Cloud-Thread Intelligent Appliance (CIA)

Organization: Industrial Technology Research Institute (ITRI)
Year: 2016

The landscape of cyberattack has seen a dramatic change from broad, scattershot attacks to advanced targeted attacks in recent years.  Current cyber criminals often exploit unknown vulnerabilities to generate attack payloads for the intended targets. These kinds of attack are referred to as Advanced Persistent Threat (APT) which renders traditional signature-based solutions woefully inadequate. To address APT, Cloud-Thread Intelligent Appliance (CIA) utilizes two patented technologies, Virtual Time Accelerator and Hypervisor Security Monitor, to examine the dynamic behavior of the target system in a virtual environment and look for any telltale sign of security threat. A security monitor module runs in root mode using hardware-assisted virtualization technology, and completely outside the guest OS environment. By capturing every system call of the virtual machine and the information about the virtual CPU and virtual memory upon the return from the system call, CIA applies data analytic to determine if the system call pattern is similar to those of malwares.