ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
VMFence: a customized intrusion prevention system in distributed virtual computing environment
Full text PdfPdf (887 KB)
Source Conference On Ubiquitous Information Management And Communication archive
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication table of contents
Suwon, Korea
SESSION: Systems and applicataions III table of contents
Pages 391-399  
Year of Publication: 2009
ISBN:978-1-60558-405-8
Authors
Hai Jin  Huazhong University of Science and Technology, Wuhan, China
Guofu Xiang  Huazhong University of Science and Technology, Wuhan, China
Feng Zhao  Huazhong University of Science and Technology, Wuhan, China
Deqing Zou  Huazhong University of Science and Technology, Wuhan, China
Min Li  Huazhong University of Science and Technology, Wuhan, China
Lei Shi  Huazhong University of Science and Technology, Wuhan, China
Sponsor
SIGKDD: ACM Special Interest Group on Knowledge Discovery in Data
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 29,   Downloads (12 Months): 95,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1516241.1516310
What is a DOI?

ABSTRACT

Intrusion Prevention System (IPS) has been an effective tool to detect and prevent unwanted attempts, which are mainly through network and system vulnerabilities, at accessing and manipulating computer systems. Intrusion detection and prevention are two main functions of IPS. As attacks are becoming massive and complex, the traditional centralized IPSes are incapable of detecting all those attempts. The existing distributed IPSes, mainly based on mobile agent, have some serious problems, such as weak security of mobile agents, response latency, large code size. In this paper, we propose a customized intrusion prevention system, VMFence, in distributed virtual computing environment to simplify the complexity of the management. In VMFence, the states of detection processes vary with those of Virtual Machines (VMs), which are described by Deterministic Finite Automata (DFA). The detection processes, each of which detects one virtual machine, reside in a privileged virtual machine. The processes run synchronously and outside of VMs in order to achieve high performance and security. The experimental results also show VMFence has higher detection efficiency than traditional intrusion detection systems and little impact on the performance of the monitored VMs.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Snapp, S. R., Brentano, J., Dias, G. V., Goan, T. L., Heberlein, L. T., Ho, C. L., Levitt, K. N., Mukherjee, B., Smaha, S. E., Grance, T., Teal, D. M., and Mansur, D. 1991. DIDS(distributed intrusion detection system)-motivation, architecture, and an early prototype. In Proceedings of the 14th National Computer Security Conference. Washington, USA, October 1991, 167--176.
 
2
Vongpradhip, S. and Plaimart, W. 2007. Survival architecture for distributed intrusion detection system (dIDS) using mobile agent. In Proceedings of the 6th International Symposium on Network Computing and Applications. Chicago, USA, July 2007, 332--338.
 
3
R. B. Machado , A. Boukerche , J. B. M. Sobral , K. R. L. Juca , M. S. M. A. Notare, A Hybrid Artificial Immune and Mobile Agent Intrusion Detection Based Model for Computer Network Operations, Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 6, p.191.1, April 04-08, 2005  [doi>10.1109/IPDPS.2005.33]
 
4
Jansen, W., Mell, P., Karygiannis, T., and Marks, D. 1999. Applying mobile agents to intrusion detection and response. Technical report, National Institute of Standards and Technology, October 1999.
 
5
Gelsinger, P. P. 2001. Microprocessors for the new millennium: challenges, opportunities, and new frontiers. In Proceedings of the 45th International Solid State Circuits Conference. San Francisco, USA, February 2001, 22--25.
 
6
Andrew Whitaker , Richard S. Cox , Marianne Shaw , Steven D. Gribble, Rethinking the Design of Virtual Machine Monitors, Computer, v.38 n.5, p.57-62, May 2005  [doi>10.1109/MC.2005.169]
 
7
James E. Smith , Ravi Nair, The Architecture of Virtual Machines, Computer, v.38 n.5, p.32-38, May 2005  [doi>10.1109/MC.2005.173]
 
8
Mendel Rosenblum , Tal Garfinkel, Virtual Machine Monitors: Current Technology and Future Trends, Computer, v.38 n.5, p.39-47, May 2005  [doi>10.1109/MC.2005.176]
 
9
Renato Figueiredo , Peter A. Dinda , Jose Fortes, Guest Editors' Introduction: Resource Virtualization Renaissance, Computer, v.38 n.5, p.28-31, May 2005  [doi>10.1109/MC.2005.159]
 
10
Neiger, G., Santoni, A., Leung, F., Rodgers, D., and Uhlig, R. 2006. Intel virtualization technology: hardware support for efficient processor virtualization. Intel Technology Journal, 10(3):167--177, August 2006.
 
11
Dorothy E. Denning, An Intrusion-Detection Model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, February 1987  [doi>10.1109/TSE.1987.232894]
12
George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen, ReVirt: enabling intrusion analysis through virtual-machine logging and replay, Proceedings of the 5th symposium on Operating systems design and implementation

Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading

, December 09-11, 2002, Boston, Massachusetts  [doi>10.1145/1060289.1060309]
 
13
Garfinkel, T. and Rosenblum, M. 2003. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the 10th Network and Distributed System Symposium. San Diego, USA, October 2003, 191--206.
 
