Please use this identifier to cite or link to this item:
Title: Implicit detection of hidden processes with a feather-weight hardware-assisted virtual machine monitor
Authors: Wen, Y
Zhao, J
Wang, H
Cao, J 
Keywords: Hardware-assisted VMM
Stealth malware
Virtual machine monitor
Issue Date: 2008
Publisher: Springer
Source: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics), 2008, v. 5107 LNCS, p. 361-375 How to cite?
Journal: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics) 
Abstract: Process hiding is a commonly used stealth technique which facilitates the evasion from the detection by anti-malware programs. In this paper, we propose a new approach called Aries to implicitly detect the hidden processes. Aries introduces a novel feather-weight hardware-assisted virtual machine monitor (VMM) to obtain the True Process List (TPL). Compared to existing VMM-based approaches, Aries offers three distinct advantages: dynamic OS migration, implicit introspection of TPL and non-bypassable interfaces for exposing TPL. Unlike typical VMMs, Aries can dynamically migrate a booted OS on it. By tracking the low-level interactions between the OS and the memory management structures, Aries is decoupled with the explicit OS implementation information which is subvertable for the privileged malware. Our functionality evaluation shows Aries can detect more process-hiding malware than existing detectors while the performance evaluation shows desktop-oriented workloads achieve 95.2% of native speed on average.
Description: 13th Australasian Conference on Information Security and Privacy, ACISP 2008, Wollongong, NSW, 7-9 July 2008
ISBN: 3540699716
ISSN: 0302-9743
EISSN: 1611-3349
DOI: 10.1007/978-3-540-70500-0-27
Appears in Collections:Conference Paper

View full-text via PolyU eLinks SFX Query
Show full item record


Last Week
Last month
Citations as of Aug 11, 2017

Page view(s)

Last Week
Last month
Checked on Aug 13, 2017

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.