Deterring Malware by Imitating Virtual Machines
Source: University of Michigan (Ross)
Securing hosts against intrusions is becoming increasingly important as resource and identity theft are rising in frequency and severity. Attackers often gain control of a system through software vulnerabilities that are particular to a specific software version. To prevent detection, they may purposely avoid instrumented systems such as honeypots that are actively monitoring attackers. In turn, such monitoring systems attempt to hide their purpose of attracting infection attempts. Analogous to honeypots attracting attacks, the paper introduces a new paradigm of protecting production systems by making them appear as monitoring systems, which are typically avoided by attackers. In this work, the author explores one direction in this theme by developing several techniques to imitate virtual machines often used by monitoring systems.