Network Based Malware Detection in Virtualised Environment

Pushpinder Kaur Chouhan, Matthew Hagan, Gavin McWilliams, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.

This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.
LanguageEnglish
Title of host publicationEuro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I
PublisherSpringer
Pages335-346
Number of pages12
Volume8805
ISBN (Electronic)9783319143255
ISBN (Print)9783319143248
DOIs
Publication statusPublished - 26 Aug 2014
EventLSDVE 2014 - Porto, Portugal
Duration: 26 Aug 2014 → …

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743

Workshop

WorkshopLSDVE 2014
CountryPortugal
CityPorto
Period26/08/2014 → …

Fingerprint

Servers
Virtual machine
Malware
Virtualization

Cite this

Chouhan, P. K., Hagan, M., McWilliams, G., & Sezer, S. (2014). Network Based Malware Detection in Virtualised Environment. In Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I (Vol. 8805, pp. 335-346). (Lecture Notes in Computer Science). Springer. https://doi.org/10.1007/978-3-319-14325-5_29
Chouhan, Pushpinder Kaur ; Hagan, Matthew ; McWilliams, Gavin ; Sezer, Sakir. / Network Based Malware Detection in Virtualised Environment. Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I. Vol. 8805 Springer, 2014. pp. 335-346 (Lecture Notes in Computer Science).
@inproceedings{de71d882a9db4a528aba4478f36917c8,
title = "Network Based Malware Detection in Virtualised Environment",
abstract = "While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.",
author = "Chouhan, {Pushpinder Kaur} and Matthew Hagan and Gavin McWilliams and Sakir Sezer",
year = "2014",
month = "8",
day = "26",
doi = "10.1007/978-3-319-14325-5_29",
language = "English",
isbn = "9783319143248",
volume = "8805",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "335--346",
booktitle = "Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I",

}

Chouhan, PK, Hagan, M, McWilliams, G & Sezer, S 2014, Network Based Malware Detection in Virtualised Environment. in Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I. vol. 8805, Lecture Notes in Computer Science, Springer, pp. 335-346, LSDVE 2014, Porto, Portugal, 26/08/2014. https://doi.org/10.1007/978-3-319-14325-5_29

Network Based Malware Detection in Virtualised Environment. / Chouhan, Pushpinder Kaur; Hagan, Matthew; McWilliams, Gavin; Sezer, Sakir.

Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I. Vol. 8805 Springer, 2014. p. 335-346 (Lecture Notes in Computer Science).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Network Based Malware Detection in Virtualised Environment

AU - Chouhan, Pushpinder Kaur

AU - Hagan, Matthew

AU - McWilliams, Gavin

AU - Sezer, Sakir

PY - 2014/8/26

Y1 - 2014/8/26

N2 - While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.

AB - While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.

U2 - 10.1007/978-3-319-14325-5_29

DO - 10.1007/978-3-319-14325-5_29

M3 - Conference contribution

SN - 9783319143248

VL - 8805

T3 - Lecture Notes in Computer Science

SP - 335

EP - 346

BT - Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I

PB - Springer

ER -

Chouhan PK, Hagan M, McWilliams G, Sezer S. Network Based Malware Detection in Virtualised Environment. In Euro-Par 2014: Parallel Processing Workshops: Euro-Par 2014 International Workshops, Porto, Portugal, August 25-26, 2014 Revised Selected Papers Part I. Vol. 8805. Springer. 2014. p. 335-346. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-14325-5_29