Autonomous agent based intrusion detection in virtual computing environment

One of the motivations for virtualization technology is the desire to develop new services to enhance system security without trusting both the applications and the operating systems. An intrusion detection system is an example of such service that can help to isolate users from malicious attacks. In this paper, we propose hybrid-based intrusion detection architecture in virtual computing environment to detect and isolate harmful behaviors by real-time monitoring and alarming. In contrast to monolithic intrusion detection system, we introduce autonomous agents, acting independently of each other, to monitor the system. The agents are deployed in virtual machines to analyze actions occurring on the network and inside the hosts to determine whether they are potential security violations or not. Our architecture is implemented based on Xen, and the detection management center is deployed in a secure virtual machine.