loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Carlo Maiero and Marino Miculan

Affiliation: University of Udine, Italy

Keyword(s): Intrusion detection systems, Paravirtualization, System call trace analysis.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention ; Security in Distributed Systems ; Software Security

Abstract: We present a non-invasive system for intrusion and anomaly detection, based on system call tracing in paravirtualized machines over Xen. System calls from guest user programs and operating systems are intercepted stealthy within Xen hypervisor, and passed to a detection system running in Dom0 via a suitable communication channel. Guest applications and machines are left unchanged, and an intruder on the virtual machine cannot tell whether the system is under inspection or not. As for the detection algorithm, we present and study a variant of Stide, which we verify experimentally to have a good performance on intrusion detection with an acceptable overhead—in fact, online real-time intrusion detection feasible. However, since the interception mechanism is kept separated from the detection system, the latter can be replaced according to further needs.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 44.222.128.90

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Maiero, C. and Miculan, M. (2011). UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS. In Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT; ISBN 978-989-8425-71-3; ISSN 2184-3236, SciTePress, pages 300-306. DOI: 10.5220/0003521003000306

@conference{secrypt11,
author={Carlo Maiero. and Marino Miculan.},
title={UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT},
year={2011},
pages={300-306},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003521003000306},
isbn={978-989-8425-71-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2011) - SECRYPT
TI - UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS
SN - 978-989-8425-71-3
IS - 2184-3236
AU - Maiero, C.
AU - Miculan, M.
PY - 2011
SP - 300
EP - 306
DO - 10.5220/0003521003000306
PB - SciTePress