Title :
Hidden Process Detection System Based on Hardware-Assisted Virtualization
Author :
Xuexiang Li ; Xue-Qing An ; Wenning Zhang
Author_Institution :
Software Sch., Zhengzhou Univ., Zhengzhou, China
Abstract :
Hidden process detection is an important issue in information security area. Based on hardware-assisted virtualization, the system proposed in this paper can monitor guest operating system (Guest OS) via the highest privilege level of Virtual Machine Monitor (VMM). It realizes functions of detection, creation monitoring and termination of hidden processes, even for malicious Root kit processes in kernel. Comparing to popular process detection tools using hook functions or relying on unpublicized data structures, the optimized system doesn´t depend on any hook function and destroy any data structure of OS, making it much more efficient and better in the area of hidden processes detection.
Keywords :
computerised monitoring; invasive software; operating system kernels; virtual machines; virtualisation; VMM; data structure; guest OS monitoring; guest operating system monitoring; hardware-assisted virtualization; hidden process detection system; hidden process monitoring creation function; hidden process termination function; information security area; kernels; malicious Rootkit processes; privilege level; virtual machine monitor; Data structures; Kernel; Monitoring; Process control; Switches; Virtualization; detection system; hardware-assisted virtualization; hidden process; information security; virtual machine monitor (VMM);
Conference_Titel :
Internet Computing for Engineering and Science (ICICSE), 2013 Seventh International Conference on
Conference_Location :
Shanghai
DOI :
10.1109/ICICSE.2013.17
