Intrusion detection techniques for virtual domains

摘要

A virtual domain enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since the virtual machines can be running different operating systems and applications, the attacker can exploit even a single vulnerability in any of the operating system or applications in a single virtual machine to attack other machines in the virtual domain. There is a need to develop intrusion detection techniques to deal with different types of attacks in virtual domains. In this paper we consider the design choices for attack detection and propose intrusion detection architecture to deal with attacks in virtual domains. Our architecture takes into account the specific features of the virtual machine as well as security policies of the virtual domains to deal with different types of attacks in virtual machines. We have described the operation of the proposed system architecture in detail. Finally we present how our model can efficiently deal with different types of attacks and performance analysis of our model.