On Benchmarking Intrusion Detection Systems in Virtualized Environments

Abstract

In this work, the authors analyze state-of-the-art intrusion detection techniques applied in virtualized environments and architectures of VMM-based IDSes. Further, they identify challenges that apply specifically to benchmarking VMM-based IDSes focussing on workloads and metrics. For example, the challenge of defining representative baseline benign workload profiles as well as defining malicious workloads containing attacks targeted at the VMM are discussed. The authors also discuss the impact of on-demand resource provisioning features of virtualized environments (e.g., CPU and memory hotplugging, memory ballooning) on IDS benchmarking measures such as capacity and attack detection accuracy. Finally, they outline future research directions in the area of benchmarking VMM-based IDSes and of intrusion detection in virtualized environments in general.

PDF

This entry was posted in Publications, Technical Report. Bookmark the permalink.

Comments are closed.