Article

Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System

Authors:

Saketh Bharadwaja,

Weiqing Sun,

Mohammed Niamat,

Fangyang ShenAuthors Info & Claims

ITNG '11: Proceedings of the 2011 Eighth International Conference on Information Technology: New Generations

Pages 695 - 700

https://doi.org/10.1109/ITNG.2011.123

Published: 11 April 2011 Publication History

Abstract

In this paper, we introduce Collabra, a distributed intrusion detection platform based on Xen hyper visors to maintain the security of the cloud based on virtualized network. While the concept of virtual machine monitor (VMM) signifies implementing an abstraction layer between the underlying host and the guest operating system (OS) to enforce security, its kernel is required to be free of vulnerabilities that intruders can use to compromise the host. In Xen, guest applications make resource requests through the hyper-call API to transfer the privilege to the VMM kernel for executing privileged operations. On a cloud scale, there exist hundreds of VM networks and thousands of guest operating systems (OSes) running on virtual domains. There is every possibility of intruders trying to misuse the hyper-call interface to compromise guest OS kernels and finally the host OS kernel itself. Sophisticated attacks can be launched in the distributed and collaborative style thereby bypassing most current intrusion detection systems. Collabra acts as a filtering layer which is completely integrated with every VMM. It scans through each call by incorporating integrity checking and collaborative detection mechanisms. It exists in multiple instances, and acts concurrently over a VMM network interacting with other instances to detect (possibly collaborative) attacks and prevent illicit access to the VMM and the host. An admin version of Collabra exists on a privileged domain in the VM network to perform filtering of malicious add-ons to hyper-calls at the guest OS level itself before routing the call to the VMM.

Cited By

View all

Nehinbe J(2021)A cost-effective strategy for splitting and allocating alerts' workloads during forensic investigations of very large IDS logsInternational Journal of Internet Technology and Secured Transactions10.1504/ijitst.2021.11352011:2(160-175)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1504/ijitst.2021.113520
Mishra PPilli EVaradharajan VTupakula U(2017)Intrusion detection techniques in cloud environmentJournal of Network and Computer Applications10.1016/j.jnca.2016.10.01577:C(18-47)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1016/j.jnca.2016.10.015
Johnston RKim SCoe DEtzkorn LKulick JMilenkovic ATrien JProwell SGoodall JBridges R(2016)Xen Network Flow Analysis for Intrusion DetectionProceedings of the 11th Annual Cyber and Information Security Research Conference10.1145/2897795.2897802(1-4)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897795.2897802
Show More Cited By

Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System
1. Security and privacy
  1. Systems security

Recommendations

Transparently bridging semantic gap in CPU management for virtualized environments

Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing

We are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...
Performance Analysis for Pareto-Optimal Green Consolidation Based on Virtual Machines Live Migration

Huge energy requirement of cloud data centers is prime concern. Dynamic Virtual Machine VM consolidation based on VM live migration to switched-off or put some of the under-loaded host Physical Machines PMs into a low power consumption mode can ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ITNG '11: Proceedings of the 2011 Eighth International Conference on Information Technology: New Generations

April 2011

1109 pages

ISBN:9780769543673

Publisher

IEEE Computer Society

United States

Publication History

Published: 11 April 2011

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Nehinbe J(2021)A cost-effective strategy for splitting and allocating alerts' workloads during forensic investigations of very large IDS logsInternational Journal of Internet Technology and Secured Transactions10.1504/ijitst.2021.11352011:2(160-175)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1504/ijitst.2021.113520
Mishra PPilli EVaradharajan VTupakula U(2017)Intrusion detection techniques in cloud environmentJournal of Network and Computer Applications10.1016/j.jnca.2016.10.01577:C(18-47)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1016/j.jnca.2016.10.015
Johnston RKim SCoe DEtzkorn LKulick JMilenkovic ATrien JProwell SGoodall JBridges R(2016)Xen Network Flow Analysis for Intrusion DetectionProceedings of the 11th Annual Cyber and Information Security Research Conference10.1145/2897795.2897802(1-4)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897795.2897802
Iqbal SMat Kiah MDhaghighi BHussain MKhan SKhan MRaymond Choo K(2016)On cloud security attacksJournal of Network and Computer Applications10.1016/j.jnca.2016.08.01674:C(98-120)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1016/j.jnca.2016.08.016
Iqbal SKiah MAnuar NDaghighi BWahab AKhan S(2016)Service delivery models of cloud computingSecurity and Communication Networks10.1002/sec.15859:17(4726-4750)Online publication date: 25-Nov-2016
https://dl.acm.org/doi/10.1002/sec.1585
Pitropakis NPikrakis ALambrinoudakis C(2015)Behaviour reflects personalityInternational Journal of Information Security10.5555/2807721.280778214:4(299-305)Online publication date: 1-Aug-2015
https://dl.acm.org/doi/10.5555/2807721.2807782
Milenkoski AVieira MKounev SAvritzer APayne B(2015)Evaluating Computer Intrusion Detection SystemsACM Computing Surveys10.1145/280869148:1(1-41)Online publication date: 29-Sep-2015
https://dl.acm.org/doi/10.1145/2808691
Milenkoski APayne BAntunes NVieira MKounev SAvritzer ALuft M(2015)Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack InjectionProceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 940410.1007/978-3-319-26362-5_22(471-492)Online publication date: 2-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26362-5_22

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Transparently bridging semantic gap in CPU management for virtualized environments

Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension

Performance Analysis for Pareto-Optimal Green Consolidation Based on Virtual Machines Live Migration

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations