VMITN: A Novel Intrusion Tolerance Architecture for Treating the Rapid Propagation of Malicious Programs

Abstract

Today’s understaffed IT departments face a daunting security challenge – protect the enterprise from new, unknown threats. The most damaging threats, unfortunately, are coming from fatal malicious programs, such as zero day worms and viruses, which are hard to be stopped by traditional security mechanisms. Therefore, instead of trying to prevent every single intrusion, in this paper, we adopt a novel system architecture which will tolerate new worm attack temperately until administrator removes the vulnerability. With a set of intrusion pattern recognition mechanisms and the virtual machine technology, the proposed VMITN (Virtual Machine based Intrusion Tolerance Network) is able to achieve the goal of intrusion tolerance. We have implemented a prototype of VMITN. We present the design, implementation and evaluation of this prototype system. Our experiments in an emulation network proved the reliability and survivability of VMITN under Code Red worm attack.