AI Virtual Machine Introspection to detect Malware and Other Activities

About the Project

Virtual machines have been around for a long time, and are used heavily throughout the internet. However, they are not immune to misuse, abuse, and attacks. Malware for instance can infect a virtual machine, and there is a reliance on the user of the virtual machine to deal with such problems. However, it would be helpful if the company providing the virtualisation platform could perform their own monitoring, and take action if necessary to secure the platform for all users, as well as help users defend themselves from attacks.

This proposal is focused on understanding what is happening with a virtual machine from the point of view of the systems controlling the virtualisation platform. As they are running outside the virtual machine, access to interior information is much harder to access. Work has been done in this area using introspection tools, which basically use insider knowledge to try and give access to interior data from the hypervisor. These can be effective, but can be slow, and impact the performance of the virtualised machines. They can also be detectable from the virtual machine, and the introspection tools are sensitive to changes and updates in operating systems. They work best when they access the entire virtual machine memory in snapshots, and with increased memory requirements of virtual machines this in itself is problematic. Additionally, there is a move over time to make virtual machine instances encrypted from the hypervisor, which would make traditional introspection much harder.

This PhD is concerned with real-time introspection of virtual nodes with a focus on understanding what is happening within a virtual machine without necessarily understanding the operating system, or trying to capture all its memory in snapshots. Initially, the focus is to look at the side-effects of a running virtual machine over time, and work out the likely activities happening within. Side effects could be disk io, network io, but also memory block access patterns such as a timeline of the memory blocks changed. These could be evaluated using an AI approach, and suggest activities or even suggest particular memory blocks which would be worthy of capture for further introspection. Ideally the result would be a system with the advantages of traditional introspection, but with much higher performance.

Academic qualifications

First degree with at least a 2:1 classification in Computing. Have a fundamentla knowledge in the following areas: Operating Systems, Artificial Intelligence, Malware and Computer Virtualisation

English language requirement

IELTS score must be at least 6.5 (with not less than 6.0 in each of the four components). Other, equivalent qualifications will be accepted. Full details of the University’s policy are available online.

Essential attributes:

• Highly motivated
• Keen interest in AI and operating systems

Desirable attributes:

• Knowledge of software engineering

APPLICATION CHECKLIST

• Completed application form
• CV
• 2 academic references, using the Postgraduate Educational Reference Form (download)
• Research project outline of 2 pages (list of references excluded). The outline may provide details about
  1. Background and motivation of the project. The motivation, explaining the importance of the project, should be supported also by relevant literature. You can also discuss the applications you expect for the project results.
  2. Research questions or objectives.
  3. Methodology: types of data to be used, approach to data collection, and data analysis methods.
  4. List of references.

The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.

• Statement no longer than 1 page describing your motivations and fit with the project.
• Evidence of proficiency in English (if appropriate)

To be considered, the application must use

• the advertised title as project title

For informal enquiries about this PhD project, please contact g.russell@napier.ac.uk

Application link: https://evision.napier.ac.uk/si/sits.urd/run/siw_sso.go?ElOlarlItFiG37xnH5PRRBvv3d563wLdwX4JfhYskMa3bJWTuc

PhD Start Date: October 2026

Funding Notes

International applicants should note that visa application costs and the NHS health surcharge are additional costs to be taken into consideration, and successful applicants will need to cover these expenses themselves.