Visible to the public Hypervisor-based cloud intrusion detection system

TitleHypervisor-based cloud intrusion detection system
Publication TypeConference Paper
Year of Publication2014
AuthorsNikolai, J., Yong Wang
Conference NameComputing, Networking and Communications (ICNC), 2014 International Conference on
Date PublishedFeb
Keywordsblock device read requests, block device write requests, cloud computing, cloud computing resources, cloud features, Computer crime, computer network security, CPU utilization, hypervisor, hypervisor performance metrics, hypervisor-based cloud intrusion detection system, Intrusion detection, intrusion detection security, Measurement, multitenancy, operating system, packet transmission, received packets, shared resource utilization, software architecture, software metrics, Virtual machine monitors, virtual machine performance metrics, virtual machines, Virtual machining, virtualisation, virtualization, virtualization technology

Shared resources are an essential part of cloud computing. Virtualization and multi-tenancy provide a number of advantages for increasing resource utilization and for providing on demand elasticity. However, these cloud features also raise many security concerns related to cloud computing resources. In this paper, we propose an architecture and approach for leveraging the virtualization technology at the core of cloud computing to perform intrusion detection security using hypervisor performance metrics. Through the use of virtual machine performance metrics gathered from hypervisors, such as packets transmitted/received, block device read/write requests, and CPU utilization, we demonstrate and verify that suspicious activities can be profiled without detailed knowledge of the operating system running within the virtual machines. The proposed hypervisor-based cloud intrusion detection system does not require additional software installed in virtual machines and has many advantages compared to host-based and network based intrusion detection systems which can complement these traditional approaches to intrusion detection.

Citation Key6785472