Title :
VMDetector: A VMM-based Platform to Detect Hidden Process by Multi-view Comparison
Author :
Wang, Ying ; Hu, Chunming ; Li, Bo
Author_Institution :
Sch. of Comput. Sci. & Eng., Beihang Univ., Beijing, China
Abstract :
Recently, "rootkit" becomes a popular hacker malware on the Internet, which controls the hosts on the Internet by hiding itself, and raises a serious security threat. Existing host-based and hardware-based solutions have some disadvantages, such as hardware overhead and being discovered by root kits, where the development of virtualization technology provides a better solution to avoid those. Virtual machine monitor has the highest authority on the virtual machine, and has the right to control the activities in the virtual machine without being found by root kits in the virtual machines. We propose VM Detector based on this hardware virtualization technology, using multi-view detection mechanism, to detect hidden processes inside the virtual machine on many aspects, then to improve the virtual machine\´s security. Through several experiments, VM Detector carried on the process detection effectively, and introduced less than 10% performance overhead.
Keywords :
security of data; virtual machines; virtualisation; Internet; VMDetector; VMM-based platform; hacker malware; hardware overhead; hardware virtualization technology; hidden process; multiview comparison; multiview detection; security threat; virtual machine monitor; Hardware; Kernel; Linux; Semantics; Virtual machine monitors; Virtual machining; hidden process detection; multi-view; multi-view comparison; virtualization;
Conference_Titel :
High-Assurance Systems Engineering (HASE), 2011 IEEE 13th International Symposium on
Conference_Location :
Boca Raton, FL
Print_ISBN :
978-1-4673-0107-7
DOI :
10.1109/HASE.2011.41
