| Peer-Reviewed

Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems

Received: 11 May 2013     Published: 10 June 2013
Views:       Downloads:
Abstract

Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi phase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

Published in Advances in Networks (Volume 1, Issue 2)
DOI 10.11648/j.net.20130102.12
Page(s) 26-33
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2013. Published by Science Publishing Group

Keywords

Performance of Systems, Computer Systems Organization, Communication/Networking and Information Technology, General, Network-Level Security and Protection

References
[1] Coud Sercurity Alliance, "Top threats to cloud computing v1.0,"https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf,March 2010.
[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, "A view of cloud computing," Commun. ACM, vol. 53, no. 4, pp. 50–58, Apr. 2010.
[3] B. Joshi, A. Vijayan, and B. Joshi, "Securing cloud computing environment against DDoS attacks," in Computer Communication and Informatics (ICCCI), 2012 International Conference on, Jan. 2012, pp. 1 –5.
[4] H. Takabi, J. B. Joshi, and G. Ahn, "Security and privacy challenges in cloud computing environments," IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.
[5] "Open vSwitch project," http://openvswitch.org, May 2012.
[6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, "Detecting spam zombies by monitoring outgoing messages," Dependable and Secure Computing, IEEE Transactions on, vol. 9, no. 2, pp. 198 –210, Apr. 2012.
[7] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, "BotHunter: detecting malware infection through IDS-driven dialog correlation," in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, ser. SS’07. Berkeley, CA, USA: USENIX Association, 2007, pp. 12:1–12:16.
[8] G. Gu, J. Zhang, and W. Lee, "BotSniffer: detecting botnet command and control channels in network traffic," in Proceedings of 15th Ann. Network and Distributed Sytem Security Symposium, ser. NDSS’08, 2008.
[9] O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, "Automated generation and analysis of attack graphs," in 2002 IEEE Symposium on Security and Privacy, 2002. Proceedings. IEEE, 2002, pp. 273– 284.
[10] "NuSMV: A new symbolic model checker," http://afrodite.itc.it: 1024/_nusmv.
[11] S. H. Ahmadinejad, S. Jalili, and M. Abadi, "A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs," Computer Networks, vol. 55, no. 9, pp. 2221–2240, Jun. 2011.
[12] X. Ou, S. Govindavajhala, and A. W. Appel, "MulVAL: a logicbased network security analyzer," in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14. Berkeley, CA, USA: USENIX Association, 2005, pp. 8–8.
[13] R. Sadoddin and A. Ghorbani, "Alert correlation survey: framework and techniques," in Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, ser. PST ’06. New York, NY, USA: ACM, 2006, pp. 37:1–37:10.
[14] L. Wang, A. Liu, and S. Jajodia, "Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts," Computer Communications, vol. 29, no. 15, pp. 2917–2933, Sep. 2006.
[15] S. Roschke, F. Cheng, and C. Meinel, "A new alert correlation algorithm based on attack graph," in Computational Intelligence in Security for Information Systems, ser. Lecture Notes in Computer Science. Springer, 2011, vol. 6694, pp. 58–67.
[16] A. Roy, D. S. Kim, and K. Trivedi, "Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees," in Dependable Systems Networks (DSN), 2012 IEEE/IFIP42st International Conference on, 2012.
[17] N. Poolsappasit, R. Dewri, and I. Ray, "Dynamic security risk management using bayesian attack graphs," Dependable and Secure Computing, IEEE Transactions on, vol. 9, no. 1, pp. 61 –74, Feb. 2012.
[18] Open Networking Fundation, "Software-defined networking: The new norm for networks," ONF White Paper, April 2012.
[19] "Openflow." [Online]. Available: http://www.openflow.org/wp/learnmore/
[20] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69–74, Mar. 2008.
[21] E. Keller, J. Szefer, J. Rexford, and R. B. Lee, "NoHype: virtualized cloud infrastructure without the virtualization," in Proceedings of the 37th annual international symposium on Computer architecture,ser. ISCA ’10. New York, NY, USA: ACM, 2010, pp. 350–361.
[22] X. Ou, W. F. Boyer, and M. A. McQueen, "A scalable approach to attack graph generation," in Proceedings of the 13th ACM conference on Computer and communications security, ser. CCS ’06. New York,NY, USA: ACM, 2006, pp. 336–345.
[23] Mitre Corporation, "Common vulnerabilities and exposures,CVE," http://cve.mitre.org/.
Cite This Article
  • APA Style

    S. Uvaraj, S. Suresh, N. Kannaiya Raja. (2013). Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems. Advances in Networks, 1(2), 26-33. https://doi.org/10.11648/j.net.20130102.12

    Copy | Download

    ACS Style

    S. Uvaraj; S. Suresh; N. Kannaiya Raja. Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems. Adv. Netw. 2013, 1(2), 26-33. doi: 10.11648/j.net.20130102.12

    Copy | Download

    AMA Style

    S. Uvaraj, S. Suresh, N. Kannaiya Raja. Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems. Adv Netw. 2013;1(2):26-33. doi: 10.11648/j.net.20130102.12

    Copy | Download

  • @article{10.11648/j.net.20130102.12,
      author = {S. Uvaraj and S. Suresh and N. Kannaiya Raja},
      title = {Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems},
      journal = {Advances in Networks},
      volume = {1},
      number = {2},
      pages = {26-33},
      doi = {10.11648/j.net.20130102.12},
      url = {https://doi.org/10.11648/j.net.20130102.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.net.20130102.12},
      abstract = {Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi phase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.},
     year = {2013}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems
    AU  - S. Uvaraj
    AU  - S. Suresh
    AU  - N. Kannaiya Raja
    Y1  - 2013/06/10
    PY  - 2013
    N1  - https://doi.org/10.11648/j.net.20130102.12
    DO  - 10.11648/j.net.20130102.12
    T2  - Advances in Networks
    JF  - Advances in Networks
    JO  - Advances in Networks
    SP  - 26
    EP  - 33
    PB  - Science Publishing Group
    SN  - 2326-9782
    UR  - https://doi.org/10.11648/j.net.20130102.12
    AB  - Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi phase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    VL  - 1
    IS  - 2
    ER  - 

    Copy | Download

Author Information
  • Arulmigu Meenakshi Amman College of Engineering, Kanchipuram

  • Sri Venkateswara College of Engineering, Kanchipuram

  • Defence Engineering College, Ethiopia

  • Sections