Efficient hashing technique for malicious profile detection at hypervisor environment

IF 3.3 3区 计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS
Anumukonda Naga Seshu Kumar, Rajesh Kumar Yadav, Nallanthighal Srinivasa Raghava
{"title":"Efficient hashing technique for malicious profile detection at hypervisor environment","authors":"Anumukonda Naga Seshu Kumar, Rajesh Kumar Yadav, Nallanthighal Srinivasa Raghava","doi":"10.1007/s00607-024-01325-7","DOIUrl":null,"url":null,"abstract":"<p>Attack detection in cyber security systems is one of the complex tasks which require domain specific knowledge and cognitive intelligence to detect novel and unknown attacks from large scale network data. This research explores how the network operations and network security affects the detection of unknown attacks in network systems. A hash based profile matching technique is presented in this paper for attack detection. The main objective of this work is to detect unknown attacks using a profile matching approach in Hypervisors. Hypervisors are characterized by their versatile nature since they allow the utilization of available system resources. The virtual machines (VMs) in the hypervisors are not dependent on the host hardware and as a result, hypervisors are considered advantageous. In addition, hypervisors have direct access to the hardware resources such as memory, storage and processors. However, hypervisors are more susceptible to the security threats which attack each and every VM. A SHA3-512 hashing algorithm used for generating hash values in hypervisor and the proposed model is used to verify whether the profile is malicious or benign. The performance of the hashbased profile matching technique is compared with traditional hash techniques namely SHA-256 and MD5 algorithm. Results show that the proposed SHA3-512 algorithm achieves a phenomenal performance in terms of phenomenal accuracy and zero false positive rates. Simulation results also show that the computation time required by Sha3-512 algorithm is lower compared to SHA-256 and MD5 algorithms. The performance analysis validates that the hash based approach achieves reliable performance for attack detection. The effectiveness of the hashing technique was determined using three different evaluation metrics namely attack DR, FPR, and computational time. Simulation results show that the existing SHA3- 512 algorithm detection rate of 97.24% with zero false positive rate and faster computational time compared to SHA 256 and MD5 algorithms.</p>","PeriodicalId":10718,"journal":{"name":"Computing","volume":"6 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00607-024-01325-7","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

Attack detection in cyber security systems is one of the complex tasks which require domain specific knowledge and cognitive intelligence to detect novel and unknown attacks from large scale network data. This research explores how the network operations and network security affects the detection of unknown attacks in network systems. A hash based profile matching technique is presented in this paper for attack detection. The main objective of this work is to detect unknown attacks using a profile matching approach in Hypervisors. Hypervisors are characterized by their versatile nature since they allow the utilization of available system resources. The virtual machines (VMs) in the hypervisors are not dependent on the host hardware and as a result, hypervisors are considered advantageous. In addition, hypervisors have direct access to the hardware resources such as memory, storage and processors. However, hypervisors are more susceptible to the security threats which attack each and every VM. A SHA3-512 hashing algorithm used for generating hash values in hypervisor and the proposed model is used to verify whether the profile is malicious or benign. The performance of the hashbased profile matching technique is compared with traditional hash techniques namely SHA-256 and MD5 algorithm. Results show that the proposed SHA3-512 algorithm achieves a phenomenal performance in terms of phenomenal accuracy and zero false positive rates. Simulation results also show that the computation time required by Sha3-512 algorithm is lower compared to SHA-256 and MD5 algorithms. The performance analysis validates that the hash based approach achieves reliable performance for attack detection. The effectiveness of the hashing technique was determined using three different evaluation metrics namely attack DR, FPR, and computational time. Simulation results show that the existing SHA3- 512 algorithm detection rate of 97.24% with zero false positive rate and faster computational time compared to SHA 256 and MD5 algorithms.

Abstract Image

用于在管理程序环境中检测恶意配置文件的高效散列技术
网络安全系统中的攻击检测是一项复杂的任务,需要特定领域的知识和认知智能,才能从大规模网络数据中检测出新型和未知攻击。本研究探讨了网络运行和网络安全如何影响网络系统中未知攻击的检测。本文提出了一种基于哈希特征匹配的攻击检测技术。这项工作的主要目标是在管理程序中使用配置文件匹配方法检测未知攻击。超级管理器的特点是其多功能性,因为它允许利用可用的系统资源。管理程序中的虚拟机(VM)不依赖于主机硬件,因此,管理程序被认为具有优势。此外,管理程序可以直接访问内存、存储和处理器等硬件资源。不过,管理程序更容易受到攻击每个虚拟机的安全威胁。在管理程序中使用 SHA3-512 哈希算法生成哈希值,并使用建议的模型来验证配置文件是恶意的还是良性的。基于散列的配置文件匹配技术的性能与传统散列技术(即 SHA-256 和 MD5 算法)进行了比较。结果表明,拟议的 SHA3-512 算法在惊人的准确率和零误报率方面实现了惊人的性能。仿真结果还显示,与 SHA-256 和 MD5 算法相比,SHA3-512 算法所需的计算时间更短。性能分析验证了基于散列的方法在攻击检测方面具有可靠的性能。使用三种不同的评估指标(即攻击 DR、FPR 和计算时间)确定了散列技术的有效性。仿真结果表明,与 SHA 256 和 MD5 算法相比,现有的 SHA3- 512 算法检测率为 97.24%,误报率为零,计算时间更短。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computing
Computing 工程技术-计算机:理论方法
CiteScore
8.20
自引率
2.70%
发文量
107
审稿时长
3 months
期刊介绍: Computing publishes original papers, short communications and surveys on all fields of computing. The contributions should be written in English and may be of theoretical or applied nature, the essential criteria are computational relevance and systematic foundation of results.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信