P. Mishra, Ishita Verma, Saurabh Gupta, Varun S. Rana, Kavitha Kadarla
{"title":"vProVal:基于自省的进程验证在基于kvm的云环境中检测恶意软件","authors":"P. Mishra, Ishita Verma, Saurabh Gupta, Varun S. Rana, Kavitha Kadarla","doi":"10.1109/FMEC.2019.8795365","DOIUrl":null,"url":null,"abstract":"In the modern era of computing, Cloud security is of paramount importance. Most of the research mainly focused on In-Virtual Machine (VM) security techniques for detecting malware affecting virtual domains running in the Cloud. In-VM security techniques are deployed inside the VM and hence they are very much prone to subversion attacks. In this paper, an-VM monitoring approach based on introspection, called vProVal, is proposed. The vProVal is designed to detect the hidden processes and rootkits that disable the security tool, running in the monitored VM in Kernel VM (KVM)-based cloud environment. It performs the malware detection from outside the VM at the KVM-layer and hence more robust to attacks. The introspection technique used is to extract the low-level details of a running VM from hypervisor by viewing its memory, trapping on hardware events, and accessing the vCPU registers. A preliminary analysis has been performed and the approach is found to be promising.","PeriodicalId":101825,"journal":{"name":"2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"vProVal: Introspection based Process Validation for Detecting Malware in KVM-based Cloud Environment\",\"authors\":\"P. Mishra, Ishita Verma, Saurabh Gupta, Varun S. Rana, Kavitha Kadarla\",\"doi\":\"10.1109/FMEC.2019.8795365\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the modern era of computing, Cloud security is of paramount importance. Most of the research mainly focused on In-Virtual Machine (VM) security techniques for detecting malware affecting virtual domains running in the Cloud. In-VM security techniques are deployed inside the VM and hence they are very much prone to subversion attacks. In this paper, an-VM monitoring approach based on introspection, called vProVal, is proposed. The vProVal is designed to detect the hidden processes and rootkits that disable the security tool, running in the monitored VM in Kernel VM (KVM)-based cloud environment. It performs the malware detection from outside the VM at the KVM-layer and hence more robust to attacks. The introspection technique used is to extract the low-level details of a running VM from hypervisor by viewing its memory, trapping on hardware events, and accessing the vCPU registers. A preliminary analysis has been performed and the approach is found to be promising.\",\"PeriodicalId\":101825,\"journal\":{\"name\":\"2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC)\",\"volume\":\"105 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FMEC.2019.8795365\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FMEC.2019.8795365","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
vProVal: Introspection based Process Validation for Detecting Malware in KVM-based Cloud Environment
In the modern era of computing, Cloud security is of paramount importance. Most of the research mainly focused on In-Virtual Machine (VM) security techniques for detecting malware affecting virtual domains running in the Cloud. In-VM security techniques are deployed inside the VM and hence they are very much prone to subversion attacks. In this paper, an-VM monitoring approach based on introspection, called vProVal, is proposed. The vProVal is designed to detect the hidden processes and rootkits that disable the security tool, running in the monitored VM in Kernel VM (KVM)-based cloud environment. It performs the malware detection from outside the VM at the KVM-layer and hence more robust to attacks. The introspection technique used is to extract the low-level details of a running VM from hypervisor by viewing its memory, trapping on hardware events, and accessing the vCPU registers. A preliminary analysis has been performed and the approach is found to be promising.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
