• DocumentCode
    2979458
  • Title

    Increasing attacker workload with virtual machines

  • Author

    Kuhn, Stephen ; Taylor, Stephen

  • Author_Institution
    Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
  • fYear
    2011
  • fDate
    7-10 Nov. 2011
  • Firstpage
    2176
  • Lastpage
    2181
  • Abstract
    Much of the traffic in modern computer networks is conducted between clients and servers, rather than client-to-client. As a result, servers represent a high-value target for collection and analysis of network traffic. The observe, orient, decide, and act (OODA) loop for network attack involves surveillance, to determine if a vulnerability is present, selection of an appropriate exploit, use of the exploit to gain access, and persistence for a time sufficient enough to carry out some effect. The time spent in surveillance and persistence may range from seconds to months depending upon the intent of the attack. This paper describes a novel hypervisor technology that increases attacker workload by denying the ability to carry out surveillance. It also denies persistence, even if the attack is successful and never detected.
  • Keywords
    computer network security; telecommunication traffic; virtual machines; attacker workload; clients; hypervisor technology; modern computer networks; network attack; network traffic; observe orient decide and act loop; servers; virtual machines; Bridges; IP networks; Surveillance; Virtual machine monitors; Virtual machining; Web servers; deny persistence; security; virtualiztion; web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
  • Conference_Location
    Baltimore, MD
  • ISSN
    2155-7578
  • Print_ISBN
    978-1-4673-0079-7
  • Type

    conf

  • DOI
    10.1109/MILCOM.2011.6127643
  • Filename
    6127643
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2979458