Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Soft computing and intelligent systems: Tools, techniques and applications
Guest editors: Sabu M. Thampi and El-Sayed M. El-Alfy
Article type: Research Article
Authors: Mishra, Preetia | Pilli, Emmanuel S.a; * | Varadharajan, Vijayb | Tupakula, Udayab
Affiliations: [a] Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India | [b] Department of Computing, Faculty of Science, Macquarie University, Sydney, Australia
Correspondence: [*] Corresponding author. Emmanuel S. Pilli, Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India. Tel.: +9195 496 58131; E-mail: espilli.cse@mnit.ac.in.
Abstract: Cloud Security is of paramount importance in the new era of virtualization technology. Tenant Virtual Machine (VM) level security solutions can be easily evaded by modern attack techniques. Out-VM monitoring allows cloud administrator (CA) to monitor and control a VM from a secure location outside the VM. In this paper, we propose an out-VM monitoring based approach named as ‘Program Semantic-Aware Intrusion Detection at Network and Hypervisor Layer’ (PSI-NetVisor) to detect attacks in both network and virtualization layer in cloud. PSI-NetVisor performs network monitoring by employing behavior based intrusion detection approach (BIDA) at the network layer of centralized Cloud Network Server (CNS); providing the first level of defense from attacks. It incorporates semantic awareness in the intrusion detection approach and enables it to provide network monitoring and process monitoring at the hypervisor layer of Cloud Compute Server (CCoS); providing the second level of defense from attacks. PSI-NetVisor employs Virtual Machine Introspection (VMI) libraries based on software break point injection to extract process execution traces from hypervisor. It further applies depth first search (DFS) to construct program semantics from control flow graph of execution traces. It applies dynamic analysis and machine learning approaches to learn the behavior of anomalies which makes it secure from obfuscation and encryption based attacks. PSI-NetVisor has been validated with latest intrusion datasets (UNSW-NB & Evasive Malware) collected from research centers and results seem to be promising.
Keywords: Intrusion detection, virtual machine introspection, system call flow graph, cloud security, Malware, network attacks
DOI: 10.3233/JIFS-169234
Journal: Journal of Intelligent & Fuzzy Systems, vol. 32, no. 4, pp. 2909-2921, 2017
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl