A Vmm-based Intrusion Detection System

An intrusion detection system collects architectural level events from a Virtual Machine Monitor where the collected events represent operation of a corresponding Virtual Machine. The events are consolidated into features that are compared with features from a known normal operating system. If an amount of any differences between the collected features and the normal features exceeds a threshold value, a compromised Virtual Machine may be indicated. The comparison thresholds are determined by training on normal and abnormal systems and analyzing the collected events with machine learning algorithms to arrive at a model of normal operation.

Attached files:
WO 2009097610.jpg

Patents:
WO 2,009,097,610

Inventor(s): MOFFIE MICHA [US]; KAELI DAVID [US]; COHEN AVIRAM [US]; ASLAM JAVED [US]; ALSHAWABKEH MALAK [US]; DY JENNIFER [US]; AZMANDIAN FA

Type of Offer: Licensing



« More Data Processing Patents

Share on      


CrowdSell Your Patent