On the design of virtual machine intrusion detection system

Udaya Tupakula*, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic.

Original languageEnglish
Title of host publicationProceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011
Place of PublicationLos Alamitos, Calif.
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages682-685
Number of pages4
ISBN (Print)9781424492213
DOIs
Publication statusPublished - 2011
Event12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011 - Dublin, Ireland
Duration: 23 May 201127 May 2011

Other

Other12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011
Country/TerritoryIreland
CityDublin
Period23/05/1127/05/11

Fingerprint

Dive into the research topics of 'On the design of virtual machine intrusion detection system'. Together they form a unique fingerprint.

Cite this