Network Based Malware Detection within Virtualised Environments

  • Pushpinder Kaur Chouhan
  • Matthew Hagan
  • Gavin McWilliams
  • Sakir Sezer
Conference paper

DOI: 10.1007/978-3-319-14325-5_29

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8805)
Cite this paper as:
Chouhan P.K., Hagan M., McWilliams G., Sezer S. (2014) Network Based Malware Detection within Virtualised Environments. In: Lopes L. et al. (eds) Euro-Par 2014: Parallel Processing Workshops. Euro-Par 2014. Lecture Notes in Computer Science, vol 8805. Springer, Cham

Abstract

While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.

This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Pushpinder Kaur Chouhan
    • 1
  • Matthew Hagan
    • 1
  • Gavin McWilliams
    • 1
  • Sakir Sezer
    • 1
  1. 1.Centre for Secure Information TechnologiesQueens University of BelfastNorthern Ireland, UK

Personalised recommendations