A Vmm-based Intrusion Detection System
An intrusion detection system collects architectural level events from a Virtual Machine Monitor where the collected events represent operation of a corresponding Virtual Machine. The events are consolidated into features that are compared with features from a known normal operating system. If an amount of any differences between the collected features and the normal features exceeds a threshold value, a compromised Virtual Machine may be indicated. The comparison thresholds are determined by training on normal and abnormal systems and analyzing the collected events with machine learning algorithms to arrive at a model of normal operation.
Attached files:Patents:WO 2,009,097,610
Inventor(s):
MOFFIE MICHA [US]; KAELI DAVID [US]; COHEN AVIRAM [US]; ASLAM JAVED [US]; ALSHAWABKEH MALAK [US]; DY JENNIFER [US]; AZMANDIAN FA
Type of Offer:
Licensing
« More Data Processing Patents