{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:34:26Z","timestamp":1777703666947,"version":"3.51.4"},"reference-count":31,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2017,3,29]],"date-time":"2017-03-29T00:00:00Z","timestamp":1490745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"published-print":{"date-parts":[[2017,3,29]]},"abstract":"<jats:p>\n                    Cloud Security is of paramount importance in the new era of virtualization technology. Tenant Virtual Machine (VM) level security solutions can be easily evaded by modern attack techniques. Out-VM monitoring allows cloud administrator (CA) to monitor and control a VM from a secure location outside the VM. In this paper, we propose an out-VM monitoring based approach named as \u2018\n                    <jats:bold>P<\/jats:bold>\n                    rogram\n                    <jats:bold>S<\/jats:bold>\n                    emantic-Aware\n                    <jats:bold>I<\/jats:bold>\n                    ntrusion Detection at\n                    <jats:bold>Net<\/jats:bold>\n                    work and Hyper\n                    <jats:bold>visor<\/jats:bold>\n                    Layer\u2019 (\n                    <jats:italic>PSI-NetVisor<\/jats:italic>\n                    ) to detect attacks in both network and virtualization layer in cloud.\n                    <jats:italic>PSI-NetVisor<\/jats:italic>\n                    performs network monitoring by employing behavior based intrusion detection approach (BIDA) at the network layer of centralized Cloud Network Server (CNS); providing the first level of defense from attacks. It incorporates semantic awareness in the intrusion detection approach and enables it to provide network monitoring and process monitoring at the hypervisor layer of Cloud Compute Server (CCoS); providing the second level of defense from attacks.\n                    <jats:italic>PSI-NetVisor<\/jats:italic>\n                    employs Virtual Machine Introspection (VMI) libraries based on software break point injection to extract process execution traces from hypervisor. It further applies depth first search (DFS) to construct program semantics from control flow graph of execution traces. It applies dynamic analysis and machine learning approaches to learn the behavior of anomalies which makes it secure from obfuscation and encryption based attacks.\n                    <jats:italic>PSI-NetVisor<\/jats:italic>\n                    has been validated with latest intrusion datasets (UNSW-NB &amp; Evasive Malware) collected from research centers and results seem to be promising.\n                  <\/jats:p>","DOI":"10.3233\/jifs-169234","type":"journal-article","created":{"date-parts":[[2017,3,31]],"date-time":"2017-03-31T18:21:51Z","timestamp":1490984511000},"page":"2909-2921","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":14,"title":["PSI-NetVisor: Program semantic aware intrusion detection at network and hypervisor layer in cloud"],"prefix":"10.1177","volume":"32","author":[{"given":"Preeti","family":"Mishra","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanuel S.","family":"Pilli","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vijay","family":"Varadharajan","sequence":"additional","affiliation":[{"name":"Department of Computing, Faculty of Science, Macquarie University, Sydney, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Udaya","family":"Tupakula","sequence":"additional","affiliation":[{"name":"Department of Computing, Faculty of Science, Macquarie University, Sydney, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2017,3,29]]},"reference":[{"key":"e_1_3_1_2_2","first-page":"602","article-title":"An experimental evaluation to determine if port scans are precursors to an attack","author":"Panjwani S.","year":"2005","unstructured":"PanjwaniS., TanS., JarrinK.M. and CukierM., An experimental evaluation to determine if port scans are precursors to an attack, in: International Conference on Dependable Systems and Networks (DSN\u201905), IEEE, 2005, pp. 602\u2013611.","journal-title":"International Conference on Dependable Systems and Networks (DSN\u201905)"},{"key":"e_1_3_1_3_2","first-page":"43","article-title":"Simplifying virtual machine introspection using libvmi","author":"Payne B.D.","year":"2012","unstructured":"PayneB.D., Simplifying virtual machine introspection using libvmi, Sandia Report (2012), 43\u201344.","journal-title":"Sandia Report"},{"key":"e_1_3_1_4_2","first-page":"67","article-title":"A novel