论文信息 - Efficient and effective NIDS for cloud virtualization environment

Efficient and effective NIDS for cloud virtualization environment

While more and more digital application services move to the cloud virtualization environment, the network security challenges are equally striking. In general, these network attacks can be detected by deploying network intrusion detection systems (NIDSs) to the cloud platform. As clients in the cloud can create many virtual machines (VMs) to run their services privately, all detection rules are usually loaded into NIDSs to avoid any oversight, and cause damage to the performance of NIDS. This work presents a new architecture for building an efficient NIDS to the cloud virtualization environment. By resolving the virtual system information from operating systems' kernel map in hypervisor layer, the services in the cloud can be identified exactly and the required detection rules can be adopted dynamically. The experiment results show that the proposed NIDS is efficient and effective.

Chih-Hung Lin | Hsing-Kuo Kenneth Pao | Chin-Wei Tien

[1] S. Goasguen,et al. An Evaluation of KVM for Use in Cloud Computing , 2008 .

[2] Stevan Mrdalj,et al. Would Cloud Computing Revolutionize Teaching Business Intelligence Courses , 2011 .

[3] V. Kavitha,et al. A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[4] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[5] Jason Nieh. Examining VMware , 2000 .

[6] Farnam Jahanian,et al. Defeating TCP/IP Stack Fingerprinting , 2000, USENIX Security Symposium.

[7] Greg Taleck,et al. Ambiguity Resolution via Passive OS Fingerprinting , 2003, RAID.

[8] Ryan Spangler,et al. Analysis of Remote Active Operating System Fingerprinting Tools , 2003 .

[9] A. Kivity,et al. kvm : the Linux Virtual Machine Monitor , 2007 .

[10] Karen A. Scarfone,et al. Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[11] Tal Garfinkel,et al. A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[12] Andrew Warfield,et al. Xen and the art of virtualization , 2003, SOSP '03.