Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Blacksheep: detecting compromised hosts in homogeneous crowds
Proceedings of the 2012 ACM conference on Computer and communications security
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
In recent years, malware has grown extremely rapidly in complexity and rates of system infection. Current generation anti-virus and anti-malware software provides system protection through the use of locally installed monitoring agents, which are dependent upon vendor generated signature and heuristic based rules. However, because these monitoring agents are installed within the systems they are trying to protect, they themselves are potential targets of attack by malware. Pathogen overcomes this issue by using a real-time system monitoring and analysis framework that utilises Virtual Machine introspection (VMI) to allow the monitoring of a system without the need for any locally installed agents. One of the main research problems in VMI is how to parse and interpret the memory of an executing system from outside of that system. Pathogen's contribution is a lightweight introspection framework that bridges the semantic gap.