Hollannin maanpuolustuksen vahvin puoli yhä
vieläkin se, että sillä on niin laajat alueet marshimaita, jotka helposti
voidaan laskea veden alle. Ainoastaan hyvin ankarina talvina, joita
joskus sattuu, tämä puolustuskeino ei tehoo. Mutta tavallisina
aikoina se yhä on yhtä varma kuin Ludvig XIV:nnen aikoinakin.
Hollannin pääpuolustuslinja itää vastaan on Utrechtin ja useitten
muitten pienempien linnotusten suojelema "uusi vesilinja"
Zuyderseen ja Lekin välillä, ja sen jatko aina Waalin ja Mansin
yhtymäkohtaan saakka. Etelässä taas meren lahdiksi laajenevat
virransuut estävät vihollista lähestymästä siltä puolen. Hyvässä
turvassa tämän vesilinjan takana on maan päälinnotus, Amsterdam,
ympärillään laaja piiri linnoja ja veden alle laskettavia alhaisia
tulvamaita. Näitä laajoja varustuksia täydentää Ijmuydenin linna
Pohjanmeren kanavan suulla ja Helderin linnotukset, jotka suojelevat
sekä Pohjois-Hollannin kanavia, että Zuyderseen suuta ja voivat
estää vihollisia laivoja kuljettamasta piiritysaseita Amsterdamia
vastaan.
 Saksan puolustussuunnitelma.

Näitten läntisten naapurien rauhalliset aikeet ja heidän luja

puolustuslaitoksensa ovat hyvänä apuna Saksan länsirajan
suojelemiseksi Ranskaa vastaan. Mutta viime sodan kautta tämän
rajan puolustusehdot muutoinkin perinpohjin muuttuivat. Ennen oli
Rhein rajana, salaten Ranskan sotavarustuksia; Strassburg lujana
asepaikkana suorastaan uhkasi Etelä-Saksaa. Nykyään joki sitä
vastoin Baselista aina Hollannin rajalle saakka on kokonaan
Saksalaisten hallussa. Rheinin linja sodan tullen suojelee Saksan
armeijan keskittymistä rajalle. Baselin ja Mainzin välillä kulkee joen
poikki 11 rautatiesiltaa ja 16 laivasiltaa. Rheinin takana Vogesien
selänteet, joitten poikki kulkee ainoastaan muutamia harvoja teitä,
suojelevat koko Ylä-Elsassia, ja tämän vuoriston pohjoispäässä
olevaan aukkoon, jossa maisema muuttuu alavammaksi mäkimaaksi,
suuntautuu Strassburgin ja Kölnin välimaalta kahdeksan rautatietä,
jotka voivat kuljettaa väkeä syvemmälle Ranskaan polveavaan
Lothringiin. Siellä suojelevat uutta Moselin linjaa valtaava Metz,
jonka linnotusten piiri on toista penikulmaa pitkä, ynnä Luxemburgin
rajalla Diedenhoven. Vogesien pohjoispään ja Metzin välille, Saarin
linjalle, Saksa sodan syttyessä kokoisi päävoimansa, sinne viittaavat
sen sotilasradat. Ensimäiset taistelut tulevaisuuden sodassa
epäilemättä taisteltaisiin Lunevillen ja Nancyn välisillä kentillä. Näistä
taisteluista riippuisi, saattaisivatko Saksan armeijat lähteä
etenemään Ranskan etumaista puolustuslinjaa vastaan, joka
nojautuu Moselin latvaosiin ja Maasiin, käsittäen Epinalin, Toulin ja
Verdunin voimalliset linnotukset, vai ranskalaisetko voisivat lähteä
marssimaan Rheiniä vastaan. Sitä varten heidän kuitenkin täytyisi
jättää melkoiset voimat piirittämään Metziä, joka muutoin uhkaisi
heidän jälkiyhteyttään. Mutta itse Rheinin rannalla saisi Saksan
armeija uutta tukea Strassburgin ja Mainzin mahtavista
leirilinnotuksista, jotka käsittävät Rheinin molemmat rannat ja
sulkevat ranskalaisen hyökkäyksen molemmat päätiet Saksan
sisäosiin, Zabernin laakson ja Kaiserlauternin kautta kulkevat Ylä-
Pfalzin tiet. Mutta Saksan maanpuolustus on varustautunut muiltakin
tahoilta tulevia hyökkäyksiä vastaan. Jos Ranska loukkaa Belgian
puolueettomuutta, niin tulee Kölnistä tärkeä sotapaikka, ja sen
linnottamiseksi ovatkin Saksalaiset sen vuoksi tehneet mitä
suurimpia ponnistuksia. Jos Ranskalaiset taas tahtovat Burgundin
porttia hyväkseen käyttäen marssia Etelä-Saksaan, niin he tosin
voivat kiertää Breisachin linnotetun siltapaikan ja marssia
suojattoman maan kautta itään päin. Mutta syvemmällä maan
sisässä ovat Ulmin ja Ingolstadtin linnotukset, jotka voivat pidättää
vihollista, kunnes Saksan armeijat ennättävät kokoontua, taikka
ryhtyä toisella taholla toimiin ranskalaisten armeijain jälkiyhteyden
katkaisemiseksi. Ranska on rakentanut rajansa Saksaa vastaan
täyteen linnotuksia. Saksan suunnitelma sitä vastoin on
yksinkertainen ja selvä. Saksa on muutamiin huolellisesti valittuihin
paikkoihin keskittänyt koko mahtinsa ja luottaa liikkuviin sotavoimiin,
armeijainsa sotakuntoon ja erinomaisen monipuolisiksi ja täydellisiksi
kehittyneihin kulkuneuvoihinsa.

