Title :
TCP DDOS Attack Detection on the Host in the KVM Virtual Machine Environment
Author :
Wei, Zhuang ; Xiaolin, Gui ; Wei, Huang Ru ; Si, Yu
Author_Institution :
Dept. of Comput. Sci. & Technol., Xi´´an Jiao Tong Univ., Xi´´an, China
fDate :
May 30 2012-June 1 2012
Abstract :
Analyze the disadvantages of KVM original network connection modes, and design the third network connection mode: NAT + Bridge mode. For the malicious virtual machines in user mode are difficult to detect and locate in normal way, the article proposes a strategy for detecting TCP DDOS attack based on an improved CUSUM algorithm in the KVM. This strategy detects attack of virtual machines in user mode indirectly by treating the user mode as an independent virtual machine, and determine the suspicious virtual machines in accordance with the abnormal behavior of the process, and then dynamically migrate the suspicious virtual machine to a independent NAT + bridged network environment, then detect the attack of every virtual machine in the independent network environment based on the improved CUSUM algorithm.
Keywords :
computer network security; operating system kernels; transport protocols; virtual machines; CUSUM algorithm; KVM virtual machine environment; NAT+bridged network environment; TCP DDOS attack; TCP DDOS attack detection; kernel-based virtual machine; malicious virtual machines; suspicious virtual machines; third network connection mode; user mode; Algorithm design and analysis; Bridges; Cloud computing; Computer crime; IP networks; Monitoring; Virtual machining; KVM; TCP DDOS attack; improved CUSUM algorithm; virtual machine;
Conference_Titel :
Computer and Information Science (ICIS), 2012 IEEE/ACIS 11th International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4673-1536-4
DOI :
10.1109/ICIS.2012.105
