Security Architecture for Virtual Machines
We propose security architecture based on virtual machine monitor to efficiently deal with attacks on virtual machines. We will show that our model is capable of detecting suspicious processes running in the virtual machine, can detect and prevent different types of attacks including zero day attacks by monitoring the virtual machine traffic and the processes that are generating or receiving the traffic. The architecture also makes use of sharing information about the suspicious behaviour among multiple Intrusion detection systems deployed in different virtual machine monitors. We describe the implementation of the proposed architecture and present a detailed analysis of how our architecture can be used to detect zero day attacks.
KeywordsVirtual Machine Monitors Intrusion Detection hidden processes
Unable to display preview. Download preview PDF.
- 2.Shin, S., Gu, G.: Conficker and Beyond: A Large-Scale Empirical Study. In: 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, pp. 151–160. ACM, New York (2010)Google Scholar
- 4.Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: 10th Network and Distributed System Security Symposium, California. Internet Society, USA (2003)Google Scholar
- 5.Jones, S., Arpaci-Dusseau, A., Arpaci-Dusseau, R.: VMM-based Hidden Process Detection and Identification using Lycosid. In: 4th International Conference on Virtual execution environments, Seattle, WA, March 5-7, pp. 91–100. ACM SIGPLAN/SIGOPS, USA (2008)Google Scholar
- 6.Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-End containment of Internet Worms. In: Proceedings of the 20th ACM symposium on Operating systems principles, SOSP 2005, Brighton, UK, October 23-26, pp. 133–147. ACM, New York (2005)Google Scholar