Publication Type:

Conference Paper

Source:

2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE) (2015)

Keywords:

advanced persistent attacks, Advanced Persistent Threat, antivirus, backdoor port, Cloud computing, guest operating system protection, high level information, Hypervisor, hypervisor level, Intrusion detection, invasive software, Kernel, malicious process detection approach, malware, memory introspection, Monitoring, operating system kernels, Ports (Computers), rootkit, security defense mechanism, Semantic gap, spurious process detection, spyware, state inspection, stealthy control, system call details, underlining operating system kernel, Virtual machine, Virtual machine introspection, Virtual machine monitors, virtual machine protection, virtual machine state security, virtual machines, Virtual machining, virtualisation, Virtualization, virtualized cloud computing environment, vulnerability exploitation

Abstract:

Virtual Machines are prime target for adversary to take control by exploiting the identified vulnerability present in it. Due to increasing number of Advanced Persistent Attacks such as malware, rootkit, spyware etc., virtual machine protection is highly challenging task. The key element of Advanced Persistent Threat is rootkit that provides stealthy control of underlining Operating System (kernel). Protecting individual guest operating system by using antivirus and commercial security defense mechanism is cost effective and ineffective for virtualized environment. To solve this problem, Virtual Machine Introspection has emerged as one of the promising approaches to secure the state of the virtual machine. Virtual Machine Introspection inspects the state of multiple virtual machines by operating outside the virtual machine i.e. at hypervisor level. In this work, Virtual Machine Introspection based malicious process detection approach is proposed. It extracts the high level information such as system call details, opened known backdoor ports from introspected memory to identify the spurious process. It triggers an alert in response to detected intrusion.

Cite this Research Publication

Ajay Kumara and Jaidhar, C. D., “Virtual machine introspection based spurious process detection in virtualized cloud computing environment”, in 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), 2015.

207
PROGRAMS
OFFERED
6
AMRITA
CAMPUSES
15
CONSTITUENT
SCHOOLS
A
GRADE BY
NAAC, MHRD
8th
RANK(INDIA):
NIRF 2018
150+
INTERNATIONAL
PARTNERS