%0 Conference Paper %1 MiPaAnViKoAvLu2015-RAID-Challenges %A Milenkoski, Aleksandar %A Payne, Bryan D. %A Antunes, Nuno %A Vieira, Marco %A Kounev, Samuel %A Avritzer, Alberto %A Luft, Matthias %B The 18th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2015) %D 2015 %I Springer %K Cloud HInjector Instrumentation_profiling_and_workload_characterization Metrics_and_benchmarking_methodologies Security Virtualization descartes t_full myown %T Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack Injection %U http://link.springer.com/chapter/10.1007/978-3-319-26362-5_22 %X The evaluation of intrusion detection systems (IDSes) is an active research area with many open challenges, one of which is the generation of representative workloads that contain attacks. In this paper, we propose a novel approach for the rigorous evaluation of IDSes in virtualized environments, with a focus on IDSes designed to detect attacks leveraging or targeting the hypervisor via its hypercall interface. We present hInjector, a tool for generating IDS evaluation workloads by injecting such attacks during regular operation of a virtualized environment. We demonstrate the application of our approach and show its practical usefulness by evaluating a representative IDS designed to operate in virtualized environments. The virtualized environment of the industry-standard benchmark SPECvirt_sc2013 is used as a testbed, whose drivers generate workloads representative of workloads seen in production environments. This work enables for the first time the injection of attacks in virtualized environments for the purpose of generating representative IDS evaluation workloads.

@inproceedings{MiPaAnViKoAvLu2015-RAID-Challenges, abstract = {{The evaluation of intrusion detection systems (IDSes) is an active research area with many open challenges, one of which is the generation of representative workloads that contain attacks. In this paper, we propose a novel approach for the rigorous evaluation of IDSes in virtualized environments, with a focus on IDSes designed to detect attacks leveraging or targeting the hypervisor via its hypercall interface. We present hInjector, a tool for generating IDS evaluation workloads by injecting such attacks during regular operation of a virtualized environment. We demonstrate the application of our approach and show its practical usefulness by evaluating a representative IDS designed to operate in virtualized environments. The virtualized environment of the industry-standard benchmark SPECvirt_sc2013 is used as a testbed, whose drivers generate workloads representative of workloads seen in production environments. This work enables for the first time the injection of attacks in virtualized environments for the purpose of generating representative IDS evaluation workloads.}}, added-at = {2020-04-05T23:11:12.000+0200}, author = {Milenkoski, Aleksandar and Payne, Bryan D. and Antunes, Nuno and Vieira, Marco and Kounev, Samuel and Avritzer, Alberto and Luft, Matthias}, biburl = {https://www.bibsonomy.org/bibtex/2106227040ef2a9182246a2c1fc67260c/samuel.kounev}, booktitle = {The 18th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2015)}, interhash = {4fd7054e8e6d35e0df0c8b567728430c}, intrahash = {106227040ef2a9182246a2c1fc67260c}, keywords = {Cloud HInjector Instrumentation_profiling_and_workload_characterization Metrics_and_benchmarking_methodologies Security Virtualization descartes t_full myown}, month = {{November}}, note = {{Acceptance Rate: 23%.}}, publisher = {{Springer}}, timestamp = {2021-08-18T04:00:31.000+0200}, title = {{Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack Injection}}, url = {http://link.springer.com/chapter/10.1007/978-3-319-26362-5_22}, year = 2015 }