Patent Number: 8,719,936

Title: VMM-based intrusion detection system

Abstract: An intrusion detection system collects architectural level events from a Virtual Machine Monitor where the collected events represent operation of a corresponding Virtual Machine. The events are consolidated into features that are compared with features from a known normal operating system. If an amount of any differences between the collected features and the normal features exceeds a threshold value, a compromised Virtual Machine may be indicated. The comparison thresholds are determined by training on normal and abnormal systems and analyzing the collected events with machine learning algorithms to arrive at a model of normal operation.

Inventors: Moffie; Micha (Somerville, MA), Kaeli; David (Medway, MA), Cohen; Aviram (Lexington, MA), Aslam; Javed (Weston, MA), Alshawabkeh; Malak (Quincy, MA), Dy; Jennifer (Framingham, MA), Azmandian; Fatemeh (Taunton, MA)

Assignee: Northeastern University

International Classification: H04L 29/06 (20060101)

Expiration Date: 5/06/12018