Biblio

Found 102 results

Filters: Keyword is virtualization  [Clear All Filters]
2021-07-07
Diamanti, Alessio, Vilchez, José Manuel Sanchez, Secci, Stefano.  2020.  LSTM-based radiography for anomaly detection in softwarized infrastructures. 2020 32nd International Teletraffic Congress (ITC 32). :28–36.
Legacy and novel network services are expected to be migrated and designed to be deployed in fully virtualized environments. Starting with 5G, NFV becomes a formally required brick in the specifications, for services integrated within the infrastructure provider networks. This evolution leads to deployment of virtual resources Virtual-Machine (VM)-based, container-based and/or server-less platforms, all calling for a deep virtualization of infrastructure components. Such a network softwarization also unleashes further logical network virtualization, easing multi-layered, multi-actor and multi-access services, so as to be able to fulfill high availability, security, privacy and resilience requirements. However, the derived increased components heterogeneity makes the detection and the characterization of anomalies difficult, hence the relationship between anomaly detection and corresponding reconfiguration of the NFV stack to mitigate anomalies. In this article we propose an unsupervised machine-learning data-driven approach based on Long-Short- Term-Memory (LSTM) autoencoders to detect and characterize anomalies in virtualized networking services. With a radiography visualization, this approach can spot and describe deviations from nominal parameter values of any virtualized network service by means of a lightweight and iterative mean-squared reconstruction error analysis of LSTM-based autoencoders. We implement and validate the proposed methodology through experimental tests on a vIMS proof-of-concept deployed using Kubernetes.
Al-hamouri, Rahaf, Al-Jarrah, Heba, Al-Sharif, Ziad A., Jararweh, Yaser.  2020.  Measuring the Impacts of Virtualization on the Performance of Thread-Based Applications. 2020 Seventh International Conference on Software Defined Systems (SDS). :131–138.
The following topics are dealt with: cloud computing; software defined networking; cryptography; telecommunication traffic; Internet of Things; authorisation; software radio; cryptocurrencies; data privacy; learning (artificial intelligence).
2021-07-08
Chaturvedi, Amit Kumar, Kumar, Punit, Sharma, Kalpana.  2020.  Proposing Innovative Intruder Detection System for Host Machines in Cloud Computing. 2020 9th International Conference System Modeling and Advancement in Research Trends (SMART). :292—296.
There is very significant role of Virtualization in cloud computing. The physical hardware in the cloud computing reside with the host machine and the virtualization software runs on it. The virtualization allows virtual machines to exist. The host machine shares its physical components such as memory, storage, and processor ultimately to handle the needs of the virtual machines. If an attacker effectively compromises one VM, it could outbreak others on the same host on the network over long periods of time. This is an gradually more popular method for cross-virtual-machine attacks, since traffic between VMs cannot be examined by standard IDS/IPS software programs. As we know that the cloud environment is distributed in nature and hence more susceptible to various types of intrusion attacks which include installing malicious software and generating backdoors. In a cloud environment, where organizations have hosted important and critical data, the security of underlying technologies becomes critical. To alleviate the hazard to cloud environments, Intrusion Detection Systems (IDS) are a cover of defense. In this paper, we are proposing an innovative model for Intrusion Detection System for securing Host machines in cloud infrastructure. This proposed IDS has two important features: (1) signature based and (2) prompt alert system.
2021-06-30
Gonçalves, Charles F., Menasche, Daniel S., Avritzer, Alberto, Antunes, Nuno, Vieira, Marco.  2020.  A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate. 2020 Mediterranean Communication and Computer Networking Conference (MedComNet). :1—8.