14
Payne, B. D., Carbone, M., and Lee, W. 2007. Secure and flexible monitoring of virtual machines. In Proceedings of the 23rd Annual Computer Security Applications Conference. Seoul, Korea, December 2007, 385--397.
15
Ashlesha Joshi , Samuel T. King , George W. Dunlap , Peter M. Chen, Detecting past and present intrusions through vulnerability-specific predicates, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
 
16
Marcos Laureano , Carlos Maziero , Edgard Jamhour, Intrusion Detection in Virtual Machine Environments, Proceedings of the 30th EUROMICRO Conference, p.520-525, August 31-September 03, 2004  [doi>10.1109/EUROMICRO.2004.48]
 
17
Xiantao Zhang , Qi Li , Sihan Qing , Huanguo Zhang, VNIDA: Building an IDS Architecture Using VMM-Based Non-Intrusive Approach, Proceedings of the First International Workshop on Knowledge Discovery and Data Mining, p.594-600, January 23-24, 2008  [doi>10.1109/WKDD.2008.135]
18
Kenichi Kourai , Shigeru Chiba, HyperSpector: virtual distributed monitoring environments for secure intrusion detection, Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, June 11-12, 2005, Chicago, IL, USA  [doi>10.1145/1064979.1065006]
 
19
Tal Garfinkel , Mendel Rosenblum, When virtual is harder than real: security challenges in virtual machine based computing environments, Proceedings of the 10th conference on Hot Topics in Operating Systems, p.20-20, June 12-15, 2005, Santa Fe, NM
20
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
21
Bryan Clark , Todd Deshane , Eli Dow , Stephen Evanchik , Matthew Finlayson , Jason Herne , Jeanna Neefe Matthews, Xen and the art of repeated research, Proceedings of the annual conference on USENIX Annual Technical Conference, p.47-47, June 27-July 02, 2004, Boston, MA
 
22
David Chisnall, The definitive guide to the xen hypervisor, Prentice Hall Press, Upper Saddle River, NJ, 2007
23
Jorge Herrerías Guerrero , Roberto Gómez Cárdenas, An example of communication between security tools: iptables - snort, ACM SIGOPS Operating Systems Review, v.39 n.3, p.34-43, July 2005  [doi>10.1145/1075395.1075398]
 
24
Giorgos Vasiliadis , Spiros Antonatos , Michalis Polychronakis , Evangelos P. Markatos , Sotiris Ioannidis, Gnort: High Performance Network Intrusion Detection Using Graphics Processors, Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, September 15-17, 2008, Cambridge, MA, USA  [doi>10.1007/978-3-540-87403-4_7]
25
Sarang Dharmapurikar , John Lockwood, Fast and scalable pattern matching for content filtering, Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA  [doi>10.1145/1095890.1095916]
 
26
Paxson, V., Sommer, R., and Weaver, N. 2007. An architecture for exploiting multi-core processors to parallelize network intrusion prevention. In Proceedings of the 30th IEEE Sarnoff Symposium. Princeton, USA, May 2007, 1--7.
27
Zachary K. Baker , Viktor K. Prasanna, Time and area efficient pattern matching on FPGAs, Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays, February 22-24, 2004, Monterey, California, USA  [doi>10.1145/968280.968312]
 
28
Clark, C., Lee, W., Schimmel, D., Contis, D., Kone, M., and Thomas, A. 2004. A hardware platform for network intrusion detection and prevention. In Proceedings of the 3rd Workshop on Network Processors and Applications. Madrid, Spain, February 2004, 136--145.
 
29
Fang Yu , Randy H. Katz , T. V. Lakshman, Gigabit Rate Packet Pattern-Matching Using TCAM, Proceedings of the 12th IEEE International Conference on Network Protocols, p.174-183, October 05-08, 2004
 
30
Lippmann, R. P., Fried, D. J., Graf, I., Haines, J. W., Kendall, K. R., McClung, D., Weber, D., Webster, S. E., Wyschogrod, D., Cunningham, R. K., and Zissman, M. 1998. A. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In Proceedings of the DARPA Information Survivability Conference and Exposition. Los Alamitos, USA, January 2000, 12--16.
 
31
Ronald Perez , Leendert van Doorn , Reiner Sailer, Virtualization and Hardware-Based Security, IEEE Security and Privacy, v.6 n.5, p.24-31, September 2008  [doi>10.1109/MSP.2008.135]
 
32
Snort home page. http://www.snort.org.
 
33
Xen home page. http://www.xen.org.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General


Keywords:
distributed system, intrusion detection, intrusion prevention, network security, virtual computing platform, virtualization

Collaborative Colleagues:
Hai Jin: colleagues
Guofu Xiang: colleagues
Feng Zhao: colleagues
Deqing Zou: colleagues
Min Li: colleagues
Lei Shi: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player