Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism

doi:10.3837/tiis.2017.03.026

CORC > 合肥物质科学研究院 > 中国科学院合肥物质科学研究院 > 中科院合肥智能机械研究所

	Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism
	Cui, Chaoyuan 1; Wu, Yun 2; Li, Yonggang 1; Sun, Bingyu 1
刊名	KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
	2017-03-31
卷号	11 期号:3 页码:1722-1741
关键词	Lightweight Intrusion Detection Introspection Semantic Gap Driver Separation Mechanism Portability
DOI	10.3837/tiis.2017.03.026
文献子类	Article
英文摘要	Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead.
WOS关键词	INTROSPECTION
WOS研究方向	Computer Science ; Telecommunications
语种	英语
WOS记录号	WOS:000399226400026
资助机构	IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04)
内容类型	期刊论文
源URL	[http://ir.hfcas.ac.cn:8080/handle/334002/33299]
专题	合肥物质科学研究院_中科院合肥智能机械研究所
作者单位	1.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Intelligent Machines, Hefei 230031, Anhui, Peoples R China 2.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Appl Technol, Hefei 230088, Anhui, Peoples R China
推荐引用方式 GB/T 7714	Cui, Chaoyuan,Wu, Yun,Li, Yonggang,et al. Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,2017,11(3):1722-1741.
APA	Cui, Chaoyuan,Wu, Yun,Li, Yonggang,&Sun, Bingyu.(2017).Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism.KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,11(3),1722-1741.
MLA	Cui, Chaoyuan,et al."Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism".KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS 11.3(2017):1722-1741.