Abstract
While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.
This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. SIGOPS Oper. Syst. Rev. 45(2), 38–53 (2011)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)
Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware (short paper). In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 78–85. IEEE Computer Society, Washington, DC (2006)
Bugiel, S., Nürnberger, S., Sadeghi, A.-R., Schneider, T.: Twin clouds: Secure cloud computing with low latency. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 32–44. Springer, Heidelberg (2011)
Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: Revirt: Enabling intrusion analysis through virtual-machine logging and replay. SIGOPS Oper. Syst. Rev. 36(SI), 211–224 (2002)
Falliere, N., Chien, E.: Zeus: King of the bots (2009)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: 9th ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 193–206. ACM, New York (2003)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proc. Network and Distributed Systems Security Symposium, pp. 191–206 (2003)
Han-zhang, W., Liu-sheng, H.: An improved trusted cloud computing platform model based on daa and privacy ca scheme. In: 2010 International Conference on Computer Application and System Modeling (ICCASM), Oct 2010, vol. 13 (2010)
Harrison, K., Bordbar, B., Ali, S.T.T., Dalton, C.I., Norman, A.: A Framework for Detecting Malware in Cloud by Identifying Symptoms, pp. 164–172. IEEE (2012)
Hurley, J., Munoz, A., Sezer, S.: Itaca: Flexible, scalable network analysis. In: ICC, pp. 1069–1073. IEEE (2012)
King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: Subvirt: Implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, SP 2006, pp. 314–327. IEEE Computer Society (2006)
Nguyen, A.-Q., Takefuji, Y.: A novel approach for a file-system integrity monitor tool of xen virtual machine. In: Bao, F., Miller, S. (eds.) ASIACCS, ACM (2007)
Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J., Jahanian, F.: Virtualized in-cloud security services for mobile devices. In: 1st Workshop on Virtualization in Mobile Computing, MobiVirt 2008, pp. 31–35. ACM, New York (2008)
Porras, P.A.: Directions in network-based security monitoring. IEEE Security & Privacy 7(1), 82–85 (2009)
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud 2009. USENIX Association, Berkeley (2009)
Shen, Z., Li, L., Yan, F., Wu, X.: Cloud computing system based on trusted computing platform. In: International Conference on Intelligent Computation Technology and Automation, ICICTA 2010, vol. 01. IEEE Computer Society (2010)
Thakar, N.: Botnets remain a leading threat (2013), https://blogs.mcafee.com/business/security-connected/tackling-the-botnet-threat
Wang, H., Zhou, H., Wang, C.: Virtual machine-based intrusion detection system framework in cloud computing environment. JCP 7(10), 2397–2403 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Chouhan, P.K., Hagan, M., McWilliams, G., Sezer, S. (2014). Network Based Malware Detection within Virtualised Environments. In: Lopes, L., et al. Euro-Par 2014: Parallel Processing Workshops. Euro-Par 2014. Lecture Notes in Computer Science, vol 8805. Springer, Cham. https://doi.org/10.1007/978-3-319-14325-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-14325-5_29
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14324-8
Online ISBN: 978-3-319-14325-5
eBook Packages: Computer ScienceComputer Science (R0)