VNSecure: An explainable virtual network attack detection framework at VMM-Layer in virtualization environment

VNSecure: An explainable virtual network attack detection framework at VMM-Layer in virtualization environment

연구 분야: Cryptography

학회: IC3-2023: Proceedings of the 2023 Fifteenth International Conference on Contemporary Computing

In recent years, virtualization has become popular with the usage of emerging technologies in different domains. With the increasing number of attacking incidents in recent times, virtualization security has become one of the primary focus of research. The traditional network attack detection systems are inefficient enough to detect attacks over the virtual network. In this paper, we have proposed a virtual network security framework, called VNSecure that detects malicious network activities by analyzing virtual machine (VM) traffic profile. VNsecure operates on a hypervisor layer and has access to both underlying hardware and guest operating system. It does VM-level activity analysis from the privileged domain of the hypervisor, serving as the main line of defense against intrusions at the virtual network level. Initially, VM traffic validation is performed to detect spoofing attacks by analyzing the traffic captured at the backend driver of the virtual network interface of the monitored VM. To perform detailed behavior analysis, a deep learning approach is used to learn and detect VM-specific network attacks. On detection of malicious traffic, an alert is raised to the administrator. VNSecure then carries out essential mitigation to lower the risk and store the occurrence of malicious packets in its database. One public dataset and one self-generated attack dataset have been used to validate all the modules of the proposed framework and the results seem to be promising.