TY - GEN
T1 - Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations
AU - Chung, Chun Jen
AU - Cui, Jingsong
AU - Khatkar, Pankaj
AU - Huang, Dijiang
PY - 2013/12/1
Y1 - 2013/12/1
N2 - Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
AB - Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
KW - Attack Graph
KW - Countermeasure Selection
KW - Intrusion Detection
KW - Software Defined Networking
KW - Virtual Machine Introspection
UR - http://www.scopus.com/inward/record.url?scp=84893525019&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893525019&partnerID=8YFLogxK
U2 - 10.4108/icst.collaboratecom.2013.254107
DO - 10.4108/icst.collaboratecom.2013.254107
M3 - Conference contribution
AN - SCOPUS:84893525019
SN - 9781936968923
T3 - Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
SP - 21
EP - 30
BT - Proceedings of the 9th IEEE International Conference on Collaborative Computing
T2 - 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
Y2 - 20 October 2013 through 23 October 2013
ER -