Document Type
Conference Proceeding
Publication Date
1-2013
Abstract
This paper presents a methodology for signaling potentially malicious insider behavior using virtual machine introspection (VMI). VMI provides a novel means to detect potential malicious insiders because the introspection tools remain transparent and inaccessible to the guest and are extremely difficult to subvert. This research develops a four step methodology for development and validation of malicious insider threat alerting using VMI. A malicious attacker taxonomy is used to decompose each scenario to aid identification of observables for monitoring for potentially malicious actions. The effectiveness of the identified observables is validated using two data sets. Results of the research show the developed methodology is effective in detecting the malicious insider scenarios on Windows guests.
DOI
10.1109/HICSS.2013.278
Source Publication
2013 46th Hawaii International Conference on System Sciences (HICSS)
Recommended Citation
M. Crawford and G. Peterson, "Insider Threat Detection Using Virtual Machine Introspection," 2013 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, 2013, pp. 1821-1830, doi: 10.1109/HICSS.2013.278.
Comments
© 2013 IEEE. All rights reserved. AFIT Scholar furnishes the draft version of this conference paper. The published version of record is available from IEEE via subscription at the DOI link in the citation below.