Skip to main content
SpringerLink
Log in

Benchmarking Intrusion Detection Systems with Adaptive Provisioning of Virtualized Resources

  • Chapter
  • First Online:
Self-Aware Computing Systems

  • 1822 Accesses

Abstract

With the increasing popularity of virtualization, deploying intrusion detection systems (IDSes) in virtualized environments, for example, in virtual machines as virtualized network functions, has become an emerging practice. Modern virtualized environments feature on demand provisioning of virtualized processing and memory resources to virtual machines, dynamically adapting its intensity in order to meet resource demands. Such a provisioning may have a significant impact on many properties of an IDS deployed in a virtual machine, for example, on its attack detection accuracy. However, conventional metrics for quantifying IDS attack detection accuracy do not capture this impact, which may lead to inaccurate assessments of the IDS’s accuracy at detecting attacks. In this chapter, we discuss in detail on the impact of on demand provisioning of virtualized resources on IDS attack detection accuracy. Further, we discuss on relevant issues related to the use of conventional metrics for quantifying IDS attack detection accuracy. Finally, we present a preliminary metric and measurement methodologies, which allow for the accurate assessment of IDS attack detection accuracy taking on-demand resource provisioning into account.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wesam Dawoud, Ibrahim Takouna, and Christoph Meinel. Elastic Virtual Machine for Fine-Grained Cloud Resource Provisioning. In P.Venkata Krishna, M.Rajasekhara Babu, and Ezendu Ariwa, editors, Global Trends in Computing and Communication Systems, volume 269 of Communications in Computer and Information Science, pages 11–25. Springer, 2012.

    Google Scholar 

  2. Jr. Gaffney, J.E. and J.W. Ulvila. Evaluation of intrusion detectors: a decision theory approach. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 50–61, 2001.

    Google Scholar 

  3. Frank Gens, Robert Mahowald, Richard L. Willards, David Bradshaw, and Chris Morris. Cloud computing 2010: An idc update, 2010.

    Google Scholar 

  4. Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skorić. Measuring intrusion detection capability: an information-theoretic approach. In Proceedings of the 2006 ACM Symposium on Information, computer and communications security (ASIACCS), pages 90–101, New York, NY, USA, 2006. ACM.

    Google Scholar 

  5. Mike Hall and Kevin Wiley. Capacity verification for high speed network intrusion detection systems. In Proceedings of the 5th International Conference on Recent Advances in Intrusion Detection (RAID), pages 239–251, Berlin, Heidelberg, 2002. Springer-Verlag.

    Google Scholar 

  6. J. Hancock and P. Wintz. Signal Detection Theory. McGraw–Hill, New York, 1966.

    Google Scholar 

  7. Evangelos Kotsovinos. Virtualization: Blessing or curse? Queue, 8(11):40:40–40:46, November 2010.

    Google Scholar 

  8. Sajib Kundu, Raju Rangaswami, Ajay Gulati, Ming Zhao, and Kaushik Dutta. Modeling virtualized applications using machine learning techniques. In Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments, VEE ’12, pages 3–14, New York, NY, USA, 2012. ACM.

    Google Scholar 

  9. Flavio Lombardi and Roberto Di Pietro. Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4):1113–1122, July 2011.

    Google Scholar 

  10. Neil MacDonald. Yes, Hypervisors are vulnerable. http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/, 2011.

  11. R. A. Maxion and R. R. Roberts. Proper Use of ROC Curves in Intrusion/Anomaly detection. Technical Report CS-TR-871, School of Computing Science, University of Newcastle upon Tyne, November 2004.

    Google Scholar 

  12. Peter Mell, Vincent Hu, Richard Lippmann, Josh Haines, and Marc Zissman. An Overview of Issues in Testing Intrusion Detection Systems, 2003.

    Google Scholar 

  13. Yuxin Meng and Wenjuan Li. Adaptive Character Frequency-Based Exclusive Signature Matching Scheme in Distributed Intrusion Detection Environment. In IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 223–230, June 2012.

    Google Scholar 

  14. Aleksandar Milenkoski, Marco Vieira, Samuel Kounev, Alberto Avrtizer, and Bryan D. Payne. Evaluating Computer Intrusion Detection Systems: A Survey of Common Practices. ACM Computing Surveys, 2015. To appear.

    Google Scholar 

  15. N. Mohammed, H. Otrok, Lingyu Wang, M. Debbabi, and P. Bhattacharya. Mechanism Design-Based Secure Leader Election Model for Intrusion Detection in MANET. IEEE Transactions on Dependable and Secure Computing, 8(1):89–103, January-February 2011.

    Google Scholar 

  16. Diego Perez-Botero, Jakub Szefer, and Ruby B. Lee. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 International Workshop on Security in Cloud Computing, Cloud Computing ’13, pages 3–10. ACM, 2013.

    Google Scholar 

  17. Martin Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the 13th USENIX conference on System Administration (LISA), pages 229–238. USENIX Association, 1999.

    Google Scholar 

  18. Karen Scarfone and Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS), 2007. NIST Special Publication 900-94.

    Google Scholar 

  19. Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel. WIND: Workload-aware INtrusion Detection. In Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection (RAID), pages 290–310, Berlin, Heidelberg, 2006. Springer Verlag.

    Google Scholar 

  20. S. Spinner, S. Kounev, Xiaoyun Zhu, Lei Lu, M. Uysal, A. Holler, and R. Griffith. Runtime Vertical Scaling of Virtualized Applications via Online Model Estimation. In IEEE Eighth International Conference on Self-Adaptive and Self-Organizing Systems (SASO), pages 157–166, 2014.

    Google Scholar 

  21. Tcpreplay.

    Google Scholar 

  22. Jing Xu, Ming Zhao, José Fortes, Robert Carpenter, and Mazin Yousif. Autonomic Resource Management in Virtualized Data Centers Using Fuzzy Logic-based Approaches. Cluster Computing, 11(3):213–227, 2008.

    Article  Google Scholar 

Download references

Acknowledgements

This work was funded by the German Research Foundation (DFG) under grant No. KO 3445/16-1. This research has been supported by the Research Group of the Standard Performance Evaluation Corporation (SPEC, http://www.spec.org, http://research.spec.org). The authors would like to thank Alexander Leonhardt for providing experimental data.

Author information

Authors and Affiliations

  1. University of Würzburg, Am Hubland, 97074, Würzburg, Germany

    Aleksandar Milenkoski & Samuel Kounev

  2. Thomas J. Watson Research Center, Yorktown Heights, New York City, NY, USA

    K. R. Jayaram

Authors
  1. Aleksandar Milenkoski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. R. Jayaram
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Samuel Kounev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aleksandar Milenkoski .

Editor information

Editors and Affiliations

  1. University of Würzburg, Würzburg, Germany

    Samuel Kounev

  2. Thomas J. Watson Research Center, Hawthorne, New York, USA

    Jeffrey O. Kephart

  3. University of Würzburg, Würzburg, Germany

    Aleksandar Milenkoski

  4. VMWare Inc.Futurewei Technologies, Inc. , Santa Clara, California, USA

    Xiaoyun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Milenkoski, A., Jayaram, K.R., Kounev, S. (2017). Benchmarking Intrusion Detection Systems with Adaptive Provisioning of Virtualized Resources. In: Kounev, S., Kephart, J., Milenkoski, A., Zhu, X. (eds) Self-Aware Computing Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-47474-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47474-8_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47472-4

  • Online ISBN: 978-3-319-47474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation