Stealth and Real-time Program Execution Monitoring

Modern computer systems involve complex arrangements of many software components. It has proven difficult to secure such systems from attack by finding and closing all security holes. Dynamic monitoring techniques that detect intrusions have been developed to defend against latent, unknown vulnerabilities. However, to date these monitoring techniques have focused too narrowly on specific detection strategies and can often be sidestepped. We propose a next-generation system monitoring platform capable of supporting a wide variety of monitoring strategies. Moreover, our approach provides comprehensive protection for the entire computer system rather than guarding individual processes one-at-a-time. The proposed system monitoring tool incorporates stealth to inhibit an adversarys ability to disable it, and dynamic optimization to ensure minimal performance overhead on the protected system.

Computer security is critical to both national security as well as the private sector. Breaches in security may result in loss of sensitive data and compromise the operation of critical infrastructure. The proposed technology will provide a next-generation tool for detecting and preventing such attacks. Systems deployed with the proposed monitoring system will be more resilient to attack than those systems using older protection systems or none at all.