TIIS (Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ)
Current Result Document :
ÇѱÛÁ¦¸ñ(Korean Title) |
Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism |
¿µ¹®Á¦¸ñ(English Title) |
Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism |
ÀúÀÚ(Author) |
Chaoyuan Cui
Yun Wu
Yonggang Li
Bingyu Sun
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 11 NO. 03 PP. 1722 ~ 1741 (2017. 03) |
Çѱ۳»¿ë (Korean Abstract) |
|
¿µ¹®³»¿ë (English Abstract) |
Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead.
|
Å°¿öµå(Keyword) |
lightweight intrusion detection
introspection
semantic gap
driver separation mechanism
portability
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|