Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Study of Danger-Theory-Based Intrusion Detection Technology in Virtual Machines of Cloud Computing Environment

  • Zhang, Ruirui (School of Business, Sichuan Agricultural University) ;
  • Xiao, Xin (School of Computer Science, Southwest Minzu University)
  • Received : 2017.03.20
  • Accepted : 2017.06.23
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

In existing cloud services, information security and privacy concerns have been worried, and have become one of the major factors that hinder the popularization and promotion of cloud computing. As the cloud computing infrastructure, the security of virtual machine systems is very important. This paper presents an immune-inspired intrusion detection model in virtual machines of cloud computing environment, denoted I-VMIDS, to ensure the safety of user-level applications in client virtual machines. The model extracts system call sequences of programs, abstracts them into antigens, fuses environmental information of client virtual machines into danger signals, and implements intrusion detection by immune mechanisms. The model is capable of detecting attacks on processes which are statically tampered, and is able to detect attacks on processes which are dynamically running. Therefore, the model supports high real time. During the detection process, the model introduces information monitoring mechanism to supervise intrusion detection program, which ensures the authenticity of the test data. Experimental results show that the model does not bring much spending to the virtual machine system, and achieves good detection performance. It is feasible to apply I-VMIDS to the cloud computing platform.

Keywords

E1JBB0_2018_v14n1_239_f0001.png 이미지

Fig. 1. Xen virtual machine system.

E1JBB0_2018_v14n1_239_f0002.png 이미지

Fig. 2. Processes of antibody evolving and antigen testing.

E1JBB0_2018_v14n1_239_f0003.png 이미지

Fig. 3. Structure of the intrusion detection model.

E1JBB0_2018_v14n1_239_f0004.png 이미지

Fig. 4. Testing of parallel programs.

Table 1. The algorithm of reverse cloud generator

E1JBB0_2018_v14n1_239_t0001.png 이미지

Table 2. Illustrations of tested parallel programs

E1JBB0_2018_v14n1_239_t0002.png 이미지

Table 3. Comparisons of I-VMIDS, HookSafe, and Sherlock

E1JBB0_2018_v14n1_239_t0003.png 이미지

References

  1. Z. Y. Qin, R. S. Shen, Q. F. Zhang, and Y. X. Di, "Survey on virtual machine system security," Application Research of Computers, vol. 29, no. 5, pp. 1618-1622, 2012.
  2. L. M. Cao and F. Y. Zhao, "Security detection of virtual machine process in private cloud platform," Application Research of Computers, vol. 30, no. 5, pp. 1495-1499, 2013.
  3. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, 2003, pp. 164-177.
  4. D. Chisnall, The Definitive Guide to the Xen Hypervisor. Upper Saddle River, NJ: Prentice-Hall, 2007.
  5. P. Matzinger, "The danger model: a renewed sense of self," Science, vol. 296, no. 5566, pp. 301-305, 2002. https://doi.org/10.1126/science.1071059
  6. A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel, "Accountable virtual machines," in Proceedings of 9th USENIX Symposium on Operating Systems Design and Implementation, Vancouver, Canada, 2010, pp. 119-134.
  7. B. D. Payne, M. Carbone, M. Sharif, and W. Lee, "Lares: an architecture for secure active monitoring using virtualization," in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 233-247.
  8. M. Sharif, W. Lee, W. Cui, and A. Lanzi, "Secure in-VM monitoring using hardware virtualization," in Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, 2009, pp. 477-487.
  9. Z. Wang, X. Jiang, W. Cui, and P. Ning, "Countering kernel rootkits with lightweight hook protection," in Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, 2009, pp. 545-554.
  10. O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel, "Ensuring operating system kernel integrity with OSck," in Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems, New Beach, CA, 2011, pp. 279-290.
  11. A. Baliga, V. Ganapathy, and L. Iftode, "Detecting kernel-level rootkits using data structure invariants," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 670-684, 2011. https://doi.org/10.1109/TDSC.2010.38
  12. S. Bharadwaja, W. Q. Sun, M. Niamat, and F. Shen, "Collabra: a Xen hypervisor based collaborative intrusion detection system," in Proceedings of the 8th International Conference on Information Technology: New Generations, Toledo, OH, 2011, pp. 695-700.
  13. A. Srivastava, A. Lanzi, J. Giffin, and D. Balzarotti, "Operating system interface obfuscation and the revealing of hidden operations," in Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Amsterdam, the Netherlands, 2011, pp. 214-233.
  14. J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, IL, 2011, pp. 401-412.
  15. H. Benzina and J. Goubault-Larrecq, "Some ideas on virtualized system security, and monitors," in Proceedings of the 5th International Workshop on Data Privacy Management, Athens, Greece, 2010, pp. 244-258.
  16. L. Wang, H. Gao, W. Liu, and P. Yang, "Detecting and managing hidden process via hypervisor," Journal of Computer Research and Development, vol. 48, no. 8, pp. 1534-1541, 2011.
  17. D. Fang, H. Zhang, Z. Tang, and X. Chen, "DAS-VMP: a virtual machine-based software protection method for defending against semantic attacks," Journal of Sichuan University (Engineering Science Edition), vol. 49, no. 1, pp. 159-168, 2017.
  18. X. Liang, X. L. Gui, H. J. Dai, and C. Zhang, "Cross-VM cache side channel attacks in cloud: a survey," Chinese Journal of Computers, vol. 40, no. 2, pp. 317-336, 2017.
  19. M. Zhu, B. B. Tu, and D. Meng, "The security research of virtualization software stack," Chinese Journal of Computers, vol. 40, no. 2, pp. 481-504, 2017.
  20. S. Forrest, A. S. Perelason, L. Allen, and R. Cherukuri, "Self-nonself discrimination in a computer," in Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1994, pp. 202-212.
  21. X. Tian, L. Gao, C. Sun, and A. Zhang, "Anomaly Detection of Program Behaviors Based on System Calls and Homogeneous Markov Chain Models", Journal of Computer Research & Development, vol. 44, no. 9, 2007, pp. 1538-1544. https://doi.org/10.1360/crad20070912
  22. D. Y. Li, C. Y. Liu, Y. Du, and X. Han, "Artificial intelligence with uncertainty," Journal of Software, vol. 15, no. 11, pp. 1583-1594, 2004.
  23. S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta, "The SPLASH-2 programs: characterization and methodological considerations," in Proceedings of the 22nd Annual International Symposium on Computer Architecture, S. Margherita Ligure, Italy, 1995, pp. 24-36.
  24. J. P. Singh, W. D. Weber, and A. Gupta, "SPLASH: Stanford parallel applications for shared-memory," ACM SIGARCH Computer Architecture News, vol. 20, no. 1, pp. 5-44, 1992. https://doi.org/10.1145/130823.130824