Skip to main content
SpringerLink
Log in

Scalable Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9532))

  • 1903 Accesses

Abstract

Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Beale, J., Deraison, R., Meer, H., Temmingh, R., Walt, C.: The NESSUS Project. Syngress Publishing (2002). http://www.nessus.org

  2. Chung, C., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)

    Article  Google Scholar 

  3. Hong, J.B., Kim, D.S.: Performance analysis of scalable attack representation models. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IFIP AICT, vol. 405, pp. 330–343. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  4. Hong, J., Kim, D.: Scalable security models for assessing effectiveness of moving target defenses. In: Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014), pp. 515–526, June 2014

    Google Scholar 

  5. Khan, A., Kiah, M.M., Khan, S., Madani, S.: Towards secure mobile cloud computing: a survey. J. Future Gener. Comput. Syst. 29(5), 1278–1299 (2013)

    Article  Google Scholar 

  6. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Lippmann, R., Ingols, K.: An Annotated Review of Past Papers on Attack Graphs. ESC-TR-2005-054 (2005)

    Google Scholar 

  8. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  9. Mell, P., Grance, T.: SP 800–145. The NIST Definition of Cloud Computing. Technical report, NIST, Gaithersburg, MD, United States (2011)

    Google Scholar 

  10. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in Cloud. Netw. Comput. Appl. 36(1), 42–57 (2013)

    Article  Google Scholar 

  11. National Institute of Standards and Technology: National Vulnerability Database. https://nvd.nist.gov/

  12. Ou, X., Govindavajhala, S.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th USENIX Security Symposium (USENIX Security 2005), pp. 113–128 (2005)

    Google Scholar 

  13. Patel, A., Taghavi, M., Bakhtiyari, K., JúNior, J.C.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36(1), 25–41 (2013)

    Article  Google Scholar 

  14. Pham, C., Estrada, Z., Cao, P., Kalbarczyk, Z., Iyer, R.: Reliability and security monitoring of virtual machines using hardware architectural invariants. In: Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014), pp. 13–24 (2014)

    Google Scholar 

  15. Poolsappasit, N., Kumar, V., Madria, S., Chellappan, S.: Challenges in secure sensor-cloud computing. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 70–84. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Popovic, K., Hocenski, Z.: Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention on Information and Communication Technology, Electonics and Microelectronic (MIPRO 2010), pp. 344–349, May 2010

    Google Scholar 

  17. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated Generation and Analysis of Attack Graphs. Technical report, CMU (2002)

    Google Scholar 

  18. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  19. Vaquero, L., Rodero-Merino, L., Moran, D.: Locking the sky: a survey on IaaS cloud security. J. Comput. 91(1), 93–118 (2011)

    Article  MATH  Google Scholar 

  20. Vieira, K., Schulter, A., Westphall, C., Westphall, C.: Intrusion detection for grid and cloud computing. IT Prof. 12(4), 38–43 (2010)

    Article  Google Scholar 

  21. Vigo, R., Nielson, F., Nielson, H.: Automated Generation of Attack Trees. In: Proceedings of IEEE Computer Security Foundations Symposium (CSF 2014), pp. 337–350, July 2014

    Google Scholar 

  22. Wang, P., Lin, W., Kuo, P., Lin, H., Wang, T.: Threat risk analysis for cloud security based on attack-defense trees. In: Proceedings of the 8th International Conference on Computing Technology and Information Management (ICCM 2012), vol. 1, pp. 106–111, April 2012

    Google Scholar 

  23. Williams, D., Harland, J.: Virtualization with Xen(tm): Including XenEnterprise, XenServer, and XenExpress, 1st edn. Syngress Publishing, Rockland (2007)

    Google Scholar 

  24. Zhu, Y., Hu, H., Ahn, G., Huang, D., Wang, S.: Towards temporal access control in cloud computing. In: Proceedings of Annual IEEE International Conference on Computer Communications (INFOCOM 2012), pp. 2576–2580 (2012)

    Google Scholar 

Download references

Acknowledgments

This research was sponsored by NSF grant #1528099, and also supported by the NATO Science for Peace & Security Multi-Year Project (MD.SFPP 984425).

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand

    Jin B. Hong & Dong Seong Kim

  2. Department of Computer Science, Arizona State University, Arizona, USA

    Chun-Jen Chung & Dijiang Huang

Authors
  1. Jin B. Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chun-Jen Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dijiang Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jin B. Hong .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojin Wang

  2. Sch of Information Technologies, Sydney University, Sydney, New South Wales, Australia

    Albert Zomaya

  3. Department of Information and Commu, University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hong, J.B., Chung, CJ., Huang, D., Kim, D.S. (2015). Scalable Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27161-3_53

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27160-6

  • Online ISBN: 978-3-319-27161-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation