A Wingman for Virtual Appliances
Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised V...
Saved in:
| Published in | Runtime Verification Vol. 10548; pp. 390 - 399 |
|---|---|
| Main Authors | , , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2017
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3319675303 9783319675305 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-67531-2_25 |
Cover
Loading…
| Abstract | Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised VA; instead, it attempts to repair the VA, thereby minimizing potential downtime and state loss. This paper describes Wingman and summarizes experiments in which it detected and mitigated three types of malware within a web-server VA. For each attack, Wingman was able to defend the VA by bringing it to an acceptable state. |
|---|---|
| AbstractList | Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised VA; instead, it attempts to repair the VA, thereby minimizing potential downtime and state loss. This paper describes Wingman and summarizes experiments in which it detected and mitigated three types of malware within a web-server VA. For each attack, Wingman was able to defend the VA by bringing it to an acceptable state. |
| Author | Eide, Eric Johnson, David Hibler, Mike Nayak, Prashanth |
| Author_xml | – sequence: 1 givenname: Prashanth surname: Nayak fullname: Nayak, Prashanth – sequence: 2 givenname: Mike surname: Hibler fullname: Hibler, Mike – sequence: 3 givenname: David surname: Johnson fullname: Johnson, David – sequence: 4 givenname: Eric surname: Eide fullname: Eide, Eric email: eeide@cs.utah.edu |
| BookMark | eNqNkMtOw0AMRQcoiLb0D1jkBwbseB7JMqp4SZXY8FiOJpNJKYQkZNL_Z9oi2LKxJVvn2vfO2KTtWs_YJcIVAujrXGecOGHOlZaEPDWpPGIzipP9AI_ZFBUiJxL5yd8CaMKmQJDyXAs6Y7OoRkookHDOFiG8AwBmWoGWU5YUyeumXX_aNqm7IXnZDOPWNknR983Gts6HC3Za2yb4xU-fs-fbm6flPV893j0sixVfk8CRuwydFUpSLUHWsVRINnUAoqxsKlyOpXOowYOVVoCryQLJCJVVCVWmaM7Sg27oh_iQH0zZdR_BIJhdGiamYchEi2Zv3uzSiJA4QP3QfW19GI3fUc6342Ab92b70Q_BKIJ4GgyRNgLS_2JS5iAV_mLfCP5vzA |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing AG 2017 |
| Copyright_xml | – notice: Springer International Publishing AG 2017 |
| DBID | FFUUA |
| DEWEY | 004 |
| DOI | 10.1007/978-3-319-67531-2_25 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 3319675311 9783319675312 |
| EISSN | 1611-3349 |
| Editor | Reger, Giles Lahiri, Shuvendu |
| Editor_xml | – sequence: 1 fullname: Reger, Giles – sequence: 2 fullname: Lahiri, Shuvendu |
| EndPage | 399 |
| ExternalDocumentID | EBC6301700_337_402 EBC5590561_337_402 |
| GroupedDBID | 0D6 0DA 38. AABBV AALVI ABBVZ ABHTH ABQUB ACDJR ADCXD AEDXK AEJLV AEKFX AETDV AEZAY AGIGN AGYGE AIODD ALBAV ALMA_UNASSIGNED_HOLDINGS AZZ BATQV BBABE CVWCR CZZ FFUUA I4C IEZ SBO SWYDZ TPJZQ TSXQS Z5O Z7R Z7S Z7U Z7W Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z87 Z88 -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS AEFIE EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-g341t-c81ca4653f505ff50d13a2c004bda24c91bcc170e0a5a40cf3a03581cbdb0d863 |
| ISBN | 3319675303 9783319675305 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 19:46:58 EDT 2025 Thu May 29 16:14:28 EDT 2025 Thu May 29 00:18:41 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | QA76.758QA76.7-76.73 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-g341t-c81ca4653f505ff50d13a2c004bda24c91bcc170e0a5a40cf3a03581cbdb0d863 |
| OCLC | 1003646050 |
| PQID | EBC5590561_337_402 |
| PageCount | 10 |
| ParticipantIDs | springer_books_10_1007_978_3_319_67531_2_25 proquest_ebookcentralchapters_6301700_337_402 proquest_ebookcentralchapters_5590561_337_402 |
| PublicationCentury | 2000 |
| PublicationDate | 2017 |
| PublicationDateYYYYMMDD | 2017-01-01 |
| PublicationDate_xml | – year: 2017 text: 2017 |
| PublicationDecade | 2010 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesSubtitle | Programming and Software Engineering |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 17th International Conference, RV 2017, Seattle, WA, USA, September 13-16, 2017, Proceedings |
| PublicationTitle | Runtime Verification |
| PublicationYear | 2017 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Naor, Moni Mitchell, John C. Terzopoulos, Demetri Steffen, Bernhard Pandu Rangan, C. Kanade, Takeo Kittler, Josef Weikum, Gerhard Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard |
| SSID | ssj0001876075 ssj0002792 |
| Score | 2.0521252 |
| Snippet | Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 390 |
| SubjectTerms | Engine Repair Kernel Rootkits Malware Virtual Appliances (VA) Wingman |
| Title | A Wingman for Virtual Appliances |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=5590561&ppg=402 http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6301700&ppg=402 http://link.springer.com/10.1007/978-3-319-67531-2_25 |
| Volume | 10548 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELagLIiBtygvZWCrjJI4sZOxVIWqAqa26mY5tlMxEKS2LPx67tKEPFQJwWJFVh7OfY7z3dnfmZC72AtN7IeMciUMDVLr01gZTrWrPCUEszbfbOLllY-mwXgezqvMHrm6ZJ3c66-tupL_oAp1gCuqZP-A7M9NoQKOAV8oAWEoW-S3GWbdpIjFTR7ebW8GT0qLyFu9A-AXny0wRI8rCWdvy1wpkrNORLrh73ui5e-X8b5WxLAWtOo_NXxEhh8ZOCVu2Bj0gKpFW4fQ-qoJVDjhtR715Uaf3MxYHbh-szL_MQ4fBpxhXh5XMiZkgLk-d0UUdshefzh-nlUxMBiKgbKg5KZsJNskRaoaXZM7bmtTwzFozWXnFGFyRA5QNuKgngNaeUx2bHZCDstNM5xiDD0lTt8pcHEAF6fAxalwOSPTx-FkMKLFNhV0ARRgTXXkaYVp6lJgkykUxmPK19BPE6P8QMdeojVYw7oqVIGrU6ZczDqnE5O4JuLsnHSyj8xeEIerkDNrmIkUUG1hYx4KPxWaGwt-nY27hJZvK_PJ9GIFr96820qCf4guYWn3X89v4dQlvdKEEk9fyTKrNdheMgm2l7ntJdr-8o93vyL7VYe-Jp318tPeAKVbJ7dFz_gGi8ZEYQ |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Runtime+Verification&rft.atitle=A+Wingman+for+Virtual+Appliances&rft.date=2017-01-01&rft.pub=Springer+International+Publishing+AG&rft.isbn=9783319675305&rft.volume=10548&rft_id=info:doi/10.1007%2F978-3-319-67531-2_25&rft.externalDBID=402&rft.externalDocID=EBC6301700_337_402 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F5590561-l.jpg http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6301700-l.jpg |