The OS Hidden Object Detection Technology Based on Fast Semantic Repair

doi:10.3969/j.issn.0372-2112.2018.05.001

您当前的位置：

首页 >

文章列表页 >

The OS Hidden Object Detection Technology Based on Fast Semantic Repair

更新时间：2025-07-08

- The OS Hidden Object Detection Technology Based on Fast Semantic Repair
- Acta Electronica Sinica Vol. 46, Issue 5, Pages: 1025-1031(2018)
- 作者机构：
  
  1. 中国科学院合肥物质科学研究院, 合肥智能机械研究所智能决策实验室,安徽,合肥,230031
  2. 中国科学技术大学,安徽,合肥,230027
  3. 中国科学院合肥物质科学研究院应用技术所,安徽,合肥,230088
  4. 中国科学院合肥物质科学研究院合肥智能机械研究所智能决策实验室,安徽,合肥,230031
  5. 中国科学技术大学,安徽,合肥,230027
  6. 中国科学院合肥物质科学研究院应用技术所,安徽,合肥,230088
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China (No.31371340);Foundation of National Key Research and Development Program of China (No.2016YFB0502604)
- DOI：10.3969/j.issn.0372-2112.2018.05.001
  CLC： TP316
- Published Online：25 May 2018，
  
  Published：2018
- 稿件说明：
移动端阅览
The OS Hidden Object Detection Technology Based on Fast Semantic Repair[J]. Acta Electronica Sinica, 2018, 46(5): 1025-1031.
DOI：

The OS Hidden Object Detection Technology Based on Fast Semantic Repair[J]. Acta Electronica Sinica, 2018, 46(5): 1025-1031. DOI： 10.3969/j.issn.0372-2112.2018.05.001.

摘要

与传统的入侵检测系统相比，基于虚拟机自省的入侵检测系统的抗干扰性更强.但由于存在语义鸿沟问题，即低层的硬件字节信息与操作系统级语义之间的差异，导致入侵检测系统的通用性和实时性下降.针对此问题，本文提出了Vlhd，一种基于语义鸿沟修复方法的rootkit隐藏对象检测技术.Vlhd将系统分离成离线和在线模块两部分.在线模块用于即时地在虚拟机外部重构虚拟机语义视图；离线模块用于离线地提取操作系统语义知识，并向在线模块提供语义服务.通过对各类Linux操作系统和多种rootkit进行入侵检测试验，发现Vlhd对rootkit的隐藏对象检测效果良好，通用性强.Vlhd的单次扫描时间为34ms，对系统引入了1.1%（扫描周期设置为8s时）的性能开销.

Abstract

Compared with the traditional intrusion detection system

the intrusion detection system based on virtual machine introspection has stronger anti-jamming ability.However

the difference between the hardware byte information and the high level semantics leads to the decrease of the versatility and real-time.Aiming to solve this problem

this paper proposes Vlhd

a OS hidden object detection technology based on semantic repair method.Vlhd separates the system into two parts:the offline module and the online module.The online module reconstructs semantic view outside the target virtual machine;the offline module is responsible for the extraction of OS semantic knowledge

and providing semantic services to the online module.Through a variety of rootkit intrusion detection test in various types of Linux OS

we find that Vlhd can detect the objects hidden by rootkits.A single scan time of Vlhd is 34ms

and the performance overhead is 1.1% (scan cycle is set to 8s).

关键词

Keywords

references

Views

455

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Design on Data Plane of Programmable Hardware-Based Virtual Router

FUPS-DV:Full-Time Preemption CPU Scheduling for Desktop Virtualization

A Survey of Research on Real-Time Dual-OS Architecture for Embedded Platform

Related Author

ZENG Lie-guang

JIN De-peng

SU Li

YANG Mao

LI Yong

LIU Zhong-jin

CHENG Xu

YANG Chun

Related Institution

Department of Electronic Engineering, Tsinghua University

Microprocessor Research and Develop Center of Peking UniversityBeijing 100871China

Parallel Processing Institution of Fudan UniversityShanghai 200433China

Microprocessor Research and Develop Center of Peking University

Parallel Processing Institution of Fudan University

⁰