DocumentCode :
1943628
Title :
VICI Virtual Machine Introspection for Cognitive Immunity
Author :
Fraser, Timothy ; Evenson, Matthew R. ; Arbaugh, William A.
fYear :
2008
fDate :
8-12 Dec. 2008
Firstpage :
87
Lastpage :
96
Abstract :
When systems are under constant attack, there is no time to restore those infected with malware to health manually--repair of infected systems must be fully automated and must occur within milliseconds. After detecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI Agent applies a collection of novel repair techniques to automatically restore infected kernels to a healthy state. The VICI Agent operates without manual intervention and uses a form of automated reasoning borrowed from robotics to choose its best repair technique based on its assessment of the current situation, its memory of past engagements, and the potential cost of each technique. Its repairs have proven effective in tests against a collection of common kernel-modifying rootkit techniques. Virtualized systems monitored by the VICI Agent experience a decrease in application performance of roughly 5%.
Keywords :
cognitive systems; inference mechanisms; invasive software; virtual machines; VICI; automated reasoning; cognitive immunity; malware; virtual machine introspection; virtualized systems; Application software; Application virtualization; Computer security; Control systems; Costs; Kernel; Manuals; Robotics and automation; Testing; Virtual machining; integrity; kernel integrity; kernel repair; kernel-modifying rootkits; rootkits; virtual machine introspection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
ISSN :
1063-9527
Print_ISBN :
978-0-7695-3447-3
Type :
conf
DOI :
10.1109/ACSAC.2008.33
Filename :
4721547
Link To Document :
بازگشت