Conference Papers

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506

Browse

Subject: search.filters.subject.Hypervisor

Search Results

Now showing 1 - 6 of 6
  • No Thumbnail Available
    Item
    Cloud workflow and security: A survey
    (Institute of Electrical and Electronics Engineers Inc., 2014) Anupa, J.; Chandra Sekaran, K.C.
    The cloud revolution has helped enterprises to improve their business and performance by providing them computing power, storage capabilities and a variety of services for very less or no infrastructure and reasonable cost. It also provisioned the scientific and academic communities to run complex applications involving large data sets, high performance or distributed resources. The Workflow Management Systems (WfMSs) help the enterprises in automation of their business processes and thus help the management to take critical decisions fast. Cloud Workflows club the advantages of both Cloud Computing and WfMSs. In spite of the advantages of the cloud, security is a major area of concern. The use of WfMSs for critical and strategic applications, which is common in case of Business and Scientific community, gives rise to major concerns regarding the threats against integrity, authorization, availability etc. The concept of running secure workflow instances on public cloud processing platforms is still in its infancy. This paper gives an overview of workflow management systems, cloud computing, cloud workflows and security in these areas. This paper also provides a survey on security mechanisms for WfMSs and Cloud Workflows. © 2014 IEEE.
  • No Thumbnail Available
    Item
    Virtual machine introspection based spurious process detection in virtualized cloud computing environment
    (Institute of Electrical and Electronics Engineers Inc., 2015) M.a, M.A.; Jaidhar, C.D.
    Virtual Machines are prime target for adversary to take control by exploiting the identified vulnerability present in it. Due to increasing number of Advanced Persistent Attacks such as malware, rootkit, spyware etc., virtual machine protection is highly challenging task. The key element of Advanced Persistent Threat is rootkit that provides stealthy control of underlining Operating System (kernel). Protecting individual guest operating system by using antivirus and commercial security defense mechanism is cost effective and ineffective for virtualized environment. To solve this problem, Virtual Machine Introspection has emerged as one of the promising approaches to secure the state of the virtual machine. Virtual Machine Introspection inspects the state of multiple virtual machines by operating outside the virtual machine i.e. at hypervisor level. In this work, Virtual Machine Introspection based malicious process detection approach is proposed. It extracts the high level information such as system call details, opened known backdoor ports from introspected memory to identify the spurious process. It triggers an alert in response to detected intrusion. © 2015 IEEE.
  • No Thumbnail Available
    Item
    Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment
    (Institute of Electrical and Electronics Engineers Inc., 2015) M.a, M.A.; Jaidhar, C.D.
    Cloud Computing enabled by virtualization technology exhibits revolutionary change in IT Infrastructure. Hypervisor is a pillar of virtualization and it allows sharing of resources to virtual machines. Vulnerabilities present in virtual machine leveraged by an attacker to launch the advanced persistent attacks such as stealthy rootkit, Trojan, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack etc. Virtual Machines are prime target for malignant cloud user or an attacker to launch attacks as they are easily available for rent from Cloud Service Provider (CSP). Attacks on virtual machine can disrupt the normal operation of cloud infrastructure. In order to secure the virtual environment, defence mechanism is highly imperative at each virtual machine to identify the attacks occurring at virtual machine in timely manner. This work proposes In-and-Out-of-the-Box Virtual Machine and Hypervisor based Intrusion Detection and Prevention System for virtualized environment to ensure robust state of the virtual machine by detecting followed by eradicating rootkits as well as other attacks. We conducted experiments using popular open source Host based Intrusion Detection System (HIDS) called Open Source SECurity Event Correlator (OSSEC). Both Linux and windows based rootkits, DoS attack, Files integrity verification test are conducted and they are successfully detected by OSSEC. © 2015 IEEE.
  • No Thumbnail Available
    Item
    VMI based automated real-time malware detector for virtualized cloud environment
    (Springer Verlag service@springer.de, 2016) M.a, M.A.; Jaidhar, C.D.
