FoxyTechnique: tricking operating system policies with a virtual machine monitor
Proceedings of the 3rd international conference on Virtual execution environments
Antfarm: tracking processes in a virtual machine environment
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
ACM Transactions on Information and System Security (TISSEC)
Virtualize everything but time
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
| Hi-index | 0.00 |
We propose a mostly OS-independent, VMM-based method that deactivates malware at the granularity of a process. Specifically, the method slows malware processes extremely by shortening the timer interrupt intervals and modifying the system time value: the amount of time that elapses from the boot. We implemented a VMM based on the method, named HyperSlow, and confirmed that it can slow a particular process considerably.