Sciweavers

CN
2007

Protecting host-based intrusion detectors through virtual machines

14 years 13 days ago
Protecting host-based intrusion detectors through virtual machines
: Intrusion detection systems continuously watch the activity of a network or computer, looking for attack or intrusion evidences. However, hostbased intrusion detectors are particularly vulnerable, as they can be disabled or tampered by successful intruders. This work proposes and implements an architecture model aimed at protecting host-based intrusion detectors, through the application of the virtual machine concept. Virtual machine environments are becoming an interesting alternative for several computing systems, because of their advantages in terms of cost and portability. The architecture proposal presented here makes use of the execution spaces separation provided by a virtual machine monitor, in order to separate the intrusion detection system from the system under monitoring. In consequence, the intrusion detector becomes invisible and inaccessible to intruders. The architecture implementation and the tests performed show the viability of this solution.
Marcos Laureano, Carlos Maziero, Edgard Jamhour
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2007
Where CN
Authors Marcos Laureano, Carlos Maziero, Edgard Jamhour
Comments (0)