VMFence: a customized intrusion prevention system in distributed virtual computing environment
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
Virtual machine monitor-based lightweight intrusion detection
ACM SIGOPS Operating Systems Review
Virtual machine introspection in a hybrid honeypot architecture
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Securing cloud storage systems through a virtual machine monitor
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Hi-index | 0.00 |
Intrusion detection system (IDS) has been introduced and broadly applied to prevent unauthorized access to system resource and data for several years. However, many problems are still not well resolved in most of IDS, such as detection evasion, intrusion containment. In order to resolve these problems, we propose a novel flexible architecture VNIDA which is based on virtual machine monitor (VMM) and has no-intrusive behavior to target system after studying popular IDS architectures. In this architecture, a separate intrusion detection domain (IDD) is added to provide intrusion detection services for all virtual machines. Specially, an IDD helper is introduced to take response to the intrusions according to the security policies. Moreover, event sensors and IDS stub, as the core components of IDS, are separately isolated from target systems, so strong reliability is also achieved in this architecture. To show the feasibility of the VNIDA, we implement a prototype based on the proposed architecture. Based on the prototype, we employed some rootkits to evaluate our VNIDA, and the results shows that VNIDA has the ability to detect them efficiently, even some potential intrusions. In addition, system performance evaluation also shows that VNIDA only introduce less than 1.25% extra overhead.