Linux环境下网络威胁检测的虚拟化框架设计

2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) Pub Date : 2017-06-01 DOI:10.1109/CSCloud.2017.18

D. Levy, Hardik A. Gohel, Himanshu Upadhyay, A. Perez-Pons, Leonel E. Lagos

{"title":"Linux环境下网络威胁检测的虚拟化框架设计","authors":"D. Levy, Hardik A. Gohel, Himanshu Upadhyay, A. Perez-Pons, Leonel E. Lagos","doi":"10.1109/CSCloud.2017.18","DOIUrl":null,"url":null,"abstract":"In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Design of Virtualization Framework to Detect Cyber Threats in Linux Environment\",\"authors\":\"D. Levy, Hardik A. Gohel, Himanshu Upadhyay, A. Perez-Pons, Leonel E. Lagos\",\"doi\":\"10.1109/CSCloud.2017.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.\",\"PeriodicalId\":436299,\"journal\":{\"name\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud.2017.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2017.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

在当今的软件和系统环境中，安全框架和模型呈指数级发展。目前有许多传统的基于主机的框架可用于检测Linux环境下的网络威胁。但是，在检测修改Linux操作系统(OS)内核以避免检测的rootkit方面存在许多挑战。这些限制促使我们设计了一个虚拟化框架来检测Linux环境下的网络威胁。而不是依赖于Linux操作系统内核，现在是网络攻击的常见受害者，这个虚拟化框架将依赖于虚拟机管理程序，这是一个更安全的软件层，运行操作系统内核和硬件。本文提出了一种基于知名管理程序的虚拟化框架来检测网络威胁。提出的工作允许比传统的基于主机的框架更健壮的网络威胁检测方法。它还具有自我修复特性，因为它不仅可以检测受感染的服务器，还可以通过用未受感染的版本替换它们来暂停它们的操作。这个创新的框架承诺以最低的维护成本保护大规模的IT基础设施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Design of Virtualization Framework to Detect Cyber Threats in Linux Environment

In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)

自引率

0.00%

发文量