Technical Report on Benchmarking Intrusion Detection Systems in Virtualized Environments Published
Wednesday, July 10, 2013 04:00
The SPEC RG IDS Benchmarking Working Group has published a technical report on benchmarking intrusion detection systems (IDSes) in virtualized environments, i.e., VMM(Virtual Machine Monitor)-based IDSes.
In this work, the authors analyze state-of-the-art intrusion detection
techniques applied in virtualized environments and architectures of
VMM-based IDSes. Further, they identify challenges that apply
specifically to benchmarking VMM-based IDSes focussing on workloads and
metrics. For example, the challenge of defining representative baseline
benign workload profiles as well as defining malicious workloads
containing attacks targeted at the VMM are discussed. The authors also
discuss the impact of on-demand resource provisioning features of
virtualized environments (e.g., CPU and memory hotplugging, memory
ballooning) on IDS benchmarking measures such as capacity and attack
detection accuracy. Finally, they outline future research directions in
the area of benchmarking VMM-based IDSes and of intrusion detection in
virtualized environments in general.
Aleksandar Milenkoski, Samuel Kounev, Alberto Avritzer, Nuno Antunes, and Marco Vieira. On Benchmarking Intrusion Detection Systems in Virtualized Environments. Technical Report SPEC-RG-2013-002 v.1.0, SPEC Research Group - IDS Benchmarking Working Group, Standard Performance Evaluation Corporation (SPEC), June 2013.
The technical report can be found here.