Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism | |
Cui, Chaoyuan1; Wu, Yun2; Li, Yonggang1; Sun, Bingyu1 | |
刊名 | KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS |
2017-03-31 | |
卷号 | 11期号:3页码:1722-1741 |
关键词 | Lightweight Intrusion Detection Introspection Semantic Gap Driver Separation Mechanism Portability |
DOI | 10.3837/tiis.2017.03.026 |
文献子类 | Article |
英文摘要 | Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead. |
WOS关键词 | INTROSPECTION |
WOS研究方向 | Computer Science ; Telecommunications |
语种 | 英语 |
WOS记录号 | WOS:000399226400026 |
资助机构 | IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) |
内容类型 | 期刊论文 |
源URL | [http://ir.hfcas.ac.cn:8080/handle/334002/33299] |
专题 | 合肥物质科学研究院_中科院合肥智能机械研究所 |
作者单位 | 1.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Intelligent Machines, Hefei 230031, Anhui, Peoples R China 2.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Appl Technol, Hefei 230088, Anhui, Peoples R China |
推荐引用方式 GB/T 7714 | Cui, Chaoyuan,Wu, Yun,Li, Yonggang,et al. Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,2017,11(3):1722-1741. |
APA | Cui, Chaoyuan,Wu, Yun,Li, Yonggang,&Sun, Bingyu.(2017).Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism.KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,11(3),1722-1741. |
MLA | Cui, Chaoyuan,et al."Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism".KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS 11.3(2017):1722-1741. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论