The complexity and ubiquity of modern computing systems is a fertile ground for anomalies, including security and privacy breaches. In this paper, we propose a new methodology that addresses the practical challenges to implement anomaly detection approaches. Specifically, it is challenging to define normal behavior comprehensively and to acquire data on anomalies in diverse cloud environments. To tackle those challenges, we focus on anomaly detection approaches based on system performance signatures. In particular, performance signatures have the potential of detecting zero-day attacks, as those approaches are based on detecting performance deviations and do not require detailed knowledge of attack history. The proposed methodology leverages an analytical performance model and experimentation, and allows to control the rate of false positives in a principled manner. The methodology is evaluated using the TPCx-V workload, which was profiled during a set of executions using resource exhaustion anomalies that emulate the effects of anomalies affecting system performance. The proposed approach was able to successfully detect the anomalies, with a low number of false positives (precision 90%-98%).
2021-09-21
Vurdelja, Igor, Blažić, Ivan, Bojić, Dragan, Drašković, Dražen.  2020.  A framework for automated dynamic malware analysis for Linux. 2020 28th Telecommunications Forum (℡FOR). :1–4.
Development of malware protection tools requires a more advanced test environment comparing to safe software. This kind of development includes a safe execution of many malware samples in order to evaluate the protective power of the tool. The host machine needs to be protected from the harmful effects of malware samples and provide a realistic simulation of the execution environment. In this paper, a framework for automated malware analysis on Linux is presented. Different types of malware analysis methods are discussed, as well as the properties of a good framework for dynamic malware analysis.
2021-08-31
Feng, Na, Yin, Qiangguo.  2020.  Research on Computer Software Engineering Database Programming Technology Based on Virtualization Cloud Platform. 2020 IEEE 3rd International Conference of Safe Production and Informatization (IICSPI). :696—699.
The most important advantage of database is that it can form an intensive management system and serve a large number of information users, which shows the importance of information security in network development. However, there are many problems in the current computer software engineering industry, which seriously hinder the development of computer software engineering, among which the most remarkable and prominent one is that the database programming technology is difficult to be effectively utilized. In this paper, virtualization technology is used to manage the underlying resources of data center with the application background of big data technology, and realize the virtualization of network resources, storage resources and computing resources. It can play a constructive role in the construction of data center, integrate traditional and old resources, realize the computing data center system through virtualization, distributed storage and resource scheduling, and realize the clustering and load balancing of non-relational databases.
2021-09-16
Grusho, A., Nikolaev, A., Piskovski, V., Sentchilo, V., Timonina, E..  2020.  Endpoint Cloud Terminal as an Approach to Secure the Use of an Enterprise Private Cloud. 2020 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC). :1–4.
Practical activities usually require the ability to simultaneously work with internal, distributed information resources and access to the Internet. The need to solve this problem necessitates the use of appropriate administrative and technical methods to protect information. Such methods relate to the idea of domain isolation. This paper considers the principles of implementation and properties of an "Endpoint Cloud Terminal" that is general-purpose software tool with built-in security instruments. This apparatus solves the problem by combining an arbitrary number of isolated and independent workplaces on one hardware unit, a personal computer.
2021-05-20
Heydari, Vahid.  2020.  A New Security Framework for Remote Patient Monitoring Devices. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—4.

