Citation: | YAN Guang-lu, LUO Sen-lin, WEI Wei, PAN Li-min. Multiple attacks on virtualization-based security monitoring[J].JOURNAL OF BEIJING INSTITUTE OF TECHNOLOGY, 2016, 25(2): 254-263.doi:10.15918/j.jbit1004-0579.201625.0214 |
[1] |
Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection[C]//The Network and Distributed Systems Security Symposium, San Diego, California, USA, 2003.
|
[2] |
Payne B D, Carbone M, Lee W. Secure and flexible monitoring of virtual machines[C]//The Annual Computer Security Applications Conference, Miami Beach, FL, USA, 2007.
|
[3] |
Tupakula U K, Varadharajan V. Dynamic state-based security architecture for detecting security attacks in virtual machines[J]. Computer Journal, 2012, 55(4):397-409.
|
[4] |
Petroni N L, Hicks M. Automated detection of persistent kernel control-flow attacks[C]//The ACM conference on Computer and Communications Security, Alexandria, VA, USA, 2007.
|
[5] |
Chen L, Liu B, Hu H. Detecting hidden malware method based on "In-VM" model[J]. China Communications, 2011, 8(4):99-108.
|
[6] |
Chen L, Liu B, Zhang J, et al. An advanced method of process reconstruction based on VMM[C]//2011 International Conference on Computer Science and Network Technology (ICCSNT), Harbin, China, 2011.
|
[7] |
Payne B, Carbone M, Sharif M, et al. Lares:an architecture for secure active monitoring using virtualization[C]//The IEEE Symposium on Security and Privacy, Oakland, California, USA, 2008.
|
[8] |
Sharif M, Lee W, Cui W. Secure in-VM monitoring using hardware virtualization[C]//The ACM conference on Computer and Communications Security, Chicago, IL, USA, 2009.
|
[9] |
Dinaburg A, Royal P, Sharif M, et al. Ether:malware analysis via hardware virtualization extensions[C]//The 15th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 2008.
|
[10] |
Ying C, Jiachen L, Qiguang M, et al. Osiris:a malware behavior capturing system implemented at virtual machine monitor layer[C]//International Conference on Computational Intelligence and Security (CIS), Guangzhou, China, 2012.
|
[11] |
Seshadri A, Luk M, Qu N, et al. SecVisor:a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes[C]//The ACM Symposium on Operating System Principles, Stevenson, WA, USA, 2007.
|
[12] |
Rhee J, Riley R, Xu D, et al. Defeating dynamic data kernel rootkit attacks via VMM-based guest-transparent monitoring[C]//International Conference on Availability, Reliability and Security, Fukuoka, Japan, 2009.
|
[13] |
Yan L K, Jayachandra M, Zhang M. V2E:combining hardware virtualization and software emulation for transparent and extensible malware analysis[J]. ACM Sigplan Notices, 2012, 47(7):227-237.
|
[14] |
Rutkowska J. Subverting Vista
TMkernel for fun and profit[C]//Black Hat, Las Vegas, USA, 2006.
|
[15] |
Yan Guanglu, Luo Senlin. The detection of hidden process technology based on thread scheduling[J]. Netinfo Security, 2013(2):38-40. (in Chinese)
|
[16] |
Zhu J, Zhou T, Wang Q. Towards a novel approach for hidden process detection based on physical memory scanning[C]//International Conference on Multimedia Information Networking and Security, Nanjing, China, 2012.
|
[17] |
Xiong H, Liu Z, Xu W, et al. Libvmi:a library for bridging the semantic gap between guest OS and VMM[C]//International Conference on Computer and Information Technology, Chengdu, China, 2012.
|
[18] |
Lin C, Bo L, Huaping H, et al. A layered malware detection model using VMM[C]//International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK, 2012.
|