    The Virtual Machine Introspection (VMI) has evolved as a promising future security solution to performs an indirect investigation of the untrustworthy Guest Virtual Machine (GVM) in real-time by operating at the hypervisor in a virtualized cloud environment. The existing VMI techniques are not intelligent enough to read precisely the manipulated semantic information on their reconstructed high-level semantic view of the live GVM. In this paper, a VMI-based Automated-Internal- External (A-IntExt) system is presented that seamlessly introspects the untrustworthy Windows GVM internal semantic view (i.e. Processes) to detect the hidden, dead, and malicious processes. Further, it checks the detected, hidden as well as running processes (not hidden) as benign or malicious. The prime component of the A-IntExt is the Intelligent Cross- View Analyzer (ICV A), which is responsible for detecting hidden-state information from internally and externally gathered state information of the Monitored Virtual Machine (Med−VM). The A-IntExt is designed, implemented, and evaluated by using publicly available malware and Windows real-world rootkits to measure detection proficiency as well as execution speed. The experimental results demonstrate that A-IntExt is effective in detecting malicious and hidden-state information rapidly with maximum performance overhead of 7.2 %. © Springer International Publishing AG 2016.
  • No Thumbnail Available
    Item
    Execution time measurement of virtual machine volatile artifacts analyzers
    (IEEE Computer Society help@computer.org, 2016) M.a, M.A.A.; Jaidhar, C.D.
    Due to a rapid revaluation in a virtualization environment, Virtual Machines (VMs) are target point for an attacker to gain privileged access of the virtual infrastructure. The Advanced Persistent Threats (APTs) such as malware, rootkit, spyware, etc. are more potent to bypass the existing defense mechanisms designed for VM. To address this issue, Virtual Machine Introspection (VMI) emerged as a promising approach that monitors run state of the VM externally from hypervisor. However, limitation of VMI lies with semantic gap. An open source tool called LibVMI address the semantic gap. Memory Forensic Analysis (MFA) tool such as Volatility can also be used to address the semantic gap. But, it needs to capture a memory dump (RAM) as input. Memory dump acquires time and its analysis time is highly crucial if Intrusion Detection System IDS (IDS) depends on the data supplied by FAM or VMI tool. In this work, live virtual machine RAM dump acquire time of LibVMI is measured. In addition, captured memory dump analysis time consumed by Volatility is measured and compared with other memory analyzer such as Rekall. It is observed through experimental results that, Rekall takes more execution time as compared to Volatility for most of the plugins. Further, Volatility and Rekall are compared with LibVMI. It is noticed that examining the volatile data through LibVMI is faster as it eliminates memory dump acquire time. © 2015 IEEE.
  • No Thumbnail Available
    Item
    Windows malware detection based on cuckoo sandbox generated report using machine learning algorithm
    (Institute of Electrical and Electronics Engineers Inc., 2016) Shiva Darshan, S.L.S.; M.a, M.A.A.; Jaidhar, C.D.
    Malicious software or malware has grown rapidly and many anti-malware defensive solutions have failed to detect the unknown malware since most of them rely on signature-based technique. This technique can detect a malware based on a pre-defined signature, which achieves poor performance when attempting to classify unseen malware with the capability to evade detection using various code obfuscation techniques. This growing evasion capability of new and unknown malwares needs to be countered by analyzing the malware dynamically in a sandbox environment, since the sandbox provides an isolated environment for analyzing the behavior of the malware. In this paper, the malware is executed on to the cuckoo sandbox to obtain its run-time behavior. At the end of the execution, the cuckoo sandbox reports the system calls invoked by the malware during execution. However, this report is in JSON format and has to be converted to MIST format to extract the system calls. The collected system calls are structured in the form of N-Grams, which help to build the classifier by using the Information Gain (IG) as a feature selection technique. A comprehensive experiment was conducted to perceive the best fit classifier among the chosen classifiers, including the Bayesian-Logistic-Regression, SPegasos, IB1, Bagging, Part, and J48 defined within the WEKA tool. From the experimental results, the overall best performance for all the selected top N-Grams such as 200, 400, and 600 goes to SPegasos with the highest accuracy, highest True Positive Rate (TPR), and lowest False Positive Rate (FPR). © 2016 IEEE.