Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor

MOSTAFAVI, Mojtaba and KABIRI, Peyman (2018). Detection of repetitive and irregular hypercall attacks from guest virtual machines to Xen hypervisor. Iran journal of computer science, 1 (2), 89-97. [Article]

Documents
23849:524377
[thumbnail of Kabiri_detection_of_repetitive_(AM).pdf]
Preview
PDF
Kabiri_detection_of_repetitive_(AM).pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (288kB) | Preview
Abstract
Virtualization is critical to the infrastructure of cloud computing environment and other online services. Hypercall interface is provided by hypervisor to offer privileged requests by the guest domains. Attackers may use this interface to send malicious hypercalls. In the reported work, repetitive hypercall attacks and sending hypercalls within irregular sequences to Xen hypervisor were analyzed, and finally, an intrusion detection system (IDS) is proposed to detect these attacks. The proposed system is placed in the host domain (Dom0). Monitoring hypercalls traffic the system operates based on the identification of irregular behaviors in hypercalls sent from guest domains to hypervisor. Later on, the association rule algorithm is applied on the collected data within a fixed time window, and a set of thresholds for maximum number of all types of the hypercalls is extracted. The results from the implementation of the proposed system show 91% true positive rate.
More Information
Statistics

Downloads

Downloads per month over past year

Metrics

Altmetric Badge

Dimensions Badge

Share
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Actions (login required)

View Item View Item