The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A Case For Grid Computing On Virtual Machines
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Secure and Manageable Virtual Private Networks for End-users
LCN '03 Proceedings of the 28th Annual IEEE International Conference on Local Computer Networks
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The design and implementation of Zap: a system for migrating computing environments
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Remote Repair of Operating System State Using Backdoors
ICAC '04 Proceedings of the First International Conference on Autonomic Computing
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
Virtual machine aware communication libraries for high performance computing
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
XenLoop: a transparent high performance inter-vm network loopback
HPDC '08 Proceedings of the 17th international symposium on High performance distributed computing
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
VMFence: a customized intrusion prevention system in distributed virtual computing environment
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
XenLoop: a transparent high performance inter-VM network loopback
Cluster Computing
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Hypervisor-based prevention of persistent rootkits
Proceedings of the 2010 ACM Symposium on Applied Computing
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A fuzzy-based dynamic provision approach for virtualized network intrusion detection systems
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
A distributed neural network learning algorithm for network intrusion detection system
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
SPARC: a security and privacy aware virtual machinecheckpointing mechanism
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
idsocket: API for inter-domain communications base on xen
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part I
A high performance Inter-VM network communication mechanism
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part I
SimTester: a controllable and observable testing framework for embedded systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Hypervisor-based protection of sensitive files in a compromised system
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
A high performance inter-domain communication approach for virtual machines
Journal of Systems and Software
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
A VMM-based intrusion prevention system in cloud computing environment
The Journal of Supercomputing
| Hi-index | 0.00 |
In this paper, a virtual distributed monitoring environment called HyperSpector is described that achieves secure intrusion detection in distributed computer systems. While multiple intrusion detection systems (IDSes) can protect a distributed system from attackers, they can increase the number of insecure points in the protected system. HyperSpector overcomes this problem without any additional hardware by using virtualization to isolate each IDS from the servers it monitors. The IDSes are located in a virtual machine called an IDS VM and the servers are located in a server VM. The IDS VMs among different hosts are connected using a virtual network. To enable legacy IDSes running in the IDS VM to monitor the server VM, HyperSpector provides three inter-VM monitoring mechanisms: software port mirroring, inter-VM disk mounting, and inter-VM process mapping. Consequently, active attacks, which directly attack the IDSes, are prevented. The impact of passive attacks, which wait until data including malicious code is read by an IDS and the IDS becomes compromised, is confined to within an affected HyperSpector environment.