{"title":"Efficient hashing technique for malicious profile detection at hypervisor environment","authors":"Anumukonda Naga Seshu Kumar, Rajesh Kumar Yadav, Nallanthighal Srinivasa Raghava","doi":"10.1007/s00607-024-01325-7","DOIUrl":null,"url":null,"abstract":"<p>Attack detection in cyber security systems is one of the complex tasks which require domain specific knowledge and cognitive intelligence to detect novel and unknown attacks from large scale network data. This research explores how the network operations and network security affects the detection of unknown attacks in network systems. A hash based profile matching technique is presented in this paper for attack detection. The main objective of this work is to detect unknown attacks using a profile matching approach in Hypervisors. Hypervisors are characterized by their versatile nature since they allow the utilization of available system resources. The virtual machines (VMs) in the hypervisors are not dependent on the host hardware and as a result, hypervisors are considered advantageous. In addition, hypervisors have direct access to the hardware resources such as memory, storage and processors. However, hypervisors are more susceptible to the security threats which attack each and every VM. A SHA3-512 hashing algorithm used for generating hash values in hypervisor and the proposed model is used to verify whether the profile is malicious or benign. The performance of the hashbased profile matching technique is compared with traditional hash techniques namely SHA-256 and MD5 algorithm. Results show that the proposed SHA3-512 algorithm achieves a phenomenal performance in terms of phenomenal accuracy and zero false positive rates. Simulation results also show that the computation time required by Sha3-512 algorithm is lower compared to SHA-256 and MD5 algorithms. The performance analysis validates that the hash based approach achieves reliable performance for attack detection. The effectiveness of the hashing technique was determined using three different evaluation metrics namely attack DR, FPR, and computational time. Simulation results show that the existing SHA3- 512 algorithm detection rate of 97.24% with zero false positive rate and faster computational time compared to SHA 256 and MD5 algorithms.</p>","PeriodicalId":10718,"journal":{"name":"Computing","volume":"6 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00607-024-01325-7","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
Attack detection in cyber security systems is one of the complex tasks which require domain specific knowledge and cognitive intelligence to detect novel and unknown attacks from large scale network data. This research explores how the network operations and network security affects the detection of unknown attacks in network systems. A hash based profile matching technique is presented in this paper for attack detection. The main objective of this work is to detect unknown attacks using a profile matching approach in Hypervisors. Hypervisors are characterized by their versatile nature since they allow the utilization of available system resources. The virtual machines (VMs) in the hypervisors are not dependent on the host hardware and as a result, hypervisors are considered advantageous. In addition, hypervisors have direct access to the hardware resources such as memory, storage and processors. However, hypervisors are more susceptible to the security threats which attack each and every VM. A SHA3-512 hashing algorithm used for generating hash values in hypervisor and the proposed model is used to verify whether the profile is malicious or benign. The performance of the hashbased profile matching technique is compared with traditional hash techniques namely SHA-256 and MD5 algorithm. Results show that the proposed SHA3-512 algorithm achieves a phenomenal performance in terms of phenomenal accuracy and zero false positive rates. Simulation results also show that the computation time required by Sha3-512 algorithm is lower compared to SHA-256 and MD5 algorithms. The performance analysis validates that the hash based approach achieves reliable performance for attack detection. The effectiveness of the hashing technique was determined using three different evaluation metrics namely attack DR, FPR, and computational time. Simulation results show that the existing SHA3- 512 algorithm detection rate of 97.24% with zero false positive rate and faster computational time compared to SHA 256 and MD5 algorithms.
期刊介绍:
Computing publishes original papers, short communications and surveys on all fields of computing. The contributions should be written in English and may be of theoretical or applied nature, the essential criteria are computational relevance and systematic foundation of results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