Digital connectivity is fundamental to the health care system to deliver safe and effective care. However, insecure connectivity could be a major threat to patient safety and privacy (e.g., in August 2017, FDA recalled 465,000 pacemakers because of discovering security flaws). Although connecting a patient's pacemaker to the Internet has many advantages for monitoring the patient, this connectivity opens a new door for cyber-attackers to steal the patient data or even control the pacemaker or damage it. Therefore, patients are forced to choose between connectivity and security. This paper presents a framework for secure and private communications between wearable medical devices and patient monitoring systems. The primary objective of this research is twofold, first to identify and analyze the communication vulnerabilities, second, to develop a framework for combating unauthorized access to data through the compromising of computer security. Specifically, hiding targets from cyber-attackers could prevent our system from future cyber-attacks. This is the most effective way to stop cyber-attacks in their first step.

2021-04-09
Usman, S., Winarno, I., Sudarsono, A..  2020.  Implementation of SDN-based IDS to protect Virtualization Server against HTTP DoS attacks. 2020 International Electronics Symposium (IES). :195—198.
Virtualization and Software-defined Networking (SDN) are emerging technologies that play a major role in cloud computing. Cloud computing provides efficient utilization, high performance, and resource availability on demand. However, virtualization environments are vulnerable to various types of intrusion attacks that involve installing malicious software and denial of services (DoS) attacks. Utilizing SDN technology, makes the idea of SDN-based security applications attractive in the fight against DoS attacks. Network intrusion detection system (IDS) which is used to perform network traffic analysis as a detection system implemented on SDN networks to protect virtualization servers from HTTP DoS attacks. The experimental results show that SDN-based IDS is able to detect and mitigate HTTP DoS attacks effectively.
2020-04-10
Repetto, M., Carrega, A., Lamanna, G..  2019.  An architecture to manage security services for cloud applications. 2019 4th International Conference on Computing, Communications and Security (ICCCS). :1—8.
The uptake of virtualization and cloud technologies has pushed novel development and operation models for the software, bringing more agility and automation. Unfortunately, cyber-security paradigms have not evolved at the same pace and are not yet able to effectively tackle the progressive disappearing of a sharp security perimeter. In this paper, we describe a novel cyber-security architecture for cloud-based distributed applications and network services. We propose a security orchestrator that controls pervasive, lightweight, and programmable security hooks embedded in the virtual functions that compose the cloud application, pursuing better visibility and more automation in this domain. Our approach improves existing management practice for service orchestration, by decoupling the management of the business logic from that of security. We also describe the current implementation stage for a programmable monitoring, inspection, and enforcement framework, which represents the ground technology for the realization of the whole architecture.
2020-07-27
Xu, Shuiling, Ji, Xinsheng, Liu, Wenyan.  2019.  Enhancing the Reliability of NFV with Heterogeneous Backup. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :923–927.
Virtual network function provides tenant with flexible and scalable end-to-end service chaining in the cloud computing and data center environments. However, comparing with traditional hardware network devices, the uncertainty caused by software and virtualization of Network Function Virtualization expands the attack surface, making the network node vulnerable to a certain types of attacks. The existing approaches for solving the problem of reliability are able to reduce the impact of failure of physical devices, but pay little attention to the attack scenario, which could be persistent and covert. In this paper, a heterogeneous backup strategy is brought up, enhancing the intrusion tolerance of NFV SFC by dynamically switching the VNF executor. The validity of the method is verified by simulation and game theory analysis.
2020-03-16
Molyakov, Andrey.  2019.  New security descriptor computing algorithm of Supercomputers. 2019 Third World Conference on Smart Trends in Systems Security and Sustainablity (WorldS4). :349–350.
The author describes computing algorithm based on new scientific definition - “The resulting convolution, which takes into account changes in the significant bits of variables of the Zhegalkin polynomial, is a superposition of hash function calculations for the i-th process”.
2020-04-17
Yang, Zihan, Mi, Zeyu, Xia, Yubin.  2019.  Undertow: An Intra-Kernel Isolation Mechanism for Hardware-Assisted Virtual Machines. 2019 IEEE International Conference on Service-Oriented System Engineering (SOSE). :257—2575.
The prevalence of Cloud Computing has appealed many users to put their business into low-cost and flexible cloud servers instead of bare-metal machines. Most virtual machines in the cloud run commodity operating system(e.g., linux), and the complexity of such operating systems makes them more bug-prone and easier to be compromised. To mitigate the security threats, previous works attempt to mediate and filter system calls, transform all unpopular paths into popular paths, or implement a nested kernel along with the untrusted outter kernel to enforce certain security policies. However, such solutions only enforce read-only protection or assume that popular paths in the kernel to contain almost no bug, which is not always the case in the real world. To overcome their shortcomings and combine their advantages as much as possible, we propose a hardware-assisted isolation mechanism that isolates untrusted part of the kernel. To achieve isolation, we prepare multiple restricted Extended Page Table (EPT) during boot time, each of which has certain critical data unmapped from it so that the code executing in the isolated environment could not access sensitive data. We leverage the VMFUNC instruction already available in recent Intel processors to directly switch to another pre-defined EPT inside guest virtual machine without trapping into the underlying hypervisor, which is faster than the traditional trap-and-emulate procedure. The semantic gap is minimized and real-time check is achieved by allowing EPT violations to be converted to Virtualization Exception (VE), which could be handled inside guest kernel in non-root mode. Our preliminary evaluation shows that with hardware virtualization feature, we are able to run the untrusted code in an isolated environment with negligible overhead.
2020-03-27
Abedin, Zain Ul, Guan, Zhitao, Arif, Asad Ullah, Anwar, Usman.  2019.  An Advance Cryptographic Solutions in Cloud Computing Security. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1–6.

