Snoop-based kernel integrity monitoring apparatus and method thereof

摘要

A snoop-based kernel integrity monitoring apparatus and a method thereof are provided. More particularly, provided are a kernel integrity monitoring apparatus which is provided as a hardware device independent of a host system, and snoops traffic occurring in a system bus of the host system and by detecting a write attempt in a kernel immutable region, monitors integrity of the kernel, and a method thereof. According to the apparatus and method, by analyzing traffic of the system bus of the host system, a write attempt in the kernel immutable region is detected. Thus, a transient attack which is difficult for a snapshot method to detect can be detected.