Technical Report on Benchmarking Intrusion Detection Systems in Virtualized Environments Published

Wednesday, July 10, 2013 04:00

The SPEC RG IDS Benchmarking Working Group has published a technical report on benchmarking intrusion detection systems (IDSes) in virtualized environments, i.e., VMM(Virtual Machine Monitor)-based IDSes.

In this work, the authors analyze state-of-the-art intrusion detection techniques applied in virtualized environments and architectures of VMM-based IDSes. Further, they identify challenges that apply specifically to benchmarking VMM-based IDSes focussing on workloads and metrics. For example, the challenge of defining representative baseline benign workload profiles as well as defining malicious workloads containing attacks targeted at the VMM are discussed. The authors also discuss the impact of on-demand resource provisioning features of virtualized environments (e.g., CPU and memory hotplugging, memory ballooning) on IDS benchmarking measures such as capacity and attack detection accuracy. Finally, they outline future research directions in the area of benchmarking VMM-based IDSes and of intrusion detection in virtualized environments in general.

Aleksandar Milenkoski, Samuel Kounev, Alberto Avritzer, Nuno Antunes, and Marco Vieira. On Benchmarking Intrusion Detection Systems in Virtualized Environments. Technical Report SPEC-RG-2013-002 v.1.0, SPEC Research Group - IDS Benchmarking Working Group, Standard Performance Evaluation Corporation (SPEC), June 2013.

The technical report can be found here.