• DocumentCode
    651651
  • Title

    Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations

  • Author

    Chun-Jen Chung ; Jingsong Cui ; Khatkar, Pankaj ; Dijiang Huang

  • Author_Institution
    Sch. of Comput. Inf. & Decision Syst. Eng., Arizona State Univ., Tempe, AZ, USA
  • fYear
    2013
  • fDate
    20-23 Oct. 2013
  • Firstpage
    21
  • Lastpage
    30
  • Abstract
    Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
  • Keywords
    cloud computing; graph theory; security of data; virtual machines; virtualisation; VM vulnerability exploration mitigation; VM vulnerability exploration prevention; VMM-based malicious process detection; attack detection; attack graph based analytical models; cloud attacker; distributed programmable virtual switches; intrusion detection framework; line of defense; nonintrusive process-based monitoring system; reconfigurable virtual network-based countermeasures; resource sharing; security evaluations; software defined networking; virtualized environment; vulnerable virtual machines; Intrusion detection; Malware; Monitoring; Ports (Computers); Semantics; Software; Attack Graph; Countermeasure Selection; Intrusion Detection; Software Defined Networking; Virtual Machine Introspection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on
  • Conference_Location
    Austin, TX
  • Type

    conf

  • Filename
    6679966