Jos Ranska hyökkää Saksan länsirajaa vastaan, niin on samalla

Saksan rannikkokin vaarassa, koska Ranskan sotalaivasto ainakin
vielä on Saksan sotalaivastoa suurempi. Pohjanmeren rannoilla tosin
lukemattomat matalikot vaikeuttavat vihollisen lähestymistä, mutta
siitä huolimatta on ryhdytty laajoihin toimiin, jotta rannikkojen
suojelus olisi vielä tehokkaampi, Wilhelmshavenin sotasatama ynnä
Elben ja Weserin suistamot on lujasti linnotettu, Helgolanti niinikään,
vaikka tämä saari, joka ennen, Englannin hallussa, Saksaa uhkasi,
Saksan hallussakin on kaksiteräinen miekka, se kun pakottaa Saksaa
ulottamaan puolustustoimiansa kauas merelle vaaranalaiselle
kohdalle. Elben suistamo on saanut entistä suuremman merkityksen
sen kautta, että Pohjan-Itämeren kanava siihen päättyy. Päätekohtia
ei suurikaan vaara uhkaa. Toinen pää on Kielin lujasti linnotetussa
satamassa, toista suojelevat Elben suistamon vaikeat väylät.
Vaikeampi olisi kanavan keskiosaa puolustaa vihollista vastaan, joka
Juutinniemen rannikolla laskisi maihin armeijan. Sitä vastaan täytyisi
lähettää melkoinen maa-armeija, Itämeren rannikkoa on vaikeampi
puolustaa pituutensa vuoksi ja siitä syystä, että sitä yleensä on
laivoilla helpompi lähestyä. Tämän rannikon paras turva on rannan
kanssa yhtä suuntaa kulkeva rautatie, jota pitkin on helppo koota
sotavoimia uhattuihin kohtiin. Tälläkin rannikolla ovat tärkeimmät
liikepaikat linnotetut, ja voidaan ne sodan tullen helposti sulkea
miinoilla. Suurimmat kaupungit ovat niin syvältä virtain suistamoissa,
ettei niitten tarvitse pelätä pommitusta. Danzig ja Königsberg ovat
sitä paitsi lujasti linnotetut. Nämä linnotukset jo kuuluvat itäisen
rajan puolustusjärjestelmään.

Saksan itärajan puolustus.

Saksan ja Itävalta-Unkarin puolustustoimenpiteet toisiaan vastaan

ovat verraten heikot, molemmat suurvallat näyttävät elävän siinä
vakuutuksessa, että liitto itäistä naapuria vastaan on pysyväinen.
Molemmat ovat sen vuoksi kiinnittäneet päähuomionsa itäisen
rajansa suojelemiseen Venäjää vastaan.

