Constructing a Cloud-Based IDS by Merging VMI with FMA

Harrison, C. G. A.; Cook, Devin; McGraw, Robert M.; Hamilton, John A.

doi:10.1109/trustcom.2012.113

Cited by 14 publications

(7 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, researchers have focused on leveraging properties of virtualization technology as security features. Forensic Memory Analysis (FMA) [13] utilizes VMI to pull information from memory of guest VMs through VMM, then generates high-level semantics (e.g. active processes, loaded kernel modules, system calls and network connections etc.)…”

Section: Forensic Memory Analysismentioning

confidence: 99%

A Digital Forensic Framework for Cloud Based on VMI

Yang¹,

Ren²,

Bai³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. Traditional digital forensic methods become exceedingly feeble in cloud due to the fact that the basic infrastructure turns to virtualized environment. Leveraging properties of virtualization, virtual machine introspection has showed potential for cloud forensic. In this paper, we propose a novel framework, which contains a trustworthy independent agency, to provide memory digital forensic analysis (DFA) for virtual machines (VMs) in cloud. With the assistance of cloud platform, memory dump files can be obtained and transferred to the agency for further DFA, where information of VMs can be extracted using the proper tools. We described the constructional design of the framework. Test results showed the versatility of DFA and ability of malware detection. The framework indicates DFA can be purchased as a service only when there is a need in order to reduce the expenditures on maintaining exclusive facility and furnish standard procedure to multiple cloud platforms.

show abstract

Section: Forensic Memory Analysismentioning

confidence: 99%

A Digital Forensic Framework for Cloud Based on VMI

Yang¹,

Ren²,

Bai³

et al. 2017

dtcse

View full text Add to dashboard Cite

show abstract

“…In addition, it can be difficult to introspect processes which are mapped across different locations in memory. [9] incorporated VMI with forensic memory analysis (FMA) and machine learning to implement a malware detection scheme. It monitors the guest VM's memory activities over a period of time.…”

Section: Signature-based Detection Using Vmimentioning

confidence: 99%

Virtual Machine Introspection

Win

Tianfield

Mair

et al. 2014

Proceedings of the 7th International Conference on Security of Information and Networks

View full text Add to dashboard Cite

“…Path-breaking applications of VMI have been developed in relation to cloud security, cloud intrusion detection and cloud access management. There are evidences of intrusion detection systems and rootkit detection methods which have been proved effective only because of use of VMI in their implementation [4][5][6].…”

Section: Introductionmentioning

confidence: 99%

Virtual machine introspection: towards bridging the semantic gap

Tapaswi

2014

J Cloud Comp

View full text Add to dashboard Cite

Virtual machine introspection is a technique used to inspect and analyse the code running on a given virtual machine. Virtual machine introspection has gained considerable attention in the field of computer security research. In recent years, it has been applied in various areas, ranging from intrusion detection and malware analysis to complete cloud monitoring platforms. A survey of existing virtual machine introspection tools is necessary to address various possible research gaps and to focus on key features required for wide application of virtual machine introspection techniques. In this paper, we focus on the evolution of virtual machine introspection tools and their ability to address the semantic gap problem.

show abstract

Constructing a Cloud-Based IDS by Merging VMI with FMA

Cited by 14 publications

References 26 publications

A Digital Forensic Framework for Cloud Based on VMI

A Digital Forensic Framework for Cloud Based on VMI

Virtual Machine Introspection

Virtual machine introspection: towards bridging the semantic gap

Contact Info

Product

Resources

About