Hardware-based on-line intrusion detection via system call routine fingerprinting
作者: Liwei Zhou , Yiorgos Makris
DOI: 10.23919/DATE.2017.7927236
关键词:
摘要: We introduce a hardware-based methodology for performing on-line intrusion detection in microprocessors. The proposed method extracts fingerprints from the basic blocks of routine executed response to system call and examines their validity using Bloom filter. Implementation hardware renders spoofing attacks, which operating or hypervisor-level methods are vulnerable, ineffective. is evaluated kernel rootkits covertly modify service routines Linux running on 32-bit x86 architecture, implemented Simics simulation environment, while overhead predictive 45nm PDK.
sci-hub.se 参考文章(21)
Jonas Pfoh, Christian Schneider, Claudia Eckert, Nitro: Hardware-Based System Call Tracing for Virtual Machines Advances in Information and Computer Security. pp. 96- 112 ,(2011) , 10.1007/978-3-642-25141-2_7
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
Antonio Barresi, David Wagner, Thomas R. Gross, Mathias Payer, Nicolas Carlini, Control-flow bending: on the effectiveness of control-flow integrity usenix security symposium. pp. 161- 176 ,(2015)
M.R. Guthaus, T. Mudge, R.B. Brown, D. Ernst, T.M. Austin, J.S. Ringenberg, MiBench: A free, commercially representative embedded benchmark suite ieee international symposium on workload characterization. pp. 3- 14 ,(2001) , 10.1109/WWC.2001.15
Dr.Vandana Nath, Ritu chhabra, Comparative Study of Bloom Filter Architectures Global Journal of Research In Engineering. ,vol. 12, ,(2012)
Engin Kirda, Paolo Milani Comparetti, Christopher Kruegel, Clemens Kolbitsch, Xiaoyong Zhou, XiaoFeng Wang, Effective and efficient malware detection at the end host usenix security symposium. pp. 351- 366 ,(2009)
Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, Yier Jin, HAFIX: hardware-assisted flow integrity extension design automation conference. pp. 74- ,(2015) , 10.1145/2744769.2744847
John Criswell, Nathan Dautenhahn, Vikram Adve, KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels ieee symposium on security and privacy. pp. 292- 307 ,(2014) , 10.1109/SP.2014.26
Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, Dmitry Ponomarev, Malware-aware processors: A framework for efficient online malware detection high-performance computer architecture. pp. 651- 661 ,(2015) , 10.1109/HPCA.2015.7056070
Yier Jin, Michail Maniatakos, Yiorgos Makris, Exposing vulnerabilities of untrusted computing platforms international conference on computer design. pp. 131- 134 ,(2012) , 10.1109/ICCD.2012.6378629