期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Xen虚拟化的隐藏进程检测方法 被引量:3

Method of detecting hidden process based on Xen virtualization
下载PDF
导出
摘要 恶意进程利用Rootkit使自己具有极强的隐蔽性。传统的隐藏进程检测工具部署在被检测系统中,容易受到攻击。为提高检测系统的抗攻击性和准确性,提出了一种虚拟环境下特征匹配的隐藏进程检测系统。该系统部署在被监控虚拟机外部,自调整检测频率扫描计算机内存来获取进程相关信息,并通过与预先构建好的特征模板进行相似度匹配,达到检测隐藏进程的目的。实验结果表明,该检测系统可以有效地检测出典型的Rootkit代码,确定隐藏进程的存在。 Malicious processes are the major hidden danger to the safety of the computer system,which make themselves more hidden through the Rootkit. Conventional detection tools exist inside the very host they are protecting,which make them vulnerable to be attacked. In order to improve the ability and accuracy of tamper resistance,this paper designed a hidden process detection system using feature matching in virtual environment. By scanning machine memory directly and adjusting itself frequently,the system located outside the monitored virtual machine inspected the process information,and then achieved the purpose of detecting hidden process through judging the process information similar to the pre-framed feature template. Experimental results show that the detection system can effectively detect typical Rootkit code,determine the presence of hidden processes.
作者 赵志远 朱智强 孙磊 杨杰
机构地区 信息工程大学三院
出处 《计算机应用研究》 CSCD 北大核心 2015年第4期1127-1130,1153,共5页 Application Research of Computers
基金 国家"863"计划基金资助项目(2008AA01Z404) 国防预研基金资助项目(910A26010306JB5201)
关键词 虚拟机监视器 隐藏进程 匹配特征 匹配模板 相似度匹配 检测频率 VMM hidden process matching characteristics matching template similarity matching inspection frequency
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献15

  • 1王磊.网络犯罪若干问题研究[D].北京:中共中央党校,2011. 被引量:1
  • 2HOGLUND G, BUTLER J. Rootkits: subverting the Windows kernel [M]. [S. 1. ] :Addison-Wesley Professional,2005. 被引量:1
  • 3冯帆,罗森林.基于VMM的Rootkit检测技术及模型分析[J].信息网络安全,2013(6):35-39. 被引量:3
  • 4CHEN P M, NOBLE B D. When virtual is better than real[ C ]//Proc of the 8th Workshop on Hot Topics in Operating Systems. Washington DC :IEEE Computer Society,2001 : 133-138. 被引量:1
  • 5BARHAM P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[C]//Proc of the 19th ACM Symposium on Operating Systems Principles. New York : ACM Press ,2003 : 164-177. 2012,23(8) :2173-2188. 被引量:1
  • 6项国富,金海,邹德清,陈学广.基于虚拟化的安全监控[J].软件学报,2012,23(8):2173-2187. 被引量:63
  • 7WHITE J S, PAPE S R, MEILY A T, et al. Dynamic malware analy- sis using IntroVirt : a modified hypervisor-based system [ C ]//Proc of SPIE Defense Security and Sensing Cyber Security Conference. 2013. 被引量:1
  • 8JONES S, ARPACI-DUSSEAU A, ARPACI-DUSSEAU R. AntFarm: tracking processes in a virtual machine environment[ C]//Proc of An- nual USENIX Technical Conference. Berkeley, CA : USENIX, 2008 : 1 - 14. 被引量:1
  • 9PAYNE B D, CARBONE M, LEE W. Secure and flexible monit.oring of virtual machines [ C]//Proe of the 23rd Annual Computer Security Applications Conference. Piscataway, NJ: IEEE Press, 2007: 385- 397. 被引量:1
  • 10JIANG Xu-xian, WANG Xin-yuan, XU Dong-yan. Stealthy malware detection and monitoring through VMM-based " out-of-the-box" se- mantic view reconstruction [ J ]. ACM Trans on information and Systems Security,2010,13 (2) : 12-28. 被引量:1

二级参考文献48

  • 1唐勇,卢锡城,胡华平,朱培栋.Honeypot技术及其应用研究综述[J].小型微型计算机系统,2007,28(8):1345-1351. 被引量:9
  • 2Silberman P, et al. FUTo uninformed[EB/OL]. 2006. [2010-12-10]. http://uninformed, org/?v= 3&a = 7&t = sumry. 被引量:1
  • 3Jones S T, Arpaci Dusseau A C, Arpaci-Dusseau R H. VMM-based hidden process detection and identification using Lycosid[C] //Proc of the 4th Int Conf on Virtual Execulion Environments (VEE08). New York: ACM, 2008:91-100. 被引量:1
  • 4Litty L, Lagar Cavilla H A, Lie I). Hypervisor support for identifying covertly executing binaries [C] //Proc of the 17th Conf on Security Symp. Berkeley: USENIX, 2008: 243-258. 被引量:1
  • 5Hoglund G. Kernel object hooking rootkits (KOH rootkits) [EB/OL]. 2006. [2008-12-10], http://www, rootkit, corn/ newsread, php?newsid: 501. 被引量:1
  • 6lntel Corporation. Intel: 64 and IA-32 architectures software developer's manual volume 3A: System programming guide, Part 1 [EB/OL]. 2010. [2010-12-10]. http: //www. intel. com/Assets/PDF/manual/253 668. pdf. 被引量:1
  • 7Riley R, Jiang X, Xu D. Multi aspect profiling of kernel rootkit behavior [C] //Proc of the 4th ACM European Conf on Computer Systems (EuroSys 09). New York: ACM, 2009:47-60. 被引量:1
  • 8Garfinkel T, Rosenblum M. A machine introspection-based architecture for intrusion detection [C] //Proc of the 10th Network and Distributed System Security Symp. Washington DC: Internet Society, 2003:191-206. 被引量:1
  • 9Litty L, Lie D. Manitou: A layer-below approach to fighting malware [C]//Proc of the Workshop Architectural and System Support for Improving Software Dependability (ASID 06). NewYork: ACM, 2006:6-11. 被引量:1
  • 10Barham P, Dragovic B, Fraser K, et al. Xen and the art of virtualization [C]//Proc of the 19th ACM Syrup on Operating Systems Principles (SOSP 03). New York: ACM, 2003: 164-177. 被引量:1

共引文献89

同被引文献32

引证文献3

二级引证文献1

计算机应用研究
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部