framework for intrusion detection in cloud","author":"Modi C.","year":"2012","unstructured":"ModiC., PatelD., BorisanyaB., PatelA. and RajarajanM., A novel framework for intrusion detection in cloud, in: Proceedings of the Fifth International Conference on Security of Information and Networks, ACM, 2012, pp. 67\u201374.","journal-title":"Proceedings of the Fifth International Conference on Security of Information and Networks, ACM"},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1007\/s11277-014-2136-x","article-title":"An immediate system call sequence based approach for detecting malicious program executions in cloud environment","volume":"81","author":"Gupta S.","year":"2015","unstructured":"GuptaS. and KumarP., An immediate system call sequence based approach for detecting malicious program executions in cloud environment, Wireless Personal Communications81 (2015), 405\u2013425.","journal-title":"Wireless Personal Communications"},{"key":"e_1_3_1_6_2","first-page":"211","article-title":"Detecting anomalies in IaaS environments through virtual machine host system call analysis","author":"Alarifi S.S.","year":"2012","unstructured":"AlarifiS.S. and WolthusenS.D., Detecting anomalies in IaaS environments through virtual machine host system call analysis, in: International Conference for Internet Technology And Secured Transactions, IEEE, 2012, pp. 211\u2013218.","journal-title":"International Conference for Internet Technology And Secured Transactions, IEEE"},{"key":"e_1_3_1_7_2","first-page":"729","article-title":"Intrusion detection in the cloud","author":"Roschke S.","year":"2009","unstructured":"RoschkeS., ChengF. and MeinelC., Intrusion detection in the cloud, in: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE, 2009, pp. 729\u2013734.","journal-title":"Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE"},{"key":"e_1_3_1_8_2","first-page":"471","article-title":"Maitland: Lighter-weight VM introspection to support cyber-security in the cloud","author":"Benninger C.","year":"2012","unstructured":"BenningerC., NevilleS.W., YazirY.O., MatthewsC. and CoadyY., Maitland: Lighter-weight VM introspection to support cyber-security in the cloud, in: IEEE 5th International Conference on Cloud Computing (CLOUD), IEEE, 2012, pp. 471\u2013478.","journal-title":"IEEE 5th International Conference on Cloud Computing (CLOUD), IEEE"},{"key":"e_1_3_1_9_2","first-page":"385","article-title":"Secure and flexible monitoring of virtual machines","author":"Payne B.D.","year":"2007","unstructured":"PayneB.D., MartimD.D.A. and LeeW., Secure and flexible monitoring of virtual machines, in: Twenty-Third Annual Computer Security Applications Conference, IEEE, 2007, pp. 385\u2013397.","journal-title":"Twenty-Third Annual Computer Security Applications Conference, IEEE"},{"key":"e_1_3_1_10_2","first-page":"56","article-title":"NvCloudIDS: A security architecture to detect intrusions at network and virtualization layer in cloud environment","author":"Mishra P.","year":"2016","unstructured":"MishraP., PilliE.S., VaradharajanV. and TupakulaU., NvCloudIDS: A security architecture to detect intrusions at network and virtualization layer in cloud environment, in: International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2016, pp. 56\u201362.","journal-title":"International Conference on Advances in Computing, Communications and Informatics (ICACCI)"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"e_1_3_1_12_2","first-page":"338","volume-title":"International Workshop on Recent Advances in Intrusion Detection","author":"Lindorfer M.","year":"2011","unstructured":"LindorferM., KolbitschC. and ComparettiP.M., Detecting environment-sensitive malware, in: International Workshop on Recent Advances in Intrusion Detection, Springer, 2011, pp. 338\u2013357."},{"key":"e_1_3_1_13_2","first-page":"744","article-title":"Intrusion detection techniques for infrastructure as a service cloud","author":"Tupakula U.","year":"2011","unstructured":"TupakulaU., VaradharajanV. and AkkuN., Intrusion detection techniques for infrastructure as a service cloud, in: IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing IEEE, 2011, pp. 744\u2013751.","journal-title":"IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing IEEE"},{"key":"e_1_3_1_14_2","first-page":"249","article-title":"Efficient and effective NIDS for cloud virtualization environment","author":"Lin C.H.","year":"2012","unstructured":"LinC.H., TienC.W. and PaoH.K., Efficient and effective NIDS for cloud virtualization