Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations

Chun Jen Chung, Jingsong Cui, Pankaj Khatkar, Dijiang Huang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

Original languageEnglish (US)
Title of host publicationProceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
Pages21-30
Number of pages10
DOIs
StatePublished - 2013
Event9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013 - Austin, TX, United States
Duration: Oct 20 2013Oct 23 2013

Other

Other9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
CountryUnited States
CityAustin, TX
Period10/20/1310/23/13

Fingerprint

Monitoring
Intrusion detection
Analytical models
Momentum
Switches
Virtual machine
Software defined networking

Keywords

  • Attack Graph
  • Countermeasure Selection
  • Intrusion Detection
  • Software Defined Networking
  • Virtual Machine Introspection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Chung, C. J., Cui, J., Khatkar, P., & Huang, D. (2013). Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. In Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013 (pp. 21-30). [6679966] https://doi.org/10.4108/icst.collaboratecom.2013.254107

Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. / Chung, Chun Jen; Cui, Jingsong; Khatkar, Pankaj; Huang, Dijiang.

Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013. 2013. p. 21-30 6679966.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chung, CJ, Cui, J, Khatkar, P & Huang, D 2013, Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. in Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013., 6679966, pp. 21-30, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013, Austin, TX, United States, 10/20/13. https://doi.org/10.4108/icst.collaboratecom.2013.254107
Chung CJ, Cui J, Khatkar P, Huang D. Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. In Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013. 2013. p. 21-30. 6679966 https://doi.org/10.4108/icst.collaboratecom.2013.254107
Chung, Chun Jen ; Cui, Jingsong ; Khatkar, Pankaj ; Huang, Dijiang. / Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013. 2013. pp. 21-30
@inproceedings{0b37acb8daa64b5da14ddf939ab55971,
title = "Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations",
abstract = "Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.",
keywords = "Attack Graph, Countermeasure Selection, Intrusion Detection, Software Defined Networking, Virtual Machine Introspection",
author = "Chung, {Chun Jen} and Jingsong Cui and Pankaj Khatkar and Dijiang Huang",
year = "2013",
doi = "10.4108/icst.collaboratecom.2013.254107",
language = "English (US)",
isbn = "9781936968923",
pages = "21--30",
booktitle = "Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013",

}

TY - GEN

T1 - Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations

AU - Chung, Chun Jen

AU - Cui, Jingsong

AU - Khatkar, Pankaj

AU - Huang, Dijiang

PY - 2013

Y1 - 2013

N2 - Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

AB - Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

KW - Attack Graph

KW - Countermeasure Selection

KW - Intrusion Detection

KW - Software Defined Networking

KW - Virtual Machine Introspection

UR - http://www.scopus.com/inward/record.url?scp=84893525019&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893525019&partnerID=8YFLogxK

U2 - 10.4108/icst.collaboratecom.2013.254107

DO - 10.4108/icst.collaboratecom.2013.254107

M3 - Conference contribution

AN - SCOPUS:84893525019

SN - 9781936968923

SP - 21

EP - 30

BT - Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013

ER -