VMPmonitor: An Efficient Modularity Approach for Hidden Process Detection
- DOI
- 10.2991/ccis-13.2013.59How to use a DOI?
- Keywords
- security; malware; hidden process detection; virtual machine monitor
- Abstract
With the development of the Cloud computing, more and more people are accustomed to resource sharing or online shopping. And malware has become a major threat to the Cloud safety. Process hiding is a powerful technique commonly used by stealthy malware to evade detection by anti-malware. In this paper, we present a novel approach called VMPmonitor-an efficient modularity approach for hidden process detection. With the help of the guest OS register information (mainly the ESP) collected by virtual machine monitor, VMPmonitor can implicitly capture the hidden process information of target guest OS. Compared to other approaches, VMPmonitor obtains guest process information implicitly. Using implicit information reduces its susceptibility to guest evasion attack. Experimental result shows that VMPmonitor has better reliability and accuracy.
- Copyright
- © 2013, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Cui Chaoyuan AU - Wu Yun AU - Li Ping AU - Wang Rujing PY - 2013/11 DA - 2013/11 TI - VMPmonitor: An Efficient Modularity Approach for Hidden Process Detection BT - Proceedings of the The 1st International Workshop on Cloud Computing and Information Security PB - Atlantis Press SP - 254 EP - 257 SN - 1951-6851 UR - https://doi.org/10.2991/ccis-13.2013.59 DO - 10.2991/ccis-13.2013.59 ID - Chaoyuan2013/11 ER -