Browse > Article
http://dx.doi.org/10.3745/JIPS.03.0089

Study of Danger-Theory-Based Intrusion Detection Technology in Virtual Machines of Cloud Computing Environment  

Zhang, Ruirui (School of Business, Sichuan Agricultural University)
Xiao, Xin (School of Computer Science, Southwest Minzu University)
Publication Information
Journal of Information Processing Systems / v.14, no.1, 2018 , pp. 239-251 More about this Journal
Abstract
In existing cloud services, information security and privacy concerns have been worried, and have become one of the major factors that hinder the popularization and promotion of cloud computing. As the cloud computing infrastructure, the security of virtual machine systems is very important. This paper presents an immune-inspired intrusion detection model in virtual machines of cloud computing environment, denoted I-VMIDS, to ensure the safety of user-level applications in client virtual machines. The model extracts system call sequences of programs, abstracts them into antigens, fuses environmental information of client virtual machines into danger signals, and implements intrusion detection by immune mechanisms. The model is capable of detecting attacks on processes which are statically tampered, and is able to detect attacks on processes which are dynamically running. Therefore, the model supports high real time. During the detection process, the model introduces information monitoring mechanism to supervise intrusion detection program, which ensures the authenticity of the test data. Experimental results show that the model does not bring much spending to the virtual machine system, and achieves good detection performance. It is feasible to apply I-VMIDS to the cloud computing platform.
Keywords
Artificial Immune; Cloud Computing; Danger Theory; Intrusion Detection; Virtual Machine;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Z. Y. Qin, R. S. Shen, Q. F. Zhang, and Y. X. Di, "Survey on virtual machine system security," Application Research of Computers, vol. 29, no. 5, pp. 1618-1622, 2012.
2 L. M. Cao and F. Y. Zhao, "Security detection of virtual machine process in private cloud platform," Application Research of Computers, vol. 30, no. 5, pp. 1495-1499, 2013.
3 P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, 2003, pp. 164-177.
4 D. Chisnall, The Definitive Guide to the Xen Hypervisor. Upper Saddle River, NJ: Prentice-Hall, 2007.
5 P. Matzinger, "The danger model: a renewed sense of self," Science, vol. 296, no. 5566, pp. 301-305, 2002.   DOI
6 A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel, "Accountable virtual machines," in Proceedings of 9th USENIX Symposium on Operating Systems Design and Implementation, Vancouver, Canada, 2010, pp. 119-134.
7 B. D. Payne, M. Carbone, M. Sharif, and W. Lee, "Lares: an architecture for secure active monitoring using virtualization," in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 2008, pp. 233-247.
8 M. Sharif, W. Lee, W. Cui, and A. Lanzi, "Secure in-VM monitoring using hardware virtualization," in Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, 2009, pp. 477-487.
9 Z. Wang, X. Jiang, W. Cui, and P. Ning, "Countering kernel rootkits with lightweight hook protection," in Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, 2009, pp. 545-554.
10 O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel, "Ensuring operating system kernel integrity with OSck," in Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems, New Beach, CA, 2011, pp. 279-290.
11 A. Baliga, V. Ganapathy, and L. Iftode, "Detecting kernel-level rootkits using data structure invariants," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 670-684, 2011.   DOI
12 S. Bharadwaja, W. Q. Sun, M. Niamat, and F. Shen, "Collabra: a Xen hypervisor based collaborative intrusion detection system," in Proceedings of the 8th International Conference on Information Technology: New Generations, Toledo, OH, 2011, pp. 695-700.
13 A. Srivastava, A. Lanzi, J. Giffin, and D. Balzarotti, "Operating system interface obfuscation and the revealing of hidden operations," in Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Amsterdam, the Netherlands, 2011, pp. 214-233.
14 J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, IL, 2011, pp. 401-412.
15 H. Benzina and J. Goubault-Larrecq, "Some ideas on virtualized system security, and monitors," in Proceedings of the 5th International Workshop on Data Privacy Management, Athens, Greece, 2010, pp. 244-258.
16 L. Wang, H. Gao, W. Liu, and P. Yang, "Detecting and managing hidden process via hypervisor," Journal of Computer Research and Development, vol. 48, no. 8, pp. 1534-1541, 2011.
17 S. Forrest, A. S. Perelason, L. Allen, and R. Cherukuri, "Self-nonself discrimination in a computer," in Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1994, pp. 202-212.
18 D. Fang, H. Zhang, Z. Tang, and X. Chen, "DAS-VMP: a virtual machine-based software protection method for defending against semantic attacks," Journal of Sichuan University (Engineering Science Edition), vol. 49, no. 1, pp. 159-168, 2017.
19 X. Liang, X. L. Gui, H. J. Dai, and C. Zhang, "Cross-VM cache side channel attacks in cloud: a survey," Chinese Journal of Computers, vol. 40, no. 2, pp. 317-336, 2017.
20 M. Zhu, B. B. Tu, and D. Meng, "The security research of virtualization software stack," Chinese Journal of Computers, vol. 40, no. 2, pp. 481-504, 2017.
21 X. Tian, L. Gao, C. Sun, and A. Zhang, "Anomaly Detection of Program Behaviors Based on System Calls and Homogeneous Markov Chain Models", Journal of Computer Research & Development, vol. 44, no. 9, 2007, pp. 1538-1544.   DOI
22 D. Y. Li, C. Y. Liu, Y. Du, and X. Han, "Artificial intelligence with uncertainty," Journal of Software, vol. 15, no. 11, pp. 1583-1594, 2004.
23 S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta, "The SPLASH-2 programs: characterization and methodological considerations," in Proceedings of the 22nd Annual International Symposium on Computer Architecture, S. Margherita Ligure, Italy, 1995, pp. 24-36.
24 J. P. Singh, W. D. Weber, and A. Gupta, "SPLASH: Stanford parallel applications for shared-memory," ACM SIGARCH Computer Architecture News, vol. 20, no. 1, pp. 5-44, 1992.   DOI