Hypervisor-based cloud intrusion detection system
| Title | Hypervisor-based cloud intrusion detection system |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Nikolai, J., Yong Wang |
| Conference Name | Computing, Networking and Communications (ICNC), 2014 International Conference on |
| Date Published | Feb |
| Keywords | block device read requests, block device write requests, cloud computing, cloud computing resources, cloud features, Computer crime, computer network security, CPU utilization, hypervisor, hypervisor performance metrics, hypervisor-based cloud intrusion detection system, Intrusion detection, intrusion detection security, Measurement, multitenancy, operating system, packet transmission, received packets, shared resource utilization, software architecture, software metrics, Virtual machine monitors, virtual machine performance metrics, virtual machines, Virtual machining, virtualisation, virtualization, virtualization technology |
| Abstract | Shared resources are an essential part of cloud computing. Virtualization and multi-tenancy provide a number of advantages for increasing resource utilization and for providing on demand elasticity. However, these cloud features also raise many security concerns related to cloud computing resources. In this paper, we propose an architecture and approach for leveraging the virtualization technology at the core of cloud computing to perform intrusion detection security using hypervisor performance metrics. Through the use of virtual machine performance metrics gathered from hypervisors, such as packets transmitted/received, block device read/write requests, and CPU utilization, we demonstrate and verify that suspicious activities can be profiled without detailed knowledge of the operating system running within the virtual machines. The proposed hypervisor-based cloud intrusion detection system does not require additional software installed in virtual machines and has many advantages compared to host-based and network based intrusion detection systems which can complement these traditional approaches to intrusion detection. |
| URL | https://ieeexplore.ieee.org/document/6785472/ |
| DOI | 10.1109/ICCNC.2014.6785472 |
| Citation Key | 6785472 |
- multitenancy
- virtualization technology
- Virtualization
- virtualisation
- Virtual machining
- virtual machines
- virtual machine performance metrics
- Virtual machine monitors
- software metrics
- Software Architecture
- shared resource utilization
- received packets
- packet transmission
- operating system
- block device read requests
- Measurement
- intrusion detection security
- Intrusion Detection
- hypervisor-based cloud intrusion detection system
- hypervisor performance metrics
- hypervisor
- CPU utilization
- computer network security
- Computer crime
- cloud features
- cloud computing resources
- Cloud Computing
- block device write requests