Mutta vaikea on tätä pitkää ja länteen käsin mutkaavaa rajaa

suojella. Sen pituus Memelistä Myslowitziin ("kolmen keisarin
nurkkaan") on kokonaista 1,200 kilometriä, ja rajan sisin kohta
lähestyy ainoastaan 300 kilometrin päähän Berlinistä. Tämä
"puolalainen kiila" tähtää uhkaavasti Saksan pääkaupunkia kohti Ja
tarjoo Venäjän armeijalle tilaisuuden vapaasti valita, mitä rajan
kohtaa vastaan se tahtoo päähyökkäyksensä suunnata. Suurimmassa
vaarassa on ltä-Preussi, jota etelässä, idässä ja osaksi pohjoisessakin
piirittää venäläinen alue ja jota sitä paitsi Venäjän sotalaivastokin voi
uhata. Ainoastaan 120 kilometrin levyisellä kannaksella on tämä
maakunta yhteydessä muun Saksan kanssa. Epäilemättä Venäjä,
hyökkäyssotaan ryhtyessään, ensimmäiseksi koettaisi lamata tämän
puolen Preussin kotkan siivestä. Jos Saksan armeijat asettuisivat
puolustuskannalle, niin ei niillä olisi luonnosta muuta apua, kuin
etelärajalla Masurien maan metsät ja sotkuiset vesistöt. Masurien
maan monien järvien keskellä tiet useissa kohdin kulkevat pitkin
kapeita, osasta jo linnotettujakin kannaksia pitkin, joita olisi helppo
puolustaa. Venäjän armeijan luonnolliset hyökkäykset olisivat
Pregelin ja Weichselin leveät laaksot. Vilnan ja Varsovan
rautatieristeykset ovat valmiit lähtökohdat kumpaakin
hyökkäyssuuntaa varten. Kovnon linna, Niemenin ylimenopaikalla,
olisi Königsbergiä vastaan hyökkäävälle armeijalle luja selkänoja,
laajalla linnotuspiirillä on Königsberg viime vuosien kuluessa
varustettu niin lujaksi, että sitä on voimakkaankaan vihollisen
mahdoton täydelleen erottaa muun Saksan yhteydestä, niinkauan
kuin tie merelle pysyy vapaana. Königsbergiin luottaen voisi
heikkokin saksalainen armeija Samlandin niemellä, molempien
haffien välillä, tehokkaasti suojella Itä-Preussin sisempiä osia. Vasta
sitten sen asema kävisi vaaralliseksi, jos Weichselin laaksoa pitkin
hyökkäävän venäläisen armeijan onnistuisi katkaista sen yhteys
lännen kanssa. Tätä vaaraa torjumaan on Thorn lujasti linnotettu,
Grandenz niinikään. Königsbergin takana on Danzig toinen nykyään
melkoisen vahva paikka sekä linnotustensa että monihaaraisten
vesireittiensä kautta. Hädän tullen voidaan Werder, s.o. koko
Weichselin suistamo, laskea veden alle, koska se on suureksi osaksi
Weichselin pintaa alempana. Frisches Haffia pitkin voi Danzig
vihollisen uhatessakin ylläpitää yhteyttä Königsbergin kanssa ja
toiselta puolen estää vihollista maihin nousemasta Danzigin mutkan
länsirannalla, ensimäisessä palkassa Memelin jälkeen, missä mereltä
uhkaava armeija voisi yrittää nousta maihin.

