مرکز منطقه ای اطلاع رساني علوم و فناوري - CADM: A Centralized Administration and Dynamic Monitoring Framework for Network Intrusion Detection Based on Virtualization

DocumentCode :

3320756

Title :

CADM: A Centralized Administration and Dynamic Monitoring Framework for Network Intrusion Detection Based on Virtualization

Author :

Zhenquan Ding ; Zhiyu Hao ; Yongzheng Zhang

Author_Institution :

Inst. of Inf. Eng., Beijing, China

fYear :

2013

fDate :

16-18 Dec. 2013

Firstpage :

111

Lastpage :

116

Abstract :

Virtualization technology, which has the characteristic of producing dynamic change, enables the virtual network structure to no longer depend strictly on the underlying hardware environment. With virtualization platform administrators tasked with preventing attacks in order to provide uninterrupted service, existing intrusion detection technologies are continuously challenged. Consequently, this paper proposes a Centralized Administration and Dynamic Monitoring framework (CADM) based on virtualization for network intrusion detection. CADM is able to centrally administrate, and monitor network behavior in the virtual computing environment by automatically deploying and updating intrusion detection processes and rules. In the aspect of monitoring capability, CADM allows the monitoring locations in intrusion detection to be automatically adjusted in real time, thus adapting to the dynamic changes (such as migration) of virtual machines (VMs). Moreover, the monitoring processes involved in intrusion detection could also be automatically updated by dynamically updating security strategies. In the aspect of monitoring granularity, CADM is able to monitor network interfaces of each virtual machine (VM) for fine-grained network intrusion detection and network traffic acquisition. Our experimental results demonstrate that more convenient and efficient monitoring and administrating capabilities are available with CADM for virtualization platform administrators.

Keywords :

security of data; virtual machines; virtualisation; CADM; VM; centralized administration; dynamic monitoring framework; fine-grained network intrusion detection; intrusion detection technologies; monitoring granularity; network traffic acquisition; virtual computing environment; virtual machines; virtual network structure; virtualization platform administrators; virtualization technology; Hardware; Intrusion detection; Monitoring; Network interfaces; Servers; Virtualization; Centralized Management; Dynamic Update; Network Intrusion Detection; Virtualization Security Monitoring;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Parallel and Distributed Computing, Applications and Technologies (PDCAT), 2013 International Conference on

Conference_Location :

Taipei

Print_ISBN :

978-1-4799-2418-9

Type :

conf

DOI :

10.1109/PDCAT.2013.24

Filename :

6904241

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3320756