VMGuard: A VMI-based Security Architecture for Intrusion Detection in Cloud Environment

Mishra, Preeti; Varadharajan, Vijay; Pilli, Emmanuel S.; Tupakula, Uday

Title: VMGuard: A VMI-based Security Architecture for Intrusion Detection in Cloud Environment
Creator: Mishra, Preeti; Varadharajan, Vijay; Pilli, Emmanuel S.; Tupakula, Uday
Relation: IEEE Transactions on Cloud Computing Vol. 8, Issue 3, p. 957-971
Publisher Link: http://dx.doi.org/10.1109/TCC.2018.2829202
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Resource Type: journal article
Date: 2020
Description: IEEE In this paper, we propose a Virtual Machine Introspection-based security architecture design for fine granular monitoring of the Tenant Virtual Machines (TVMs) in the cloud. We have developed techniques for monitoring the TVMs at the process level and system call level to detect known and zero-day attacks such as those based on malicious hidden processes, attacks that disable security tools in the TVMs as well as those that alter the behaviour of the legitimate applications. Our architecture, VMGuard, utilizes the introspection feature at the VMM-layer to analyze system call traces of programs running in the monitored TVM. VMGuard applies the software breakpoint injection technique which is OS agnostic and used to trap the execution of programs running in a TVM. VMGuard provides ‘Bag of n-grams’ approach integrated with Term Frequency-Inverse Document Frequency method, to extract and select features of normal and attack traces. It then applies the Random Forest statistical learning technique to produce a generic behavior for different categories of intrusions of the monitored TVM. We have implemented a prototype and the results obtained seem to be very promising and demonstrate the applicability of the VMGuard. We compare VMGuard with existing techniques and discuss the advantages.
Subject: intrusion detection; virtual machine introspection; cloud security; anomaly detection; system call analysis
Identifier: http://hdl.handle.net/1959.13/1441898
Identifier: uon:41567
Identifier: ISSN:2168-7161
Language: eng
Reviewed

Hits: 1059
Visitors: 1055
Downloads: 0

		Thumbnail	File	Description	Size	Format