Design of Virtualization Framework to Detect Cyber Threats in Linux Environment

Abstract

In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.