Title :
VICI Virtual Machine Introspection for Cognitive Immunity
Author :
Fraser, Timothy ; Evenson, Matthew R. ; Arbaugh, William A.
Abstract :
When systems are under constant attack, there is no time to restore those infected with malware to health manually--repair of infected systems must be fully automated and must occur within milliseconds. After detecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI Agent applies a collection of novel repair techniques to automatically restore infected kernels to a healthy state. The VICI Agent operates without manual intervention and uses a form of automated reasoning borrowed from robotics to choose its best repair technique based on its assessment of the current situation, its memory of past engagements, and the potential cost of each technique. Its repairs have proven effective in tests against a collection of common kernel-modifying rootkit techniques. Virtualized systems monitored by the VICI Agent experience a decrease in application performance of roughly 5%.
Keywords :
cognitive systems; inference mechanisms; invasive software; virtual machines; VICI; automated reasoning; cognitive immunity; malware; virtual machine introspection; virtualized systems; Application software; Application virtualization; Computer security; Control systems; Costs; Kernel; Manuals; Robotics and automation; Testing; Virtual machining; integrity; kernel integrity; kernel repair; kernel-modifying rootkits; rootkits; virtual machine introspection;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.33
