Xen Network Flow Analysis for Intrusion Detection
Title | Xen Network Flow Analysis for Intrusion Detection |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Johnston, Reece, Kim, Sun-il, Coe, David, Etzkorn, Letha, Kulick, Jeffrey, Milenkovic, Aleksandar |
Conference Name | Proceedings of the 11th Annual Cyber and Information Security Research Conference |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-3752-6 |
Keywords | composability, hypervisor, pubcrawl, Underwater Networks, Xen |
Abstract | Virtualization technology has become ubiquitous in the computing world. With it, a number of security concerns have been amplified as users run adjacently on a single host. In order to prevent attacks from both internal and external sources, the networking of such systems must be secured. Network intrusion detection systems (NIDSs) are an important tool for aiding this effort. These systems work by analyzing flow or packet information to determine malicious intent. However, it is difficult to implement a NIDS on a virtualized system due to their complexity. This is especially true for the Xen hypervisor: Xen has incredible heterogeneity when it comes to implementation, making a generic solution difficult. In this paper, we analyze the network data flow of a typical Xen implementation along with identifying features common to any implementation. We then explore the benefits of placing security checks along the data flow and promote a solution within the hypervisor itself. |
URL | http://doi.acm.org/10.1145/2897795.2897802 |
DOI | 10.1145/2897795.2897802 |
Citation Key | johnston_xen_2016 |