ESR-3 Aleksandar Milenkoski

Ensuring dependability of service-based cloud applications through reliable intrusion detection

The low level of trust in the applied security principles in the virtualized cloud environments is one of the greatest setbacks towards wide migration to these environments. To this end, significant research efforts have been devoted towards designing intrusion detection systems (IDSes) intended for deployment in virtualized environments. Since these IDSes usually operate in virtual machine monitors (VMMs), we refer to them as VMM-based IDSes. Benchmarking IDSes is benefitial since it enables comparison of multiple IDSes with respect to their efficiency and further, it enables identification of an optimal IDS configuration, thus reducing the chances for security breaches. Benchmarking VMM-based IDSes poses novel challenges in addition to the well-known challenges related to benchmarking IDSes for traditional, i.e., not virtualized, environments. This includes challenges related to the standard benchmark components, i.e., workloads, metrics and methodology. Some of them are specification and provisioning of heterogeneous and scalable background benign workloads, of malicious workloads consisting of attacks that target novel attack surfaces (e.g., VMMs), of metrics defined with respect to elasticity properties of virtualized cloud infrastructures and similar. As central outcome of the research project, we envision designing and development of a flexible VMM-based IDS benchmark framework that would contribute towards addressing these challenges. We hope that the envisioned framework will further advance the current research in evaluation of IDSes by introducing novel ideas and practical solutions.

Main research interests:

  • Network and system security
  • Intrusion detection
  • Evaluation of intrusion detection systems

Contact

milenkoski[at]kit.edu

Homepage

http://descartes.ipd.kit.edu/members/researchers/aleksandar_milenkoski/

Publications

Milenkoski A., Payne B.D., Antunes N., Vieira M. and Kounev S. : Experience Report: An Analysis of Hypercall Handler Vulnerabilities. In Proceedings of The 25th IEEE International Symposium on Software Reliability Engineering (ISSRE 2014) – Research Track, Naples, Italy, November 2014. IEEE, IEEE Computer Society, Washington DC, USA, 2014. (To appear)

Milenkoski A., Payne B. D., Antunes N., Vieira M., Kounev S.: HInjector: Injecting Hypercall Attacks for Evaluating VMI-based Intrusion Detection Systems (poster paper). In Proceedings of the 2013 Annual Computer Security Applications Conference (ACSAC 2013), New Orleans, Louisiana, USA, 2013. Applied Computer Security Associates (ACSA), 9-13 Dec., Maryland, USA. 2013, PDF

Milenkoski A., Kounev S.: Towards Benchmarking Intrusion Detection Systems for Virtualized Cloud Environments (extended abstract). In Proceedings of the 7th International Conference for Internet Technology and Secured Transactions (ICITST 2012), London, United Kingdom, December 10-12, 2012, IEEE, New York, USA. December 2012, p. 562-563, PDF

Milenkoski A., Vieira M., Payne B.D., Antunes N. and Kounev S.: Technical Information on Vulnerabilities of Hypercall Handlers. Technical Report SPEC-RG-2014-001 v.1.0, SPEC Research Group – IDS Benchmarking Working Group, Standard Performance Evaluation Corporation (SPEC), 7001 Heritage Village Plaza Suite 225, Gainesville, VA 20155, USA, August 2014, PDF

Milenkoski A., Kounev S., Avritzer A., Antunes N. and Vieira M.: On Benchmarking Intrusion Detection Systems in Virtualized Environments. Technical Report SPEC-RG-2013-002 v.1.0, SPEC Research Group – IDS Benchmarking Working Group, Standard Performance Evaluation Corporation (SPEC), 7001 Heritage Village Plaza Suite 225, Gainesville, VA 20155, June 2013, HTML

Milenkoski A., Iosup A., Kounev S., Sachs K., Rygielski P., Ding J., Cirne W., Rosenberg F.: Cloud Usage Patterns: A Formalism for Description of Cloud Usage Scenarios. Technical Report SPEC-RG-2013-001 v.1.0.1, SPEC Research Group – Cloud Working Group, Standard Performance Evaluation Corporation (SPEC), 7001 Heritage Village Plaza Suite 225, Gainesville, VA 20155, April 2013, HTML

This entry was posted in Research Projects, WP3. Bookmark the permalink.

Comments are closed.