A Wingman for Virtual Appliances

Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised V...

Full description

Saved in:
Bibliographic Details
Published inRuntime Verification Vol. 10548; pp. 390 - 399
Main Authors Nayak, Prashanth, Hibler, Mike, Johnson, David, Eide, Eric
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2017
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Engine Repair
Kernel Rootkits
Malware
Virtual Appliances (VA)
Wingman
Online AccessGet full text
ISBN3319675303
9783319675305
ISSN0302-9743
1611-3349
DOI10.1007/978-3-319-67531-2_25

Cover

More Information
Summary:Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised VA; instead, it attempts to repair the VA, thereby minimizing potential downtime and state loss. This paper describes Wingman and summarizes experiments in which it detected and mitigated three types of malware within a web-server VA. For each attack, Wingman was able to defend the VA by bringing it to an acceptable state.
ISBN:3319675303
9783319675305
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-67531-2_25