Automated Detection of Persistent Kernel Control-Flow Attacks

机译：自动检测持久性核心控制流攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper presents a new approach to dynamically monitoring operating system kernel integrity, based on a property called state-based control-flow integrity (SBCFI). Violations of SBCFI signal a persistent, unexpected modification of the kernel's control-flow graph. We performed a thorough analysis of 25 Linux rootkits and found that 24 (96%) employ persistent control-flow modifications; an informal study of Windows rootkits yielded similar results. We have implemented SBCFI enforcement as part of the Xen and VMware virtual machine monitors. Our implementation detected all the control-flow modifying rootkits we could install, while imposing unnoticeable overhead for both a typical web server workload and CPU-intensive workloads when operating at 10 second intervals.

机译：本文基于称为状态控制流程完整性（SBCFI）的属性，介绍了动态监控操作系统内核完整性的新方法。违反SBCFI信号的持久性，意外修改内核的控制流程图。我们对25个Linux rootkit进行了彻底的分析，发现24（96％）采用持续控制流动修改; Windows Rootkits的非正式研究产生了类似的结果。我们已经实现了SBCFI强制作为Xen和VMware虚拟机监视器的一部分。我们的实现检测到我们可以安装的所有控制流修改rootkits，同时在以10秒间隔运行时对典型的Web服务器工作负载和CPU密集型工作负载施加不可于无情的开销。

著录项

来源
《Association for Computing Machinery Conference on Computer and Communications Security》|2007年||共13页
会议地点
作者
Nick L. Petroni Jr.; Michael Hicks;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP3-53;
关键词
CFI; Integrity; Virtualization; Rootkit; Kernel;

机译：CFI;完整性;虚拟化;rootkit;内核;

相似文献

外文文献
中文文献
专利

1. Automated detection of repetitive focal activations in persistent atrial fibrillation: Validation of a novel detection algorithm and application through panoramic and sequential mapping [J] . Honarbakhsh Shohreh, Schilling Richard J., Providencia Rui, Journal of cardiovascular electrophysiology . 2019,第1期

机译：持久性心房颤动中重复焦点激活的自动检测：通过全景和顺序映射验证新型检测算法和应用
2. 69Automated detection of repetitive focal activations in persistent atrial fibrillation: validation of a novel detection algorithm and application through panoramic and sequential mapping [J] . SHonarbakhsh, R JSchilling, GDhillon, Europace: European pacing, arrhythmias, and cardiac electrophysiology : journal of the working groups on cardiac pacing, arrhythmias, and cardiac cellular electrophysiology of the European Society of Cardiology . 2018,第Suppla4期

机译：69Automated检测持久性心房颤动中的重复局灶性激活：通过全景和顺序映射验证新型检测算法和应用
3. Sparse auto-encoder combined with kernel for network attack detection [J] . Han Xiaolu, Liu Yun, Zhang Zhenjiang, Computer Communications . 2021,第May期

机译：稀疏的自动编码器与内核进行网络攻击检测
4. Automated detection of persistent kernel control-flow attacks [C] . Nick L. Petroni, Michael Hicks, PMichael Hicks ACM conference on Computer and communications security . 2007

机译：自动检测持久性内核控制流攻击
5. Automated detection and containment of stealth attacks on the operating system kernel. [D] . Baliga, Arati. 2009

机译：自动检测和遏制操作系统内核上的隐身攻击。
6. Automated detection of repetitive focal activations in persistent atrial fibrillation: Validation of a novel detection algorithm and application through panoramic and sequential mapping [O] . Shohreh Honarbakhsh, Richard J. Schilling, Rui Providencia, -1

机译：在持续性房颤中自动检测重复性局灶性激活：通过全景和顺序映射验证新型检测算法和应用
7. Automated Detection of Persistent Kernel Control-Flow Attacks [O] . Nick L. Petroni, Jr., Michael Hicks 2007

机译：自动检测持久内核控制流攻击

Automated Detection of Persistent Kernel Control-Flow Attacks

摘要

著录项

相似文献

相关主题

期刊订阅