environment, in: IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), IEEE, 2012, pp. 249\u2013254.","journal-title":"IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), IEEE"},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/1455770.1455779","article-title":"Ether: Malware analysis via hardware virtualization extensions","author":"Dinaburg A.","year":"2008","unstructured":"DinaburgA., RoyalP., SharifM. and LeeW., Ether: Malware analysis via hardware virtualization extensions, in: Proceedings of the 15th ACM Conference on Computer and Communications Security, ACM, 2008, pp. 51\u201362.","journal-title":"Proceedings of the 15th ACM Conference on Computer and Communications Security, ACM"},{"key":"e_1_3_1_16_2","unstructured":"JacobsonV. LeresC. and McCanneS. TCPDUMP Public Repository in 2003. Available: http:\/\/www.tcpdump.org"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1125974"},{"key":"e_1_3_1_18_2","volume-title":"Feature Extraction: Foundations and Applications","author":"Nikravesh M.","year":"2006","unstructured":"NikraveshM., GuyonI., GunnS. and ZadehL., Feature Extraction: Foundations and Applications, in, Springer, 2006."},{"key":"e_1_3_1_19_2","doi-asserted-by":"crossref","first-page":"386","DOI":"10.1145\/2664243.2664252","article-title":"Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system","author":"Lengyel T.K.","year":"2014","unstructured":"LengyelT.K., MarescaS., PayneB.D., WebsterG.D., VoglS. and KiayiasA., Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system, in: Proceedings of the 30th Annual Computer Security Applications Conference, ACM, 2014, pp. 386\u2013395.","journal-title":"Proceedings of the 30th Annual Computer Security Applications Conference, ACM"},{"key":"e_1_3_1_20_2","unstructured":"Microsoft Rekall: Memory Forensics and Analysis Framework (2014). Available: http:\/\/www.rekall-forensic.com"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1002\/0470011815.b2a14021"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1016\/S0020-0190(00)00051-X","article-title":"Path-based depth-first search for strong and biconnected components","volume":"74","author":"Gabow H.N.","year":"2000","unstructured":"GabowH.N., Path-based depth-first search for strong and biconnected components, Information Processing Letters74 (2000), 107\u2013114.","journal-title":"Information Processing Letters"},{"key":"e_1_3_1_23_2","unstructured":"PottsC.M. and KrebsbachK.D. Iterative-Expansion A in: FLAIRS Conference 2012."},{"key":"e_1_3_1_24_2","unstructured":"ACCS The UNSW-NB15 data set description (2015). Available: https:\/\/www.unsw.adfa.edu.au\/australian-centreforcyber-security\/cybersecurity\/ADFA-NB15-Datasets\/"},{"key":"e_1_3_1_25_2","first-page":"287","article-title":"Barecloud: Bare-metal analysis-based evasive malware detection","author":"Kirat D.","year":"2014","unstructured":"KiratD., VignaG. and KruegelC., Barecloud: Bare-metal analysis-based evasive malware detection, in: 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 287\u2013301.","journal-title":"23rd USENIX Security Symposium (USENIX Security 14)"},{"key":"e_1_3_1_26_2","volume-title":"Applied logistic regression","author":"Hosmer D.W.","year":"2004","unstructured":"HosmerD.W.Jr and LemeshowS., Applied logistic regression, John Wiley Sons, 2004."},{"key":"e_1_3_1_27_2","unstructured":"MitchellT.M. Machine learning. 1997 Burr Ridge IL: Mc-Graw Hill 45 1997."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-985X.2010.00646_6.x"},{"key":"e_1_3_1_29_2","unstructured":"JonesR. Libguestfs: Tools for Accessing and Modifying Virtual Machine Disk Images (2016). Available: http:\/\/libguestfs.org\/"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11036-015-0644-x"},{"key":"e_1_3_1_31_2","unstructured":"UNM UNM Dataset (1998). Available: http:\/\/www.cs.unm.edu\/immsec\/systemcalls.htm"},{"key":"e_1_3_1_32_2","unstructured":"UCI KDD Cup 1999 Data (1999). Available: http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169234","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-169234","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:39:16Z","timestamp":1777455556000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-169234"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,3,29]]},"references-count":31,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,3,29]]}},"alternative-id":["10.3233\/JIFS-169234"],"URL":"https:\/\/doi.org\/10.3233\/jifs-169234","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,3,29]]}}}