A popular approach to detect cyberattacks is to monitor systems in real-time
to identify malicious activities as they occur. While these solutions aim to
detect threats early, minimizing damage, they suffer from a significant
challenge due to the presence of false positives. False positives have a
detrimental impact on computer systems, which can lead to interruptions of
legitimate operations and reduced productivity. Most contemporary works tend to
use advanced Machine Learning and AI solutions to address this challenge.
Unfortunately, false positives can, at best, be reduced but not eliminated.
In this paper, we propose an alternate approach that focuses on reducing the
impact of false positives rather than eliminating them. We introduce Valkyrie,
a framework that can enhance any existing runtime detector with a
post-detection response. Valkyrie is designed for time-progressive attacks,
such as micro-architectural attacks, rowhammer, ransomware, and cryptominers,
that achieve their objectives incrementally using system resources. As soon as
an attack is detected, Valkyrie limits the allocated computing resources,
throttling the attack, until the detector’s confidence is sufficiently high to
warrant a more decisive action. For a false positive, limiting the system
resources only results in a small increase in execution time. On average, the
slowdown incurred due to false positives is less than 1% for single-threaded
programs and 6.7% for multi-threaded programs. On the other hand, attacks like
rowhammer are prevented, while the potency of micro-architectural attacks,
ransomware, and cryptominers is greatly reduced.

Este artículo explora los viajes en el tiempo y sus implicaciones.

Descargar PDF: