MOSTAFAVI, Mojtaba and KABIRI, Peyman (2018). Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor. Iran journal of computer science, 1 (2), 89-97.
|
PDF
Kabiri_detection_of_repetitive_(AM).pdf - Accepted Version Creative Commons Attribution. Download (288kB) | Preview |
Abstract
Virtualization is critical to the infrastructure of cloud computing environment and other online services. Hypercall interface is provided by hypervisor to offer privileged requests by the guest domains. Attackers may use this interface to send malicious hypercalls. In the reported work, repetitive hypercall attacks and sending hypercalls within irregular sequences to Xen hypervisor were analyzed, and finally, an intrusion detection system (IDS) is proposed to detect these attacks. The proposed system is placed in the host domain (Dom0). Monitoring hypercalls traffic the system operates based on the identification of irregular behaviors in hypercalls sent from guest domains to hypervisor. Later on, the association rule algorithm is applied on the collected data within a fixed time window, and a set of thresholds for maximum number of all types of the hypercalls is extracted. The results from the implementation of the proposed system show 91% true positive rate.
Item Type: | Article |
---|---|
Identification Number: | https://doi.org/10.1007/s42044-018-0006-5 |
Page Range: | 89-97 |
SWORD Depositor: | Symplectic Elements |
Depositing User: | Symplectic Elements |
Date Deposited: | 25 Jan 2019 10:15 |
Last Modified: | 18 Mar 2021 06:49 |
URI: | https://shura.shu.ac.uk/id/eprint/23849 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year