HProve: A Hypervisor Level Provenance System to Reconstruct Attack Story Caused by Kernel Malware
نویسندگان
چکیده
منابع مشابه
Hypervisor-based malware protection with AccessMiner
In this paper we discuss the design and implementation of AccessMiner, a system-centric behavioral malware detector. Our system is designed to model the general interactions between benign programs and the underlying operating system (OS). In this way, AccessMiner is able to capture which, and how, OS resources are used by normal applications and detect anomalous behavior in real-time. The adva...
متن کاملExperimental Challenges in Cyber Security: A Story of Provenance and Lineage for Malware
Rigorous experiments and empirical studies hold the promise of empowering researchers and practitioners to develop better approaches for cyber security. For example, understanding the provenance and lineage of polymorphic malware strains can lead to new techniques for detecting and classifying unknown attacks. Unfortunately, many challenges stand in the way: the lack of sufficient field data (e...
متن کاملCollecting Provenance via the Xen Hypervisor
The Provenance Aware Storage Systems project (PASS) currently collects system-level provenance by intercepting system calls in the Linux kernel and storing the provenance in a stackable filesystem. While this approach is reasonably efficient, it suffers from two significant drawbacks: each new revision of the kernel requires reintegration of PASS changes, the stability of which must be continua...
متن کاملA System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors
With more than 500 million of activations reported in Q3 2012, Android mobile devices are becoming ubiquitous and trends confirm this is unlikely to slow down. App stores, such as Google Play, drive the entire economy of mobile applications. Unfortunately, high turnovers and access to sensitive data have soon attracted the interests of cybercriminals too with malware now hitting Android devices...
متن کاملK-Tracer: A System for Extracting Kernel Malware Behavior
Kernel rootkits can provide user level-malware programs with the additional capabilities of hiding their malicious activities by altering the legitimate kernel behavior of an operating system. While existing research has studied rootkit hooking behavior in an effort to help develop defense and remediation mechanisms, automated analysis of the actual malicious goals and capabilities of rootkits ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ICST Transactions on Security and Safety
سال: 2019
ISSN: 2032-9393
DOI: 10.4108/eai.8-4-2019.157417