Open Access Open Access  Restricted Access Subscription Access

HODetector: The Hidden Objects Detection Based on Static Semantic Information Library Outside Virtual Machine

YongGang Li,
ChaoYuan Cui,
BingYu Sun,
WenBo Li,

Abstract


With the spread of malwares, the security of virtual machine (VM) is suffering severe challenges recent years. Rootkits and their variants can hide themselves and other kernel objects such as processes, files, and modules making malicious activity hard to be detected. The existed solutions are either coarse-grained, monitoring at virtual machine level, or non-universal, only supporting specific operating system with specific modification. In this paper, we propose a fine-grained approach called HODetector based on static semantic information library (SSIL) to detect the hidden objects outside VM. We have deployed HODetector prototype on Xen virtualization platform and used it to detect the processes, files, and modules hidden by rootkits. The experiment results show that HODetector is effective for different rootkits and general for Linux operating system with various kernels.


Citation Format:
YongGang Li, ChaoYuan Cui, BingYu Sun, WenBo Li, "HODetector: The Hidden Objects Detection Based on Static Semantic Information Library Outside Virtual Machine," Journal of Internet Technology, vol. 19, no. 5 , pp. 1393-1400, Sep. 2018.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Library and Information Center, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan, R.O.C.
Tel: +886-3-931-7017  E-mail: jit.editorial@gmail.com