Advertisement

A Fuzzy-Based Dynamic Provision Approach for Virtualized Network Intrusion Detection Systems

  • Bo Li
  • Jianxin Li
  • Tianyu Wo
  • Xudong Wu
  • Junaid Arshad
  • Wantao Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6059)

Abstract

With the increasing prevalence of virtualization and cloud technologies, virtual security appliances have emerged and become a new way for traditional security appliances to be rapidly distributed and deployed in IT infrastructure. However, virtual security appliances are challenged with achieving optimal performance, as the physical resource is shared by several virtual machines, and this issue is aggravated when virtualizing network intrusion detection systems (NIDS). In this paper, we proposed a novel approach named fuzzyVIDS, which enables dynamic resource provision for NIDS virtual appliance. In fuzzyVIDS, we use fuzzy model to characterize the complex relationship between performance and resource demands and we develop an online fuzzy controller to adaptively control the resource allocation for NIDS under varying network traffic. Our approach has been successfully implemented in the iVIC platform. Finally, we evaluate our approach by comprehensive experiments based on Xen hypervisor and Snort NIDS and the results show that the proposed fuzzy control system can precisely allocate resources for NIDS according to its resource demands, while still satisfying the performance requirements of NIDS.

Keywords

Network intrusion detection systems fuzzy control virtualization dynamic provision 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Snort: An open-source network intrusion prevention and detection system by sourcefire, http://www.snort.org/
  3. 3.
    Virtual Security Appliance Survey: What’s Really Going On? http://www.idc.com/getdoc.jsp?containerId=220767
  4. 4.
    Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (February 2003)Google Scholar
  5. 5.
    Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting Past and Present Intrusions through Vulnerability-specific Predicates. In: Proceedings of the 2005 SOSP (October 2005)Google Scholar
  6. 6.
    Kourai, K., Chiba, S.: Hyperspector: Virtual distributed monitoring environments for secure intrusion detection. In: Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution Environments (2005)Google Scholar
  7. 7.
    Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435–2463 (1999)CrossRefGoogle Scholar
  8. 8.
    Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful Intrusion Detection for High-Speed Networks. In: Proceedings of IEEE Symposium Security and Privacy. IEEE Computer Society Press, Calif .(2002)Google Scholar
  9. 9.
    Lee, W., Cabrera, J.B., Thomas, A., Balwalli, N., Saluja, S., Zhang, Y.: Performance Adaptation in Real-Time Intrusion Detection Systems. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 252. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward Cost-sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security 10(1-2), 5–22 (2002)Google Scholar
  11. 11.
    Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Predicting the resource consumption of network intrusion detection systems. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 135–154. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Xu, J., Zhao, M., Fortes, J., Carpenter, R., Yousif, M.: Autonomic resource management in virtualized data centers using fuzzy logic-based approaches. Cluster Comput. J. 11, 213–227 (2008)CrossRefGoogle Scholar
  13. 13.
    Jantzen, J.: Foundations of Fuzzy Control. John Wiley & Sons, Chichester (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Bo Li
    • 1
  • Jianxin Li
    • 1
  • Tianyu Wo
    • 1
  • Xudong Wu
    • 1
  • Junaid Arshad
    • 2
  • Wantao Liu
    • 1
  1. 1.School of Computer Science and EngineeringBeihang UniversityBeijingChina
  2. 2.School of ComputingUniversity of LeedsLeedsUK

Personalised recommendations