Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/26301
Title: Implicit detection of hidden processes with a feather-weight hardware-assisted virtual machine monitor
Authors: Wen, Y
Zhao, J
Wang, H
Cao, J 
Keywords: Hardware-assisted VMM
Stealth malware
Virtual machine monitor
Issue Date: 2008
Publisher: Springer
Source: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics), 2008, v. 5107 LNCS, p. 361-375 How to cite?
Journal: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics) 
Abstract: Process hiding is a commonly used stealth technique which facilitates the evasion from the detection by anti-malware programs. In this paper, we propose a new approach called Aries to implicitly detect the hidden processes. Aries introduces a novel feather-weight hardware-assisted virtual machine monitor (VMM) to obtain the True Process List (TPL). Compared to existing VMM-based approaches, Aries offers three distinct advantages: dynamic OS migration, implicit introspection of TPL and non-bypassable interfaces for exposing TPL. Unlike typical VMMs, Aries can dynamically migrate a booted OS on it. By tracking the low-level interactions between the OS and the memory management structures, Aries is decoupled with the explicit OS implementation information which is subvertable for the privileged malware. Our functionality evaluation shows Aries can detect more process-hiding malware than existing detectors while the performance evaluation shows desktop-oriented workloads achieve 95.2% of native speed on average.
Description: 13th Australasian Conference on Information Security and Privacy, ACISP 2008, Wollongong, NSW, 7-9 July 2008
URI: http://hdl.handle.net/10397/26301
ISBN: 3540699716
9783540699712
ISSN: 0302-9743 (print)
1611-3349 (online)
DOI: 10.1007/978-3-540-70500-0-27
Appears in Collections:Conference Paper

Access
View full-text via PolyU eLinks SFX Query
Show full item record

SCOPUSTM   
Citations

10
Last Week
0
Last month
0
Citations as of Apr 22, 2017

Page view(s)

26
Last Week
5
Last month
Checked on Apr 30, 2017

Google ScholarTM

Check

Altmetric



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.