Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor

MOSTAFAVI, Mojtaba and KABIRI, Peyman (2018). Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor. Iran journal of computer science, 1 (2), 89-97.

[img]
Preview
PDF
Kabiri_detection_of_repetitive_(AM).pdf - Accepted Version
Creative Commons Attribution.

Download (288kB) | Preview
Official URL: https://link.springer.com/article/10.1007/s42044-0...
Link to published version:: https://doi.org/10.1007/s42044-018-0006-5
Related URLs:

    Abstract

    Virtualization is critical to the infrastructure of cloud computing environment and other online services. Hypercall interface is provided by hypervisor to offer privileged requests by the guest domains. Attackers may use this interface to send malicious hypercalls. In the reported work, repetitive hypercall attacks and sending hypercalls within irregular sequences to Xen hypervisor were analyzed, and finally, an intrusion detection system (IDS) is proposed to detect these attacks. The proposed system is placed in the host domain (Dom0). Monitoring hypercalls traffic the system operates based on the identification of irregular behaviors in hypercalls sent from guest domains to hypervisor. Later on, the association rule algorithm is applied on the collected data within a fixed time window, and a set of thresholds for maximum number of all types of the hypercalls is extracted. The results from the implementation of the proposed system show 91% true positive rate.

    Item Type: Article
    Identification Number: https://doi.org/10.1007/s42044-018-0006-5
    Page Range: 89-97
    SWORD Depositor: Symplectic Elements
    Depositing User: Symplectic Elements
    Date Deposited: 25 Jan 2019 10:15
    Last Modified: 28 Jan 2019 09:45
    URI: http://shura.shu.ac.uk/id/eprint/23849

    Actions (login required)

    View Item View Item

    Downloads

    Downloads per month over past year

    View more statistics