Research On The Technology Of Interdomain Communication Support In VM-Honey Based Intrude Detect System

In recent years the rapid development of computer hardware has successfully supported and improved the development of virtual machine. As the disadvantage performance of virtual machine has been constantly shrinking, virtual machine begins to adapt for more and more special fields. Referring to the virtual machine's characteristics——high isolation, high availability and easy management, this paper aims to explore the virtual machine's application in security direction.Through studying current research status of virtual machine and security, the article establishes a new secure model——VM-Honey based intrude detect system. It uses virtual machine to enhance the capability of examining attack by integrating traditional IDS and Honeypot which can complement each other. As virtual machine wasn't designed for security at the beginning, this paper focuses on how to add or modify virtual machine to adapt to this secure system. It designs a set of interdomain communication technologies to facilely integrate the both secure system, in addition, test and evaluate this communications technology. For Xen's advantages fit the requirement of security research, this article mainly studies this virtual machine.Following the complete analysis of the framework, code of Xen and both of the secure systems' advantages and disadvantages, the paper establishes the secure model, which combines virtual machine with the two secure systems Honeypot and the advantages of IDS security cognitive ability. To achieve this goal, the article deeply analyses a series of mechanism about the Xen on interdomain communications, and proposes a high performance and flexible algorithm about interdomain short message transmission. In addition, it does a corresponding evaluation work. The paper presents a series of key technologies which design for a more efficient, flexible, and secure interdomain communication mechanism according to the algorithm. Having analyzed some common Honeypot and IDS systems, the paper selects the appropriate Honeypot and IDS as a basic module to design a new module used for the system. It modifies part of the codes of Honeypot and IDS to fit the secure system, and applies the interdomain communication system to the secure system to become a new powerful secure system.The work is supported by 863 (2006AA01Z188), and it has both academic and realistic significance to the research of interdomain communication in VM-Honey Based Intrude Detect System.