Title :
Increasing attacker workload with virtual machines
Author :
Kuhn, Stephen ; Taylor, Stephen
Author_Institution :
Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
Abstract :
Much of the traffic in modern computer networks is conducted between clients and servers, rather than client-to-client. As a result, servers represent a high-value target for collection and analysis of network traffic. The observe, orient, decide, and act (OODA) loop for network attack involves surveillance, to determine if a vulnerability is present, selection of an appropriate exploit, use of the exploit to gain access, and persistence for a time sufficient enough to carry out some effect. The time spent in surveillance and persistence may range from seconds to months depending upon the intent of the attack. This paper describes a novel hypervisor technology that increases attacker workload by denying the ability to carry out surveillance. It also denies persistence, even if the attack is successful and never detected.
Keywords :
computer network security; telecommunication traffic; virtual machines; attacker workload; clients; hypervisor technology; modern computer networks; network attack; network traffic; observe orient decide and act loop; servers; virtual machines; Bridges; IP networks; Surveillance; Virtual machine monitors; Virtual machining; Web servers; deny persistence; security; virtualiztion; web services;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4673-0079-7
DOI :
10.1109/MILCOM.2011.6127643
