Speakers
Description
Nowadays, security threats become more and more harmful. Many security solutions have been implemented along the time, the most popular being the anti-viruses. They offer proper protection against computer viruses unless these malicious programs do not run at a higher privilege level than the security solution itself. This shortcoming of conventional security solutions can be reduced using virtualization-based mechanisms, which run totally separated from the main user environment, in the same time being able to monitor events and take actions if necessary. In order to improve their performance, behavioral datasets of malicious software can be used for training a model which can then be used by the security solution. There are very few publicly known and relevant datasets from which one can build such a model, so the current paper proposes an open design for an infrastructure capable of recording and storing application behavioral events in order to train a security-oriented machine learning solution. The proposed solution consists of a hypervisor that is run on an end-user system and the necessary software that controls the activation, interception and storage of virtualization events from which one can build the relevant datasets.
