Hidden Process Detection System Based on Hardware-Assisted Virtualization

Abstract

Hidden process detection is an important issue in information security area. Based on hardware-assisted virtualization, the system proposed in this paper can monitor guest operating system (Guest OS) via the highest privilege level of Virtual Machine Monitor (VMM). It realizes functions of detection, creation monitoring and termination of hidden processes, even for malicious Root kit processes in kernel. Comparing to popular process detection tools using hook functions or relying on unpublicized data structures, the optimized system doesn't depend on any hook function and destroy any data structure of OS, making it much more efficient and better in the area of hidden processes detection.