Quantifying the Attack Detection Accuracy of Intrusion Detection Systems in Virtualized Environments
2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) (2016)
Ottawa, Ontario, Canada
Oct. 23, 2016 to Oct. 27, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISSRE.2016.39
With the widespread adoption of virtualization, intrusion detection systems (IDSes) are increasingly being deployed in virtualized environments. When securing an environment, IT security officers are often faced with the question of how accurate deployed IDSes are at detecting attacks. To this end, metrics for assessing the attack detection accuracy of IDSes have been developed. However, these metrics are defined with respect to a fixed set of hardware resources available to the tested IDS. Therefore, IDSes deployed in virtualized environments featuring elasticity (i.e., on-demand allocation or deallocation of virtualized hardware resources during system operation) cannot be evaluated in an accurate manner using existing metrics. In this paper, we demonstrate the impact of elasticity on IDS attack detection accuracy. In addition, we propose a novel metric and measurement methodology for accurately quantifying the accuracy of IDSes deployed in virtualized environments featuring elasticity. We demonstrate their practical use through case studies involving commonly used IDSes.
Measurement, Elasticity, Virtual machine monitors, Hardware, Transient analysis, Intrusion detection
A. Milenkoski, K. R. Jayaram, N. Antunes, M. Vieira and S. Kounev, "Quantifying the Attack Detection Accuracy of Intrusion Detection Systems in Virtualized Environments," 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), Ottawa, Ontario, Canada, 2016, pp. 276-286.