Skip to main content
SpringerLink
Log in

Design and Implementation of a Lightweight Kernel-Level Network Intrusion Prevention System for Virtualized Environment (Short Paper)

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10701))

Abstract

Cloud platforms often take advantage of virtualization technology and make their actual hosts virtualized. As network attack events occur frequently, providing system security in a virtualized environment is the focus of this study. We have designed and implemented a lightweight network-based intrusion prevention system (IPS) named VMM-IPS for the virtual machine (VM) execution environment. To ensure the system safety of VMs and the host system at the same time, VMM-IPS is operated in the Linux kernel of the host system and co-located with the Kernel-based Virtual Machine that turns Linux kernel into a hypervisor. As packets enter the system, no matter destined to VMs or passing through the host, they are detected by VMM-IPS. Unlike user-level IPS that needs switching protection domain and copying packets to user buffer for inspection, VMM-IPS is more efficient because of the capability to perform in-place packet inspection. It adopts signature-based detection and is implemented with the multiple-pattern search algorithm AC-BM for efficient string matching. Besides, VMM-IPS can protect the system against attacks using packet splitting and reassembly to evade introduction detection system (IDS). The experimental results demonstrate VMM-IPS can achieve system safety effectively and efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceeding of Network and Distributed Systems Security Symposium, pp. 191–206 (2003)

    Google Scholar 

  2. Azmandian, F., Moffie, M., Alshawabkeh, M.: Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Operating Syst. Rev. 45(2), 38–53 (2011)

    Article  Google Scholar 

  3. Tupakula, U.K., Varadharajan, V.: Dynamic state-based security architecture for detecting security attacks in virtual machines. Comput. J. 55(4), 397–409 (2012)

    Article  Google Scholar 

  4. Jin, H., Xiang, G., Zou, D., Wu, S., Zhao, F., Li, M., Zheng, W.: A VMM-based intrusion prevention system in cloud computing environment. J. Supercomputing 66(3), 1133–1151 (2013)

    Article  Google Scholar 

  5. Bharadwaja, S., Weiqing, S., Niamat, M., Fangyang, S.: Collabra: a Xen hypervisor based collaborative intrusion detection system. In: Proceedings of the Eighth International Conference on Information Technology: New Generations, pp. 695–700 (2011)

    Google Scholar 

  6. KVM: http://www.linux-kvm.org/. Accessed 5 Oct 2017

  7. Chierici, A., Veraldi, R.: A quantitative comparison between Xen and KVM. J. Phys. (2010). Conference Series 219, https://doi.org/10.1088/1742-6596/219/4/042005

  8. OpenStack cloud software: https://www.openstack.org/. Accessed 5 Oct 2017

  9. Coit, C.J., Staniford, S., McAlemey, J.: Towards faster string matching for intrusion detection or exceeding the speed of Snort. In: Proceedings of DARPA Information Survivability Conference & Exposition II, vol. 1, pp. 367–373 (2001)

    Google Scholar 

  10. Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977)

    Article  MATH  Google Scholar 

  11. Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Commun. ACM 18(6), 333–340 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  12. Cheng, T.H., Lin, Y.D., Lai, Y.C., Lin, P.C.: Evasion techniques: sneaking through your intrusion detection/prevention systems. IEEE Commun. Surv. Tutorials 14(4), 1011–1020 (2012)

    Article  Google Scholar 

  13. Netfilter: http://www.netfilter.org. Accessed 5 Oct 2017

  14. Snort: http://www.snort.org. Accessed 5 Oct 2017

  15. TCPDump/Libpcap: http://www.tcpdump.org. Accessed 5 Oct 2017

  16. Suricata: http://www.suricata-ids.org. Accessed 5 Oct 2017

  17. Iptables: http://www.netfilter.org/projects/iptables/index.html. Accessed 5 Oct 2017

  18. Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, pp. 41–46 (2005)

    Google Scholar 

  19. Apache web server: https://httpd.apache.org/. Accessed 5 Oct 2017

  20. Apache Bench: https://httpd.apache.org/docs/2.4/programs/ab.html. Accessed 5 Oct 2017

Download references

Acknowledgments

This research was supported in part by grant MOST 105-2221-E-260-015 and MOST 106-2221-E-260-001 from the Ministry of Science and Technology, Taiwan, Republic of China. We would also like to thank M. L. Wang, H. Cheng, C. W. Huang and members in the Computer System laboratory of Chang Gung University for their efforts in this study.

Author information

Authors and Affiliations

  1. Department of Information Management, National Chi-Nan University, 545 Puli, Nantou, Taiwan, R.O.C.

    Mei-Ling Chiang, Yang-Sen Chen & Wen-Yu Kao

  2. Department of Computer Science and Information Engineering, Chang Gung University, 333, Tao-Yuan, Taiwan, R.O.C.

    Jian-Kai Wang, Li-Chi Feng & You-Chi Wang

Authors
  1. Mei-Ling Chiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian-Kai Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li-Chi Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang-Sen Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. You-Chi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wen-Yu Kao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mei-Ling Chiang .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, Victoria, Australia

    Joseph K. Liu

  2. University of Milan, Milan, Italy

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chiang, ML., Wang, JK., Feng, LC., Chen, YS., Wang, YC., Kao, WY. (2017). Design and Implementation of a Lightweight Kernel-Level Network Intrusion Prevention System for Virtualized Environment (Short Paper). In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72359-4_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72358-7

  • Online ISBN: 978-3-319-72359-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation