Security event detection method, apparatus, and tangible computer readable storage medium through virtual machine introspection

摘要

Methods and apparatus are disclosed for security event detection through virtual machine introspection. Example methods involve monitoring usage of a plurality of resources by a first virtual machine executing on a computing device by a monitoring agent, the monitoring agent executing on the computing device separate from the first virtual machine. Example methods further involve detecting a potential security event by comparing the usage of the plurality of resources to resource usage patterns. Example methods further involve assigning a severity level to the detected potential security event, and initiating a security action defined for the assigned severity level.