Volume 1, Issue 2, March 2013, Page: 26-33
Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems
S. Uvaraj, Arulmigu Meenakshi Amman College of Engineering, Kanchipuram
S. Suresh, Sri Venkateswara College of Engineering, Kanchipuram
N. Kannaiya Raja, Defence Engineering College, Ethiopia
Received: May 11, 2013;       Published: Jun. 10, 2013
DOI: 10.11648/j.net.20130102.12      View  2969      Downloads  260
Abstract
Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi phase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
Keywords
Performance of Systems, Computer Systems Organization, Communication/Networking and Information Technology, General, Network-Level Security and Protection
To cite this article
S. Uvaraj, S. Suresh, N. Kannaiya Raja, Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems, Advances in Networks. Vol. 1, No. 2, 2013, pp. 26-33. doi: 10.11648/j.net.20130102.12
Reference
[1]
Coud Sercurity Alliance, "Top threats to cloud computing v1.0,"https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf,March 2010.
[2]
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, "A view of cloud computing," Commun. ACM, vol. 53, no. 4, pp. 50–58, Apr. 2010.
[3]
B. Joshi, A. Vijayan, and B. Joshi, "Securing cloud computing environment against DDoS attacks," in Computer Communication and Informatics (ICCCI), 2012 International Conference on, Jan. 2012, pp. 1 –5.
[4]
H. Takabi, J. B. Joshi, and G. Ahn, "Security and privacy challenges in cloud computing environments," IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.
[5]
"Open vSwitch project," http://openvswitch.org, May 2012.
[6]
Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, "Detecting spam zombies by monitoring outgoing messages," Dependable and Secure Computing, IEEE Transactions on, vol. 9, no. 2, pp. 198 –210, Apr. 2012.
[7]
G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, "BotHunter: detecting malware infection through IDS-driven dialog correlation," in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, ser. SS’07. Berkeley, CA, USA: USENIX Association, 2007, pp. 12:1–12:16.
[8]
G. Gu, J. Zhang, and W. Lee, "BotSniffer: detecting botnet command and control channels in network traffic," in Proceedings of 15th Ann. Network and Distributed Sytem Security Symposium, ser. NDSS’08, 2008.
[9]
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, "Automated generation and analysis of attack graphs," in 2002 IEEE Symposium on Security and Privacy, 2002. Proceedings. IEEE, 2002, pp. 273– 284.
[10]
"NuSMV: A new symbolic model checker," http://afrodite.itc.it: 1024/_nusmv.
[11]
S. H. Ahmadinejad, S. Jalili, and M. Abadi, "A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs," Computer Networks, vol. 55, no. 9, pp. 2221–2240, Jun. 2011.
[12]
X. Ou, S. Govindavajhala, and A. W. Appel, "MulVAL: a logicbased network security analyzer," in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14. Berkeley, CA, USA: USENIX Association, 2005, pp. 8–8.
[13]
R. Sadoddin and A. Ghorbani, "Alert correlation survey: framework and techniques," in Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, ser. PST ’06. New York, NY, USA: ACM, 2006, pp. 37:1–37:10.
[14]
L. Wang, A. Liu, and S. Jajodia, "Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts," Computer Communications, vol. 29, no. 15, pp. 2917–2933, Sep. 2006.
[15]
S. Roschke, F. Cheng, and C. Meinel, "A new alert correlation algorithm based on attack graph," in Computational Intelligence in Security for Information Systems, ser. Lecture Notes in Computer Science. Springer, 2011, vol. 6694, pp. 58–67.
[16]
A. Roy, D. S. Kim, and K. Trivedi, "Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees," in Dependable Systems Networks (DSN), 2012 IEEE/IFIP42st International Conference on, 2012.
[17]
N. Poolsappasit, R. Dewri, and I. Ray, "Dynamic security risk management using bayesian attack graphs," Dependable and Secure Computing, IEEE Transactions on, vol. 9, no. 1, pp. 61 –74, Feb. 2012.
[18]
Open Networking Fundation, "Software-defined networking: The new norm for networks," ONF White Paper, April 2012.
[19]
"Openflow." [Online]. Available: http://www.openflow.org/wp/learnmore/
[20]
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69–74, Mar. 2008.
[21]
E. Keller, J. Szefer, J. Rexford, and R. B. Lee, "NoHype: virtualized cloud infrastructure without the virtualization," in Proceedings of the 37th annual international symposium on Computer architecture,ser. ISCA ’10. New York, NY, USA: ACM, 2010, pp. 350–361.
[22]
X. Ou, W. F. Boyer, and M. A. McQueen, "A scalable approach to attack graph generation," in Proceedings of the 13th ACM conference on Computer and communications security, ser. CCS ’06. New York,NY, USA: ACM, 2006, pp. 336–345.
[23]
Mitre Corporation, "Common vulnerabilities and exposures,CVE," http://cve.mitre.org/.
Browse journals by subject