Venäjällä on niin suuret sotavoimat käytettävänään, että se

samalla ehkä voisi kolmannella taholla yrittää tunkeutua Berlinia
vastaan, vaikkei Venäjän rautatieverkkoa olekaan tähän saakka sillä
tavalla kehitetty, että se moista yritystä helpottaisi. Paitsi
vaikeanlaista maata, joka puolustukselle tarjoo useita etuja, ja jokia,
on tällä välillä hyökkääjää vastassa Posenin luja linnotus, johon
Preussin itäisen osan kaikki kulkusuunnat yhtyvät. Näitten
kulkuyhteyksien katkaiseminen ja Posenin piiritys olisi ankara isku,
jonka torjumiseksi Saksan armeijan täytyisi koota kaikki käytettävät
voimansa. Piiritystä vastaan on Posen erinomaisten uudenaikaisten
linnotustensa kautta hyvin varustettu. Königsbergin, Danzigin,
Thornin ja Posenin linnotukset ja niitten välinen helposti
puolustettava maisema ovat sen vuoksi Saksanmaan ensimäinen
puolustuslinja Venäjää vastaan. Niitten takana on Oderin linjalla
toisarvoinen merkitys. Tällä linjalla on, sen jälkeen kuin Stettinin
linnotukset hävitettiin, ainoastaan Warthen suulla Küstrinin linnotus,
seudussa, joka voidaan laajalti saattaa tulvan alle. Etelämpänä on
ainoastaan yksi linnotettu siltapaikka Glogaun luona. Schlesian
itäisen rajan puolustaminen kuuluu enemmän toiselle sijalle. Schlesia
on syrjässä Venäjän hyökkäyksen luonnollisesta suunnasta ja jossain
määrin sitä suojelee Itävalta-Unkarin laaja mutkaaminen itää kohti
tällä puolella. Mutta kieltämättä voi tämäkin oivallisesti viljelty
maakunta joutua vihollisen hyökkäyksen päämääräksi. Kun Saksan
hallitus siitä huolimatta on jättänyt suuren Breslaun ja Ylä-Schlesian
rikkaan teollisuusalueen melkein ilman puolustuksia, niin on sillä ollut
toisenlaiset silmämäärät. Saksan viranomaisten koko suunnitelma
vaikean itärajan puolustamiseksi näyttää perustuvan siihen
käsitykseen, että tällä puolella eivät auta lujat linnotukset, vaan tulee
puolustuksen perustua voimalliseen hyökkäykseen. Ainoastaan
hyökkäyksen kautta voi Saksan armeija lyhentää puolustuslinjoja,
ainoastaan siten voi Saksa saada täyden edun korkealle kehitetyistä
kulkuneuvoistaan. Kun itärajalla ei ole rajan kanssa yhtä suuntaa
juoksevaa jokea, niinkuin länsirajalla Rhein, niin on sinne sen sijaan
rakennettu yhdensuuntaisesti kaksi, pitkillä matkoilla kolmekin
rautatielinjaa, joita pitkin voidaan lyhyessä ajassa koota sotaväkeä
uhatuille kohdille, jos nimittäin linjat voidaan suojella hyökkääviä
ratsujoukkoja vastaan. Se taas on mahdollista ainoastaan siten, että
Saksa lähettää omat armeijansa suoraa päätä rajan taa. Nähtävästi
on Venäjän hallitus ottanut lukuun tämän mahdollisuuden ja
huomaten Saksan suuremman edun valmistanut kauemmaksi rajasta
laajan puolustuslinjan pidättämään vihollista, kunnes se on
ennättänyt armeijansa koota. Novo-Georgievskin — Ivangorodin —
Brest- Litovskin — Goniadzin linnotusneliö ynnä Varsovan linnotettu
leiri yhdessä Bobr, Narev, Bug ja Weichsel jokien kanssa pidättää
vihollista ja estää saksalaista hyökkäysarmeijaa, kunnes Venäjän
sotavoimat ovat ennättäneet kokoontua. Välialueella lisäksi teiden
ylenmäärin huono kunto estää saksalaisen armeijan etenemistä.

Nykyisissä oloissa Saksan sota läntistä tai itäistä naapuriaan

vastaan olisi sota elämästä ja kuolemasta. Sen vuoksi kansa on
kaiken tarmonsa koonnut tämän koettelemuksen kestääkseen.
Yleisen asevelvollisuuden kautta on koko kansa aseissa. Seisovan
armeijan miesluku rauhan aikana on yli 500,000 miestä. Sodan
syttyessä on armeijan ja reservin miesluku 1,128,000 miestä;
tarpeen tullessa on lisäksi 1,471,000 miestä nostoväkeä. Mutta jos
kansakunnan täytyy kaikki voimansa koota, niin voi se asettaa yli 5
miljonaa miestä sotajalalle.
 Lähteitä:

J. Partsch: Mitteleuropa.
A. Hettner: Grundzüge der Länderkunde: Europa.
L. Pohle : Die Entwicklung des deutschen
Wirtschaftslebens im 19 Jahrhundert.
 *** END OF THE PROJECT GUTENBERG EBOOK SAKSANMAA ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed: