虚拟机入侵检测系统的设计

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops Pub Date : 2011-05-23 DOI:10.1109/INM.2011.5990655

U. Tupakula, V. Varadharajan

{"title":"虚拟机入侵检测系统的设计","authors":"U. Tupakula, V. Varadharajan","doi":"10.1109/INM.2011.5990655","DOIUrl":null,"url":null,"abstract":"In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"On the design of Virtual machine Intrusion detection system\",\"authors\":\"U. Tupakula, V. Varadharajan\",\"doi\":\"10.1109/INM.2011.5990655\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic.\",\"PeriodicalId\":433520,\"journal\":{\"name\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INM.2011.5990655\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990655","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

本文提出了一种名为VICTOR的综合安全架构来应对不同类型的虚拟机攻击。我们的模型考虑了在每个虚拟机(VM)中运行的操作系统和应用程序的特定特征，并在细粒度级别上处理攻击。该体系结构由实体验证、入侵检测引擎和动态分析器等组成。实体验证组件用于检测具有欺骗源地址的攻击流量、安全日志记录以及捕获在虚拟机中运行的操作系统和应用程序的信息。入侵检测引擎组件通过监控虚拟机的进出流量来检测已知的攻击和可疑行为。动态分析器用于检测和验证可疑进程、检测零日攻击以及对生成攻击流量的恶意进程或应用程序进行细粒度隔离。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

On the design of Virtual machine Intrusion detection system

In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

自引率

0.00%

发文量