Virtual Machine Detection in Software Defined Networks

Abstract

In this thesis, we evaluate a means of determining whether or not a network host is a virtual machine from the perspective of a network administrator using software-defined networking infrastructure. Virtualization presents a user with a desktop and computing environment identical to what is normally expected while also permitting them to be unwittingly controlled from outside the desktop environment. The added complexity of virtual environments causes extra computing delays, which may be observed in traffic round-trip times. In this thesis, we demonstrate how the observed round-trip times may be used to determine which machines were virtualized and which were running natively directly atop the hardware. Two versions of the experiment were performed. The first substantiated that the approach was feasible. The second, using a more realistic software-defined networking infrastructure, showed that delay measurement must be done by methods that minimize unnecessary hops before measurement, though the experiment still succeeded in differentiating virtual machines in the majority of cases.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2018
Accession Number
AD1069489

Entities

People

  • Timothy D. Bihl

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Central Processing Units
  • Computer Networks
  • Computer Programming
  • Computers
  • Detection
  • Infrastructure
  • Network Architecture
  • Network Protocols
  • Networks
  • Operating Systems
  • Routing Protocols
  • Software Defined Networks
  • United States Naval Academy
  • Virtual Machines
  • Virtual Reality
  • Virtualization
  • Virtualization Software

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Theoretical Analysis.