This paper presents an innovative approach to detecting and preventing hopping attacks in virtualized environments using Support Vector Machines (SVM) and XGBoost. Hopping attacks occur when attackers exploit vulnerabilities to laterally move between virtual machines (VMs), compromising the security of cloud infrastructures. The proposed solution utilizes SVM for real-time anomaly detection by monitoring VM logs, network traffic, and resource usage, while XGBoost is employed for feature selection, enhancing the detection accuracy. The model identifies unusual inter-VM communication and abnormal resource usage patterns, allowing for immediate countermeasures, such as VM isolation and network restriction, to prevent further lateral movement. The system continuously adapts through a feedback loop, learning from new data and evolving attack patterns. Experimental results demonstrate the effectiveness of this hybrid approach in significantly improving detection rates and minimizing false positives, ensuring robust VM protection. The proposed method offers a scalable and proactive defense against advanced hopping attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Proactive Hopping Attack Prevention in Virtualized Environments Using SVM and XGBoost

  • S. Mahipal,
  • P. V. Ramanaiah,
  • Rooby M,
  • Deepa Mathew,
  • Sri Lavanya Sajja,
  • Chinchu M. John

摘要

This paper presents an innovative approach to detecting and preventing hopping attacks in virtualized environments using Support Vector Machines (SVM) and XGBoost. Hopping attacks occur when attackers exploit vulnerabilities to laterally move between virtual machines (VMs), compromising the security of cloud infrastructures. The proposed solution utilizes SVM for real-time anomaly detection by monitoring VM logs, network traffic, and resource usage, while XGBoost is employed for feature selection, enhancing the detection accuracy. The model identifies unusual inter-VM communication and abnormal resource usage patterns, allowing for immediate countermeasures, such as VM isolation and network restriction, to prevent further lateral movement. The system continuously adapts through a feedback loop, learning from new data and evolving attack patterns. Experimental results demonstrate the effectiveness of this hybrid approach in significantly improving detection rates and minimizing false positives, ensuring robust VM protection. The proposed method offers a scalable and proactive defense against advanced hopping attacks.