Intrusion detection and honeypots in nested virtualization environments

Author

Beham, Michael ; Vlad, Marius ; Reiser, Hans P.

Author_Institution

Inst. of IT-Security & Security Law, Univ. of Passau, Passau, Germany

fYear

2013

fDate

24-27 June 2013

Firstpage

1

Lastpage

6

Abstract

Several research projects in the past have built intrusion detection systems and honeypot architectures based on virtual machine introspection (VMI). These systems directly benefit from the use of virtualization technology. The VMI approach, however, requires direct interaction with the virtual machine monitor, and typically is not available to clients of current public clouds. Recently, nested virtualization has gained popularity in research as an approach that could enable cloud customers to use virtualization-based solutions within a cloud by nesting two virtual machine monitors, with the inner one under control of the client. In this paper, we compare the performance of existing nested-virtualization solutions and analyze the impact of the performance overhead on VMI-based intrusion detection and honeypot systems.

Keywords

cloud computing; performance evaluation; security of data; virtual machines; virtualisation; VMI approach; VMI-based intrusion detection systems; cloud customers; honeypot architecture; honeypot systems; nested virtualization technology; performance overhead; virtual machine introspection; virtual machine monitor; virtualization-based solutions; Cloud computing; Hardware; Intrusion detection; Performance evaluation; Support vector machines; Virtual machine monitors; Virtualization; Cloud computing; Honeypots; Intrusion detection; Nested virtualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on

Conference_Location

Budapest

ISSN

1530-0889

Print_ISBN

978-1-4673-6471-3

Type

conf

DOI

10.1109/DSN.2013.6575329

Filename

6575329