Cryptographically cloud computing may be an innovative safe cloud computing design. Cloud computing may be a huge size dispersed computing model that ambitious by the economy of the level. It integrates a group of inattentive virtualized animatedly scalable and managed possessions like computing control storage space platform and services. External end users will approach to resources over the net victimization fatal particularly mobile terminals, Cloud's architecture structures are advances in on-demand new trends. That are the belongings are animatedly assigned to a user per his request and hand over when the task is finished. So, this paper projected biometric coding to boost the confidentiality in Cloud computing for biometric knowledge. Also, this paper mentioned virtualization for Cloud computing also as statistics coding. Indeed, this paper overviewed the safety weaknesses of Cloud computing and the way biometric coding will improve the confidentiality in Cloud computing atmosphere. Excluding this confidentiality is increased in Cloud computing by victimization biometric coding for biometric knowledge. The novel approach of biometric coding is to reinforce the biometric knowledge confidentiality in Cloud computing. Implementation of identification mechanism can take the security of information and access management in the cloud to a higher level. This section discusses, however, a projected statistics system with relation to alternative recognition systems to date is a lot of advantageous and result oriented as a result of it does not work on presumptions: it's distinctive and provides quick and contact less authentication. Thus, this paper reviews the new discipline techniques accustomed to defend methodology encrypted info in passing remote cloud storage.

2020-01-21
Caprolu, Maurantonio, Di Pietro, Roberto, Lombardi, Flavio, Raponi, Simone.  2019.  Edge Computing Perspectives: Architectures, Technologies, and Open Security Issues. 2019 IEEE International Conference on Edge Computing (EDGE). :116–123.

Edge and Fog Computing will be increasingly pervasive in the years to come due to the benefits they bring in many specific use-case scenarios over traditional Cloud Computing. Nevertheless, the security concerns Fog and Edge Computing bring in have not been fully considered and addressed so far, especially when considering the underlying technologies (e.g. virtualization) instrumental to reap the benefits of the adoption of the Edge paradigm. In particular, these virtualization technologies (i.e. Containers, Real Time Operating Systems, and Unikernels), are far from being adequately resilient and secure. Aiming at shedding some light on current technology limitations, and providing hints on future research security issues and technology development, in this paper we introduce the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios. Finally, we provide a discussion on the current security issues in the introduced context, and strive to outline future research directions in both security and technology development in a number of Edge/Fog scenarios.

2020-04-17
You, Ruibang, Yuan, Zimu, Tu, Bibo, Cheng, Jie.  2019.  HP-SDDAN: High-Performance Software-Defined Data Access Network. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :849—856.

Recently, data protection has become increasingly important in cloud environments. The cloud platform has global user information, rich storage resource allocation information, and a fuller understanding of data attributes. At the same time, there is an urgent need for data access control to provide data security, and software-defined network, as a ready-made facility, has a global network view, global network management capabilities, and programable network rules. In this paper, we present an approach, named High-Performance Software-Defined Data Access Network (HP-SDDAN), providing software-defined data access network architecture, global data attribute management and attribute-based data access network. HP-SDDAN combines the excellent features of cloud platform and software-defined network, and fully considers the performance to implement software-defined data access network. In evaluation, we verify the effectiveness and efficiency of HP-SDDAN implementation, with only 1.46% overhead to achieve attribute-based data access control of attribute-based differential privacy.

