Virtual memory introspection framework for cyber threat detection in virtual environment Article

Upadhyay, H, Gohel, H, Pons, A et al. (2018). Virtual memory introspection framework for cyber threat detection in virtual environment . 3(1), 25-29. 10.25046/aj030104

cited authors

  • Upadhyay, H; Gohel, H; Pons, A; Lagos, L

abstract

  • In today's information based world, it is increasingly important to safeguard the data owned by any organization, be it intellectual property or personal information. With ever increasing sophistication of malware, it is imperative to come up with an automated and advanced methods of attack vector recognition and isolation. Existing methods are not dynamic enough to adapt to the behavioral complexity of new malware. Widely used operating systems, especially Linux, have a popular perception of being more secure than other operating systems (e.g. Windows), but this is not necessarily true. The open source nature of the Linux operating system is a double edge sword; malicious actors having full access to the kernel code does not reassure the IT world of Linux's vulnerabilities. Recent widely reported hacking attacks on reputable organizations have mostly been on Linux servers. Most new malwares are able to neutralize existing defenses on the Linux operating system. A radical solution for malware detection is needed - one which cannot be detected and damaged by malicious code. In this paper, we propose a novel framework design that uses virtualization to isolate and monitor Linux environments. The framework uses the well-known Xen hypervisor to host server environments and uses a Virtual Memory Introspection framework to capture process behavior. The behavioral data is analyzed using sophisticated machine learning algorithms to flag potential cyber threats. The framework can be enhanced to have self-healing properties: any compromised hosts are immediately replaced by their uncompromised versions, limiting the exposure to the wider enterprise network.

publication date

  • January 1, 2018

Digital Object Identifier (DOI)

start page

  • 25

end page

  • 29

volume

  • 3

issue

  • 1