Visible to the public Xen Network Flow Analysis for Intrusion Detection

TitleXen Network Flow Analysis for Intrusion Detection
Publication TypeConference Paper
Year of Publication2016
AuthorsJohnston, Reece, Kim, Sun-il, Coe, David, Etzkorn, Letha, Kulick, Jeffrey, Milenkovic, Aleksandar
Conference NameProceedings of the 11th Annual Cyber and Information Security Research Conference
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3752-6
Keywordscomposability, hypervisor, pubcrawl, Underwater Networks, Xen
Abstract

Virtualization technology has become ubiquitous in the computing world. With it, a number of security concerns have been amplified as users run adjacently on a single host. In order to prevent attacks from both internal and external sources, the networking of such systems must be secured. Network intrusion detection systems (NIDSs) are an important tool for aiding this effort. These systems work by analyzing flow or packet information to determine malicious intent. However, it is difficult to implement a NIDS on a virtualized system due to their complexity. This is especially true for the Xen hypervisor: Xen has incredible heterogeneity when it comes to implementation, making a generic solution difficult. In this paper, we analyze the network data flow of a typical Xen implementation along with identifying features common to any implementation. We then explore the benefits of placing security checks along the data flow and promote a solution within the hypervisor itself.

URLhttp://doi.acm.org/10.1145/2897795.2897802
DOI10.1145/2897795.2897802
Citation Keyjohnston_xen_2016