Tian, Donghai, Ma, Rui, Jia, Xiaoqi, Hu, Changzhen.  2019.  A Kernel Rootkit Detection Approach Based on Virtualization and Machine Learning. IEEE Access. 7:91657—91666.

OS kernel is the core part of the operating system, and it plays an important role for OS resource management. A popular way to compromise OS kernel is through a kernel rootkit (i.e., malicious kernel module). Once a rootkit is loaded into the kernel space, it can carry out arbitrary malicious operations with high privilege. To defeat kernel rootkits, many approaches have been proposed in the past few years. However, existing methods suffer from some limitations: 1) most methods focus on user-mode rootkit detection; 2) some methods are limited to detect obfuscated kernel modules; and 3) some methods introduce significant performance overhead. To address these problems, we propose VKRD, a kernel rootkit detection system based on the hardware assisted virtualization technology. Compared with previous methods, VKRD can provide a transparent and an efficient execution environment for the target kernel module to reveal its run-time behavior. To select the important run-time features for training our detection models, we utilize the TF-IDF method. By combining the hardware assisted virtualization and machine learning techniques, our kernel rootkit detection solution could be potentially applied in the cloud environment. The experiments show that our system can detect windows kernel rootkits with high accuracy and moderate performance cost.

2020-11-02
Aman, W., Khan, F..  2019.  Ontology-based Dynamic and Context-aware Security Assessment Automation for Critical Applications. 2019 IEEE 8th Global Conference on Consumer Electronics (GCCE). :644–647.

Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.

2020-02-18
Lin, Gengshen, Dong, Mianxiong, Ota, Kaoru, Li, Jianhua, Yang, Wu, Wu, Jun.  2019.  Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.

Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

2020-04-17
Liu, Sihang, Wei, Yizhou, Chi, Jianfeng, Shezan, Faysal Hossain, Tian, Yuan.  2019.  Side Channel Attacks in Computation Offloading Systems with GPU Virtualization. 2019 IEEE Security and Privacy Workshops (SPW). :156—161.

The Internet of Things (IoT) and mobile systems nowadays are required to perform more intensive computation, such as facial detection, image recognition and even remote gaming, etc. Due to the limited computation performance and power budget, it is sometimes impossible to perform these workloads locally. As high-performance GPUs become more common in the cloud, offloading the computation to the cloud becomes a possible choice. However, due to the fact that offloaded workloads from different devices (belonging to different users) are being computed in the same cloud, security concerns arise. Side channel attacks on GPU systems have been widely studied, where the threat model is the attacker and the victim are running on the same operating system. Recently, major GPU vendors have provided hardware and library support to virtualize GPUs for better isolation among users. This work studies the side channel attacks from one virtual machine to another where both share the same physical GPU. We show that it is possible to infer other user's activities in this setup and can further steal others deep learning model.

2020-02-18
Yu, Bong-yeol, Yang, Gyeongsik, Jin, Heesang, Yoo, Chuck.  2019.  White Visor: Support of White-Box Switch in SDN-Based Network Hypervisor. 2019 International Conference on Information Networking (ICOIN). :242–247.

Network virtualization is a fundamental technology for datacenters and upcoming wireless communications (e.g., 5G). It takes advantage of software-defined networking (SDN) that provides efficient network management by converting networking fabrics into SDN-capable devices. Moreover, white-box switches, which provide flexible and fast packet processing, are broadly deployed in commercial datacenters. A white-box switch requires a specific and restricted packet processing pipeline; however, to date, there has been no SDN-based network hypervisor that can support the pipeline of white-box switches. Therefore, in this paper, we propose WhiteVisor: a network hypervisor which can support the physical network composed of white-box switches. WhiteVisor converts a flow rule from the virtual network into a packet processing pipeline compatible with the white-box switch. We implement the prototype herein and show its feasibility and effectiveness with pipeline conversion and overhead.

2020-03-27
Liu, Wenqing, Zhang, Kun, Tu, Bibo, Lin, Kunli.  2019.  HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :981–988.

