ID | 62323 |
フルテキストURL | |
著者 |
Akao, Yohei
Graduate School of Natural Science and Technology, Okayama University
Yamauchi, Toshihiro
Graduate School of Natural Science and Technology, Okayama University
ORCID
Kaken ID
publons
researchmap
|
抄録 | Attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we discuss KRGuard (Kernel Rootkits Guard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits with small overhead.
|
キーワード | Security
operating system
kernel rootkit
last branch record
|
備考 | © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
3rd International Conference on Information Science and Security (ICISS), Pattaya, Thailand (2016-11-19)
|
発行日 | 2016-12
|
出版物タイトル |
2016 International Conference on Information Science and Security (ICISS)
|
出版者 | IEEE
|
開始ページ | 22
|
終了ページ | 26
|
ISBN | 9781509054930
|
資料タイプ |
会議発表論文
|
関連URL | isVersionOf https://doi.org/10.1109/icissec.2016.7885860
|
言語 |
英語
|
著作権者 | © 2016 IEEE
|
論文のバージョン | author
|
査読 |
有り
|
DOI | |
Web of Science KeyUT |