Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor

MOSTAFAVI, Mojtaba and KABIRI, Peyman (2018). Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor. Iran journal of computer science, 1 (2), 89-97.

[img]
Preview
PDF
Kabiri_detection_of_repetitive_(AM).pdf - Accepted Version
Creative Commons Attribution.

Download (288kB) | Preview
Official URL: https://link.springer.com/article/10.1007/s42044-0...
Link to published version:: https://doi.org/10.1007/s42044-018-0006-5

Abstract

Virtualization is critical to the infrastructure of cloud computing environment and other online services. Hypercall interface is provided by hypervisor to offer privileged requests by the guest domains. Attackers may use this interface to send malicious hypercalls. In the reported work, repetitive hypercall attacks and sending hypercalls within irregular sequences to Xen hypervisor were analyzed, and finally, an intrusion detection system (IDS) is proposed to detect these attacks. The proposed system is placed in the host domain (Dom0). Monitoring hypercalls traffic the system operates based on the identification of irregular behaviors in hypercalls sent from guest domains to hypervisor. Later on, the association rule algorithm is applied on the collected data within a fixed time window, and a set of thresholds for maximum number of all types of the hypercalls is extracted. The results from the implementation of the proposed system show 91% true positive rate.

Item Type: Article
Identification Number: https://doi.org/10.1007/s42044-018-0006-5
SWORD Depositor: Symplectic Elements
Depositing User: Symplectic Elements
Date Deposited: 25 Jan 2019 10:15
Last Modified: 28 Jan 2019 09:45
URI: http://shura.shu.ac.uk/id/eprint/23849

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics