Huaizhe Zhou, Changjiang Fei, Lin Ni, Bo Wu, Guopeng Li, Kun Han
{"title":"Detecting Kernel Rootkits in a Virtualized Infrastructure with Low-Level Architectural Features","authors":"Huaizhe Zhou, Changjiang Fei, Lin Ni, Bo Wu, Guopeng Li, Kun Han","doi":"10.1109/ICECE56287.2022.10048623","DOIUrl":null,"url":null,"abstract":"Security exploits and ensuant malware pose an increasing challenge to the cloud computing environments as the variety and complexity of malware continue to increase. Kernel rootkits are more formidable than other malware for their stealthiness and high privilege. A variety of software-based detection mechanisms have been explored to defeat kernel rootkits. However, existing methods suffer from their complexity. In this paper, we introduce HKRD, a system that utilizes low-level architectural features in the hypervisor to detect and identify malicious behaviors of kernel rootkits in a VM. By combining architectural features with machine learning on the Xen hypervisor, our implemented prototype shows its capacity to detect kernel rootkits with high accuracy and moderate performance cost.","PeriodicalId":358486,"journal":{"name":"2022 IEEE 5th International Conference on Electronics and Communication Engineering (ICECE)","volume":"95 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 5th International Conference on Electronics and Communication Engineering (ICECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECE56287.2022.10048623","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Security exploits and ensuant malware pose an increasing challenge to the cloud computing environments as the variety and complexity of malware continue to increase. Kernel rootkits are more formidable than other malware for their stealthiness and high privilege. A variety of software-based detection mechanisms have been explored to defeat kernel rootkits. However, existing methods suffer from their complexity. In this paper, we introduce HKRD, a system that utilizes low-level architectural features in the hypervisor to detect and identify malicious behaviors of kernel rootkits in a VM. By combining architectural features with machine learning on the Xen hypervisor, our implemented prototype shows its capacity to detect kernel rootkits with high accuracy and moderate performance cost.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
