Network-based Intrusion Detection System For Virtual Machine

Intrusion Detection System (IDS) through collecting and analyzing information from network and Host to check whether there are some signs about attacks. Research in security had proved that it's an effective method to protect computer system security. But the appearance of Virtual Machine (VM) changes the architecture of computer and makes the traditional IDS technology no longer as effective as it was before. That's why we focus on the Intrusion Detection technology on Virtual Machine environment.Virtual Machine technology is implemented through software. By use VM technology, a single-host hardware platform can support multiple, isolated guest operation system environments simultaneously. The change of architecture makes the traditional intrusion detection system no longer works very well. If we use the isolation character of the VM, then we can deploy our IDS in one domain which can get the checking information from other domain, even the domain which be checked is corrupted.Network-based Intrusion Detection System for Virtual Machine Environment is a novel approach to implement the traditional network-based IDS in virtual machine environment. Firstly, we get the network packets from the virtual bridge which is a virtual device in virtual machine used to transmit packets from physical device to virtual interface .Considering of the DHCP, virtual machine's IP address is variable, and so we use the MAC address to identify a virtual machine's network interface. Secondly, through deploy the VNIDS in a domain which is isolated to other domain, we implement a security IDS. Thirdly, VNIDS use the communication mechanism of XEN virtual machine implement a message channel to send the alert and control information from the VNIDS domain to the other domain, which is more effective than traditional method.The real system test shows that VNIDS has a complete function implement about what provide an IDS which is suitable to the virtual machine environment. Meanwhile, its efficiency is higher than the traditional IDS.