Introducing Pathogen: A Real-Time Virtual Machine Introspection Framework


Abstract: In recent years, malware has grown extremely rapidly in complexity and rates of system infection. Current generation anti-virus and anti-malware software provides system protection through the use of locally installed monitoring agents, which are dependent upon vendor generated signature and heuristic based rules. However, because these monitoring agents are installed within the systems they are trying to protect, they themselves are potential targets of attack by malware. Pathogen overcomes this issue by using a real-time system monitoring and analysis framework that utilises Virtual Machine introspection (VMI) to allow the monitoring of a system without the need for any locally installed agents. One of the main research problems in VMI is how to parse and interpret the memory of an executing system from outside of that system. Pathogen's contribution is a lightweight introspection framework that bridges the semantic gap.

3 pages

Additional Publication Information: CCS 2013: 20th ACM Conference on Computer and Communications Security (ACM CCS)

  • External Posting Date: August 21, 2013 [Fulltext]. Approved for External Publication
  • Internal Posting Date: August 21, 2013 [Fulltext]

Back to Listing