Network Based Malware Detection in Virtualised Environment


Autoria(s): Chouhan, Pushpinder Kaur; Hagan, Matthew; McWilliams, Gavin; Sezer, Sakir
Data(s)

26/08/2014

Resumo

While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.<br/><br/>This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.

Identificador

http://pure.qub.ac.uk/portal/en/publications/network-based-malware-detection-in-virtualised-environment(de71d882-a9db-4a52-8aba-4478f36917c8).html

http://dx.doi.org/10.1007/978-3-319-14325-5_29

Idioma(s)

eng

Publicador

Springer

Direitos

info:eu-repo/semantics/restrictedAccess

Fonte

Chouhan , P K , Hagan , M , McWilliams , G & Sezer , S 2014 , Network Based Malware Detection in Virtualised Environment . in Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I . vol. 8805 , Lecture Notes in Computer Science , Springer , pp. 335-346 , LSDVE 2014 , Porto , Portugal , 26 August . DOI: 10.1007/978-3-319-14325-5_29

Tipo

contributionToPeriodical