Title: Evaluating eBPF as an Alternative to Virtual Machine Introspection for High-Interaction Honeypot Implementation
Speaker: Niku Waltteri Saulinpoika Nuuti (Reykjavík University)
When: October 24, 2025, 14h00
Where: FCUL, 6.3.27
Invited by: Ibéria Medeiros

Abstract: Virtual machine introspection (VMI) enables stealthy monitoring of guest systems but suffers from high overhead and deployment complexity. This work explores whether extended Berkeley Packet Filter (eBPF)–based tracing can offer a lower-overhead alternative for security applications. We compare both approaches in terms of performance, stealthiness, and practical applicability using micro-benchmarks and a prototype SSH honeypot. Our results reveal key trade-offs and provide guidance for future security monitoring system design.

Short bio: Niku Waltteri Saulinpoika Nuuti obtained a Bachelor’s degree in 2020 from Turku University of Applied Sciences (Finland), and a Master’s degree in Computer Science in 2024 from a joint program between Åbo Akademi (Finland) and Reykjavík University in Iceland. He is now a PhD student at the Computer Science Department, Reykjavík University, working on virtual machine monitoring and malware forensics.