In monolithic operating system (OS), any error of system software can be exploit to destroy the whole system. The situation becomes much more severe in cloud environment, when the kernel and the hypervisor share the same address space. The security of guest Virtual Machines (VMs), both sensitive data and vital code, can no longer be guaranteed, once the hypervisor is compromised. Therefore, it is essential to deploy some security approaches to secure VMs, regardless of the hypervisor is safe or not. Some approaches propose microhypervisor reducing attack surface, or a new software requiring a higher privilege level than hypervisor. In this paper, we propose a novel approach, named HyperPS, which separates the fundamental and crucial privilege into a new trusted environment in order to monitor hypervisor. A pivotal condition for HyperPS is that hypervisor must not be allowed to manipulate any security-sensitive system resources, such as page tables, system control registers, interaction between VM and hypervisor as well as VM memory mapping. Besides, HyperPS proposes a trusted environment which does not rely on any higher privilege than the hypervisor. We have implemented a prototype for KVM hypervisor on x86 platform with multiple VMs running Linux. KVM with HyperPS can be applied to current commercial cloud computing industry with portability. The security analysis shows that this approach can provide effective monitoring against attacks, and the performance evaluation confirms the efficiency of HyperPS.

2020-11-30
Hilt, V., Sparks, K..  2019.  Future edge clouds. Bell Labs Technical Journal. 24:1–17.
Widespread deployment of centralized clouds has changed the way internet services are developed, deployed and operated. Centralized clouds have substantially extended the market opportunities for online services, enabled new entities to create and operate internet-scale services, and changed the way traditional companies run their operations. However, there are types of services that are unsuitable for today's centralized clouds such as highly interactive virtual and augmented reality (VR/AR) applications, high-resolution gaming, virtualized RAN, mass IoT data processing and industrial robot control. They can be broadly categorized as either latency-sensitive network functions, latency-sensitive applications, and/or high-bandwidth services. What these basic functions have in common is the need for a more distributed cloud infrastructure—an infrastructure we call edge clouds. In this paper, we examine the evolution of clouds, and edge clouds especially, and look at the developing market for edge clouds and what developments are required in networking, hardware and software to support them.
2020-07-16
Zhang, Shisheng, Wang, Chencheng, Wang, Qishu.  2019.  Research on Time Concealed Channel Technology of Cloud Computing Platform Based on Shared Memory. 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 1:904—909.

Security issues severely restrict the development and popularization of cloud computing. As a way of data leakage, covert channel greatly threatens the security of cloud platform. This paper introduces the types and research status of covert channels, and discusses the classical detection and interference methods of time-covert channels on cloud platforms for shared memory time covert channels.

2020-03-09
Khan, Iqra, Durad, Hanif, Alam, Masoom.  2019.  Data Analytics Layer For high-interaction Honeypots. 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :681–686.

Security of VMs is now becoming a hot topic due to their outsourcing in cloud computing paradigm. All VMs present on the network are connected to each other, making exploited VMs danger to other VMs. and threats to organization. Rejuvenation of virtualization brought the emergence of hyper-visor based security services like VMI (Virtual machine introspection). As there is a greater chance for any intrusion detection system running on the same system, of being dis-abled by the malware or attacker. Monitoring of VMs using VMI, is one of the most researched and accepted technique, that is used to ensure computer systems security mostly in the paradigm of cloud computing. This thesis presents a work that is to integrate LibVMI with Volatility on a KVM, a Linux based hypervisor, to introspect memory of VMs. Both of these tools are used to monitor the state of live VMs. VMI capability of monitoring VMs is combined with the malware analysis and virtual honeypots to achieve the objective of this project. A testing environment is deployed, where a network of VMs is used to be introspected using Volatility plug-ins. Time execution of each plug-in executed on live VMs is calculated to observe the performance of Volatility plug-ins. All these VMs are deployed as Virtual Honeypots having honey-pots configured on them, which is used as a detection mechanism to trigger alerts when some malware attack the VMs. Using STIX (Structure Threat Information Expression), extracted IOCs are converted into the understandable, flexible, structured and shareable format.