Hardware-assisted rootkit detection via on-line statistical fingerprinting of process execution
作者: Liwei Zhou , Yiorgos Makris
DOI: 10.23919/DATE.2018.8342267
关键词:
摘要: Kernel rootkits generally attempt to maliciously tamper kernel objects and surreptitiously distort program execution flow. Herein, we introduce a hardware-assisted hierarchical on-line system which detects such by identifying deviation of dynamic intra-process profiles based on architecture-level semantics captured directly in hardware. The underlying key insight is that, order take effect, malicious manipulation must the flow benign processes, thereby leaving abnormal traces semantics. While traditional detection methods rely software modules collect traces, their implementations are susceptible being compromised through attacks. In contrast, our maintains immunity attacks resorting hardware for trace collection. proposed method demonstrated Linux-based operating running 32-bit x86 architecture, implemented Simics. Experimental results, using real-world rootkits, corroborate effectiveness this method, while predictive 45nm PDK used evaluate overhead.
sci-hub.se 参考文章(19)
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
M.R. Guthaus, T. Mudge, R.B. Brown, D. Ernst, T.M. Austin, J.S. Ringenberg, MiBench: A free, commercially representative embedded benchmark suite ieee international symposium on workload characterization. pp. 3- 14 ,(2001) , 10.1109/WWC.2001.15
Loai Zomlot, Sathya Chandran, Doina Caragea, Xinming Ou, Aiding Intrusion Analysis Using Machine Learning international conference on machine learning and applications. ,vol. 2, pp. 40- 47 ,(2013) , 10.1109/ICMLA.2013.103
Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, Dmitry Ponomarev, Malware-aware processors: A framework for efficient online malware detection high-performance computer architecture. pp. 651- 661 ,(2015) , 10.1109/HPCA.2015.7056070
Srinivas Krishnan, Kevin Z. Snow, Fabian Monrose, Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches IEEE Transactions on Information Forensics and Security. ,vol. 7, pp. 1876- 1889 ,(2012) , 10.1109/TIFS.2012.2210217
Diego Perez-Botero, Jakub Szefer, Ruby B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers international workshop on security. pp. 3- 10 ,(2013) , 10.1145/2484402.2484406
H.-G. Stratigopoulos, S. Mir, A. Bounceur, Evaluation of Analog/RF Test Measurements at the Design Stage IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. ,vol. 28, pp. 582- 590 ,(2009) , 10.1109/TCAD.2009.2016136
James E. Stine, Ivan Castellanos, Michael Wood, Jeff Henson, Fred Love, W. Rhett Davis, Paul D. Franzon, Michael Bucher, Sunil Basavarajaiah, Julie Oh, Ravi Jenkal, FreePDK: An Open-Source Variation-Aware Design Kit microelectronics systems education. pp. 173- 174 ,(2007) , 10.1109/MSE.2007.44
Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda, AccessMiner: using system-centric models for malware protection computer and communications security. pp. 399- 412 ,(2010) , 10.1145/1866307.1866353
Yangchun Fu, Zhiqiang Lin, Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection ieee symposium on security and privacy. pp. 586- 600 ,(2012) , 10.1109/SP.2012.40