Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations

Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013

Volumn , Issue , 2013, Pages 21-30

  Chung, Chun Jen ^a   Cui, Jingsong ^b   Khatkar, Pankaj ^a   Huang, Dijiang ^a  

^a ARIZONA STATE UNIVERSITY   (United States)

^b WUHAN UNIVERSITY   (China)

Author keywords

Attack Graph; Countermeasure Selection; Intrusion Detection; Software Defined Networking; Virtual Machine Introspection

Indexed keywords

ATTACK GRAPH; COUNTERMEASURE SELECTION; HYBRID INTRUSION DETECTION; SECURITY EVALUATION; SECURITY STRUCTURES; SOFTWARE-DEFINED NETWORKINGS; VIRTUAL MACHINE INTROSPECTION; VIRTUALIZED ENVIRONMENT;

VIRTUAL REALITY;

INTRUSION DETECTION;

EID: 84893525019     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.4108/icst.collaboratecom.2013.254107     Document Type: Conference Paper

References (32)

1. W. Jansen, "Cloud hooks: Security and privacy issues in cloud computing," in 2011 44th Hawaii International Conference on System Sciences (HICSS), Jan. 2011, pp. 1-10.
2. H. Qian and D. Medhi, "Server operational cost optimization for cloud computing service providers over a time horizon," in Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services, ser. HotICE'11, 2011.
3. T. Garfinkel and M. Rosenblum, "A virtual machine introspection based architecture for intrusion detection," in Proc. of the 10th Annual Network and Distributed Systems Security Symposium, 2003.
4. X. Jiang, X. Wang, and D. Xu, "Stealthy malware detection and monitoring through VMM-based "out-of-the-box" semantic view reconstruction," ACM Transaction on Information and System Securirty, vol. 13, no. 2, pp. 12:1-12:28, Mar. 2010.
5. X. Jiang and X. Wang, "Out-of-the-Box monitoring of VM-Based high-interaction honeypots," in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, C. Kruegel, R. Lippmann, and A. Clark, Eds. Springer Berlin Heidelberg, Jan. 2007, no. 4637, pp. 198-218.
6. C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang, "NICE: network intrusion detection and countermeasure selection in virtual network systems," IEEE Transactions on Dependable and Secure Computing, vol. 10, no. 4, pp. 198-211, Jul. 2013.
7. "Citrix XenServer." [Online]. Available: http://www.citrix.com/ xenserver
8. "VMware NSX Network Virualization." [Online]. Available: http://www.vmware.com/products/nsx/
9. P. Salvador, A. Nogueira, U. Franca, and R. Valadas, "Framework for zombie detection using neural networks," in Fourth International Conference on Internet Monitoring and Protection, 2009. ICIMP '09, 2009, pp. 14-20.
10. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, "Antfarm: Tracking processes in a virtual machine environment," in Proceedings of the USENIX Annual Technical Conference, 2006, pp. 1-4.
11. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, "VMM-based hidden process detection and identification using lycosid," in Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, ser. VEE '08. New York, NY, USA: ACM, 2008, pp. 91-100.
12. C. Benninger, S. Neville, Y. Yazir, C. Matthews, and Y. Coady, "Maitland: Lighter-weight VM introspection to support cyber-security in the cloud," in 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), Jun. 2012, pp. 471-478.
13. D. Srinivasan, Z. Wang, X. Jiang, and D. Xu, "Process out-grafting: an efficient "out-of-VM" approach for fine-grained process execution monitoring," in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS '11. New York, NY, USA: ACM, 2011, pp. 363-374.
14. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, "Automated generation and analysis of attack graphs," in 2002 IEEE Symposium on Security and Privacy, 2002. Proceedings. IEEE, 2002, pp. 273-284.
15. O. M. Sheyner, "Scenario graphs and attack graphs," Ph.D. dissertation, Carnegie Mellon University, 2004.
16. P. Ammann, D. Wijesekera, and S. Kaushik, "Scalable, graph-based network vulnerability analysis," in Proceedings of the 9th ACM conference on Computer and communications security, ser. CCS '02. New York, NY, USA: ACM, 2002, pp. 217-224.
17. S. Jajodia, "Topological analysis of network attack vulnerability," in Proceedings of the 2nd ACM symposium on Information, computer and communications security, ser. ASIACCS '07. New York, NY, USA: ACM, 2007, pp. 2-2.
18. X. Ou, S. Govindavajhala, and A. W. Appel, "MulVAL: a logic-based network security analyzer," in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14. Berkeley, CA, USA: USENIX Association, 2005, pp. 8-8.
19. H. Qian, D. Medhi, and T. Trivedi, "A hierarchical model to evaluate quality of experience of online services hosted by cloud computing," in 2011 IFIP/IEEE International Symposium on Integrated Network Management (IM), 2011, pp. 105-112.
20. X. Ou, W. F. Boyer, and M. A. McQueen, "A scalable approach to attack graph generation," in Proceedings of the 13th ACM conference on Computer and communications security, ser. CCS '06. New York, NY, USA: ACM, 2006, pp. 336-345.
21. "Kernel based Virtual Machine (KVM)." [Online]. Available: http://www.linux-kvm.org/
22. "OpenFlow project," http://openflow.org/. [Online]. Available: http://openflow.org/
23. "Open vSwitch project," http://openvswitch.org/. [Online]. Available: http://openvswitch.org/
24. "Open source vulnerability database (OVSDB)," http://osvdb.org/.
25. Mitre Corporation, "Common vulnerabilities and exposures, CVE," http://cve.mitre.org/.
26. NIST, "National vulnerability database, NVD," http://nvd.nist.gov.
27. L. Wang, A. Liu, and S. Jajodia, "Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts," Computer Communications, vol. 29, no. 15, pp. 2917-2933, Sep. 2006.
28. S. Roschke, F. Cheng, and C. Meinel, "A new alert correlation algorithm based on attack graph," in Computational Intelligence in Security for Information Systems, ser. Lecture Notes in Computer Science. Springer, 2011, vol. 6694, pp. 58-67.
29. S. Roschke, F. Cheng, and C. Meinel, "A flexible and efficient alert correlation platform for distributed IDS," in 2010 4th International Conference on Network and System Security (NSS). IEEE, Sep. 2010, pp. 24-31.
30. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69-74, Mar. 2008.
31. "Volatility." [Online]. Available: https://code.google.com/ volatility/
32. "Unixbench - a Unix benchmark suite." [Online]. Available: http://www.tux.org/pub/tux/niemi/unixbench/