ID | 62354 |
フルテキストURL | |
著者 |
Yamauchi, Toshihiro
Graduate School of Natural Science and Technology, Okayama University
ORCID
Kaken ID
publons
researchmap
Akao, Yohei
Graduate School of Natural Science and Technology, Okayama University
|
抄録 | An operating system is an essential piece of software that manages hardware and software resources. Thus, attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we propose Kernel Rootkits Guard (KRGuard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using the hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits that involve new branches in the system call handler processing with small overhead.
|
キーワード | kernel rootkit detection
last branch record
operating system
system security
|
発行日 | 2017-10-01
|
出版物タイトル |
IEICE Transactions on Information and Systems
|
巻 | E100.D巻
|
号 | 10号
|
出版者 | Institute of Electronics, Information and Communications Engineers (IEICE)
|
開始ページ | 2377
|
終了ページ | 2381
|
ISSN | 0916-8532
|
資料タイプ |
学術雑誌論文
|
言語 |
英語
|
著作権者 | © 2017 The Institute of Electronics, Information and Communication Engineers
|
論文のバージョン | publisher
|
DOI | |
Web of Science KeyUT | |
関連URL | isVersionOf https://doi.org/10.1587/transinf.2016inl0003
|