Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism

doi:10.3837/tiis.2017.03.026

	Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism
	Cui, Chaoyuan1 ; Wu, Yun2 ; Li, Yonggang1 ; Sun, Bingyu1
	2017-03-31
发表期刊	KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
摘要	Intrusion detection techniques based on virtual machine introspection (VMI) provide high temper-resistance in comparison with traditional in-host anti-virus tools. However, the presence of semantic gap also leads to the performance and compatibility problems. In order to map raw bits of hardware to meaningful information of virtual machine, detailed knowledge of different guest OS is required. In this work, we present VDSM, a lightweight and general approach based on driver separation mechanism: divide semantic view reconstruction into online driver of view generation and offline driver of semantics extraction. We have developed a prototype of VDSM and used it to do intrusion detection on 13 operation systems. The evaluation results show VDSM is effective and practical with a small performance overhead.
文章类型	Article
关键词	Lightweight Intrusion Detection Introspection Semantic Gap Driver Separation Mechanism Portability
WOS标题词	Science & Technology ; Technology
DOI	10.3837/tiis.2017.03.026
关键词[WOS]	INTROSPECTION
收录类别	SCI
语种	英语
项目资助者	IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; IT R&D program of MKE/IITA ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04) ; Korean government [Development of Next Generation Security Technology](2005-Y-001-04)
WOS研究方向	Computer Science ; Telecommunications
WOS类目	Computer Science, Information Systems ; Telecommunications
WOS记录号	WOS:000399226400026
引用统计	被引频次：2[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://ir.hfcas.ac.cn:8080/handle/334002/33369
专题	中科院合肥智能机械研究所
作者单位	1.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Intelligent Machines, Hefei 230031, Anhui, Peoples R China 2.Chinese Acad Sci, Hefei Inst Phys Sci, Inst Appl Technol, Hefei 230088, Anhui, Peoples R China
推荐引用方式 GB/T 7714	Cui, Chaoyuan,Wu, Yun,Li, Yonggang,et al. Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,2017,11(3):1722-1741.
APA	Cui, Chaoyuan,Wu, Yun,Li, Yonggang,&Sun, Bingyu.(2017).Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism.KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,11(3),1722-1741.
MLA	Cui, Chaoyuan,et al."Lightweight Intrusion Detection of Rootkit with VMI-Based Driver Separation Mechanism".KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS 11.3(2017):1722-1741.