For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
31
views
17
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
0 collections
    0
    shares
      115
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access

      Preprint
      Author(s): ,
      Publication date Created:

      Read this article at

      ScienceOpenArXiv
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX is able to protect critical kernel memory areas even when PatchGuard has been disabled by malware. Its main innovative features are as follows: guaranteed interception of every memory access, resilience, and low performance degradation.

          Related collections

          Most cited references17

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

          Yuanzhong Xu, Weidong Cui, Marcus Peinado (2015)
          Article 0 comments Cited 69 times – based on 0 reviews
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity

            Zhi Wang, Xuxian Jiang (2010)
            Article 0 comments Cited 32 times – based on 0 reviews
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system

              Tamas K. Lengyel, Steve Maresca, Bryan Payne (2014)
              Article 0 comments Cited 13 times – based on 0 reviews
                All references

                Author and article information

                Journal
                Publication date Created: 2017-05-18
                Article
                ArXiV ID: 1705.06784
                SO-VID: e006ca30-1cf3-4654-92fc-76011f98aaeb
                License:

                http://creativecommons.org/publicdomain/zero/1.0/

                History
                Custom metadata
                Comments Proceedings of the 12th annual Conference on Digital Forensics, Security and Law (CDFSL), Embry-Riddle Aeronautical University, Daytona Beach, Florida, USA. May 15-16 2017. 31 pages, 14 figures, 3 tables, 101 references
                Categories cs.CR

                ScienceOpen disciplines: Security & Cryptology
                Data availability:
                ScienceOpen disciplines: Security & Cryptology

                Comments

                Comment on this article

                Related Documents Log