Skip to main content
SpringerLink
Log in

A Fuzzy-Based Dynamic Provision Approach for Virtualized Network Intrusion Detection Systems

  • Conference paper
Advances in Computer Science and Information Technology (AST 2010, ACN 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6059))

Abstract

With the increasing prevalence of virtualization and cloud technologies, virtual security appliances have emerged and become a new way for traditional security appliances to be rapidly distributed and deployed in IT infrastructure. However, virtual security appliances are challenged with achieving optimal performance, as the physical resource is shared by several virtual machines, and this issue is aggravated when virtualizing network intrusion detection systems (NIDS). In this paper, we proposed a novel approach named fuzzyVIDS, which enables dynamic resource provision for NIDS virtual appliance. In fuzzyVIDS, we use fuzzy model to characterize the complex relationship between performance and resource demands and we develop an online fuzzy controller to adaptively control the resource allocation for NIDS under varying network traffic. Our approach has been successfully implemented in the iVIC platform. Finally, we evaluate our approach by comprehensive experiments based on Xen hypervisor and Snort NIDS and the results show that the proposed fuzzy control system can precisely allocate resources for NIDS according to its resource demands, while still satisfying the performance requirements of NIDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Virtual security appliance, http://en.wikipedia.org/wiki/Virtual_security_appliance

  2. Snort: An open-source network intrusion prevention and detection system by sourcefire, http://www.snort.org/

  3. Virtual Security Appliance Survey: What’s Really Going On? http://www.idc.com/getdoc.jsp?containerId=220767

  4. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (February 2003)

    Google Scholar 

  5. Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting Past and Present Intrusions through Vulnerability-specific Predicates. In: Proceedings of the 2005 SOSP (October 2005)

    Google Scholar 

  6. Kourai, K., Chiba, S.: Hyperspector: Virtual distributed monitoring environments for secure intrusion detection. In: Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution Environments (2005)

    Google Scholar 

  7. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435–2463 (1999)

    Article  Google Scholar 

  8. Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful Intrusion Detection for High-Speed Networks. In: Proceedings of IEEE Symposium Security and Privacy. IEEE Computer Society Press, Calif .(2002)

    Google Scholar 

  9. Lee, W., Cabrera, J.B., Thomas, A., Balwalli, N., Saluja, S., Zhang, Y.: Performance Adaptation in Real-Time Intrusion Detection Systems. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 252. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward Cost-sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security 10(1-2), 5–22 (2002)

    Google Scholar 

  11. Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Predicting the resource consumption of network intrusion detection systems. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 135–154. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Xu, J., Zhao, M., Fortes, J., Carpenter, R., Yousif, M.: Autonomic resource management in virtualized data centers using fuzzy logic-based approaches. Cluster Comput. J. 11, 213–227 (2008)

    Article  Google Scholar 

  13. Jantzen, J.: Foundations of Fuzzy Control. John Wiley & Sons, Chichester (2007)

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Beihang University, Beijing, China

    Bo Li, Jianxin Li, Tianyu Wo, Xudong Wu & Wantao Liu

  2. School of Computing, University of Leeds, Leeds, UK, LS2 9JT

    Junaid Arshad

Authors
  1. Bo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianxin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tianyu Wo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xudong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Junaid Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wantao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, 133 Ojeong-dong, daeduk-gu, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  2. The Ohio State University, 43210, Columbus, OH, USA

    Hojjat Adeli

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, B., Li, J., Wo, T., Wu, X., Arshad, J., Liu, W. (2010). A Fuzzy-Based Dynamic Provision Approach for Virtualized Network Intrusion Detection Systems. In: Kim, Th., Adeli, H. (eds) Advances in Computer Science and Information Technology. AST ACN 2010 2010. Lecture Notes in Computer Science, vol 6059. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13577-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13577-4_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13576-7

  • Online ISBN: 978-3-642-13577-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation