VICI Virtual Machine Introspection for Cognitive Immunity

VICI Virtual Machine Introspection for Cognitive Immunity

When systems are under constant attack, there is no time to restore those infected with malware to health manually--repair of infected systems must be fully automated and must occur within milliseconds. After detecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Fraser, T., Evenson, M.R., Arbaugh, W.A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
Application virtualization
Computer security
Control systems
Costs
integrity
Kernel
kernel integrity
kernel repair
kernel-modifying rootkits
Manuals
Robotics and automation
rootkits
Testing
virtual machine introspection
Virtual machining
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:When systems are under constant attack, there is no time to restore those infected with malware to health manually--repair of infected systems must be fully automated and must occur within milliseconds. After detecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI Agent applies a collection of novel repair techniques to automatically restore infected kernels to a healthy state. The VICI Agent operates without manual intervention and uses a form of automated reasoning borrowed from robotics to choose its best repair technique based on its assessment of the current situation, its memory of past engagements, and the potential cost of each technique. Its repairs have proven effective in tests against a collection of common kernel-modifying rootkit techniques. Virtualized systems monitored by the VICI Agent experience a decrease in application performance of roughly 5%.
ISSN:1063-9527
2576-9103
DOI:10.1109/ACSAC.2008.33