Abstract—As a special type of stealth attacks, a rootkit hides its existence from malware detection and maintains continued privileged access to a computer system. The proliferation of virtualization creates a new technique for the detection of such attacks. In this paper, we propose to design a rootkit detec-tion mechanism for virtual machines through deep information extracting and reconstruction at the hypervisor level. Through accessing the important components of a VM such as the kernel symbol table, the hypervisor can reconstruct the VM’s execution states and learn the essential information such as the running processes, active network connections, and opened files. Through cross-verification among the different components of the reco...
The promotion of cloud computing makes the virtual machine (VM) increasingly a target of malware att...
Memory forensics is the branch of computer forensics that aims at extracting artifacts from memory s...
Abstract. Kernel rootkits pose a significant threat to computer systems as they run at the highest p...
Kernel-mode rootkits represent a considerable threat to any computer system, as they provide an intr...
tr11-007 This article presents a survey of current approaches to memory forensics in virtualized env...
Abstract—Targeting the operating system kernel, the core of trust in a system, kernel rootkits are a...
The use of virtualized environments continues to grow for efficient utilization of the available com...
Virtual machine introspection (VMI) is intended to provide a secure and trusted platform from which ...
Stealth Malware (Rootkit) is a malicious software used by attack- ers who wish to run their code o...
Over the past few years, virtualization has been em-ployed to environments ranging from densely popu...
Kernel rootkits are a special category of malware that are deployed directly in the kernel and hence...
Abstract—The advent of cloud computing and inexpensive multi-core desktop architectures has led to t...
Cyberattacks targeted at virtualization infrastructure underlying cloud computing services has becom...
Attackers and defenders of computer systems both strive to gain complete control over the system. To...
Most existing virtual machine introspection (VMI) technologies analyze the status of a target virtua...
The promotion of cloud computing makes the virtual machine (VM) increasingly a target of malware att...
Memory forensics is the branch of computer forensics that aims at extracting artifacts from memory s...
Abstract. Kernel rootkits pose a significant threat to computer systems as they run at the highest p...
Kernel-mode rootkits represent a considerable threat to any computer system, as they provide an intr...
tr11-007 This article presents a survey of current approaches to memory forensics in virtualized env...
Abstract—Targeting the operating system kernel, the core of trust in a system, kernel rootkits are a...
The use of virtualized environments continues to grow for efficient utilization of the available com...
Virtual machine introspection (VMI) is intended to provide a secure and trusted platform from which ...
Stealth Malware (Rootkit) is a malicious software used by attack- ers who wish to run their code o...
Over the past few years, virtualization has been em-ployed to environments ranging from densely popu...
Kernel rootkits are a special category of malware that are deployed directly in the kernel and hence...
Abstract—The advent of cloud computing and inexpensive multi-core desktop architectures has led to t...
Cyberattacks targeted at virtualization infrastructure underlying cloud computing services has becom...
Attackers and defenders of computer systems both strive to gain complete control over the system. To...
Most existing virtual machine introspection (VMI) technologies analyze the status of a target virtua...
The promotion of cloud computing makes the virtual machine (VM) increasingly a target of malware att...
Memory forensics is the branch of computer forensics that aims at extracting artifacts from memory s...
Abstract. Kernel rootkits pose a significant threat to computer systems as they run at the highest p...