Peng Jiang,Hongyi Wu,Cong Wang,Chunsheng Xin

DOI: https://doi.org/10.1109/ICC.2018.8422830

2018-01-01

Abstract:Identity-based attacks such as MAC spoofing are common in wireless networks. The recently developed virtualization technologies bring a new type of MAC spoofing attack, virtual MAC spoofing. This makes it even more challenging to detect such attacks, especially in a tight environment with spatial similarities. In this paper, we design, implement and evaluate a system to effectively detect virtual MAC spoofing attacks via deep learning. A deep convolutional neural network is constructed to extract physical features from CSI obtained from packet transmissions, to detect virtual MAC spoofing attacks. An important merit of the proposed detection system is that this system can distinguish two devices even at the same location, which was not well addressed by previous approaches. Our extensive experimental results demonstrate the effectiveness of the system with an average detection accuracy of 95%, even when devices are co-located.

Hong CHEN,Weiwei YANG,Jiankun SHI,Weiqiang LIN

DOI: https://doi.org/10.16400/j.cnki.kjdkz.2015.07.086

2015-01-01

Abstract:In order to reduce the harm of the computer virus, the proposal is presented to cut off the computer virus' lifecycle based on the working principles of the computer virus. The effective strategy is to implement the defense mechanism during the design stage, the propagation phase and the operation phase with the safety education, which demonstrates it is effective to reduce the average probability of poisoning about 23%and the percentage of working hours is improved 25%in lab of uni-versities and colleges.

Jia-xi HU,Yi-jun WANG,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.12.028

2017-01-01

Abstract:Malicious code under the new situation is more focused on specific scenarios, such as banks, enterprise intranets, Internet of things, etc. Malicious code in different scenarios needs, as a common thing, to bypass anti-virus software and other defense systems. Via study and analysis on the working principle of anti-virus software and a large number of malicious code samples, some anti-anti-virus technology involving white list, code obfuscation, sandbox bypassing and other antivirus-bypassing software tricks is proposed. Based on the above anti-anti-virus technology, the malicious code samples are packaged for a second time, and the tests of their anti-anti-virus killing rates also done on VirusTotal platform. The test results indicate that the anti-anti-virus technology makes the killing rate of malicious code sample significantly reduced, and that the reliance only on anti-virus software for preventing malicious code is not very reliable.

YANG Feng,JIANG Hui,ZHUGE Jian-wei,DUAN Hai-xin

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.08.040

2012-01-01

Abstract:Due to the advantages of resources utilization,management and isolation,Virtualization Technology has been widely used in the areas of virtual server,malware analysis and cloud computing platform.The malicious code writers and security researchers start a new game in Virtualization Technology,and how to detect the presence of virtual environments becomes a hot research topic.This paper,introduces the significance of Virtual Machine Environment(VME) Detection Methods,uses examples to describe the principles and methods of local and remote VME detection,makes a summary of VME Detection Methods,indicates the direction of Virtualization transparency,analyses and discusses the future trend.

Lin Jie,Liu Chuanyi,Fang Binxing

DOI: https://doi.org/10.19682/j.cnki.1005-8885.2020.0037

2020-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

guofeng wang,chuanyi liu,jie lin

DOI: https://doi.org/10.1007/978-3-662-43908-1_4

2014-01-01

Abstract:Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

YANG Ming,HUANG Liu-sheng

2011-01-01

Abstract:With the development of reverse engineering,previous traditional methods to protect software do not meet the need of modern software protection.A new virtual-machine-based scheme is proposed.It encodes the local machine instructions into virtual instructions,which are interpreted and executed by the virtual machine.The software semantics is also abstracted.This makes the reverse engineers very hard to understand the high level logic of the original program.Moreover,nested virtual machine technique is adopted in the scheme.Thus a reverse engineer has to fully understand the prior layer before he can proceed with the next layer.By this,a high security for software protection is achieved.

Lein Harn,Hung-Yu Lin,Shoubao Yang

DOI: https://doi.org/10.1145/131214.131270

1992-01-01

Abstract:In the absence of systematic techniques to detect the existence of computer viruses, preventing suspicious software from entering the system at the initial point of entry appears to be the best method to protect computing resources against attacks of computer viruses. Currently, software is distributed primarily by diskettes instead of online transmission. Diskettes are more susceptible to modification and masquerading while on-line transmission usually follows proper user/message authentication. A software authentication system is proposed which does not require a mutually trusted center of both software vendors and users, or users' interaction with any key center. Vendors assume responsibility by signing released software and users verify the authenticity of received software before using it. Through such an authentication process, users eliminate the risk of running “unlicensed” or modified programs, thus eliminating the possibility of virus infections.

JIN Wei,LI Ming-lu,WENG Chu-liang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.15.036

2011-01-01

Abstract:This paper aims to explore the security of the Virtual Machine Monitor(VMM),combined with open source virtualization software Xen to analyze the potential threats and vulnerabilities,such as tampering with hypercalls,malicious direct memory access.It designs and implements a way to undermine the stability of virtual machine by modifying VCPU state and meanwhile give countermeasures,such as verifying critical data structures to discover whether it is invaded,or forbidding the loading of module to eliminate all possible security risks posed by the module.

Caiming Liu,Xiaojie Liu,Tao Li,Jinquan Zeng,Lingxi Peng,Yan Zhang

2007-01-01

Abstract:An artificial immunity-based method for dynamic script-virus detection is presented. Antigen and antibody in the environment of virus detection are defined. Processes of self-tolerance and clone selection are simulated. Self and memory antibody are evolved dynamically. The mechanism of dynamic production and elimination of mature antibody is set up. The experiment result shows that the method can detect virus well, andmutated and unknown script-virus can be detected.

JIANG Xueyuan,LI Minglu,WENG Chuliang

DOI: https://doi.org/10.3778/j.issn.1673-9418.2011.05.007

2011-01-01

Abstract:During the development of network computing and cloud computing,virtualization grows up quickly as the base technology.Virtualization live migration is an important feature for applications based on virtualization.Basic live migration protocol is too simple,and security hazard exists.Based on Xen virtualization platform,the performance of existed security solutions and the influence to live migration of these solutions are tested.The weakness of existed solutions is shown by attack based on sniffer and address resolution protocol(ARP) spoofing.The idea of solving the new problem is given.

Ming Liu,Yuxuan He,Zhi Xue,Xiangjian He,Jinjun Chen

DOI: https://doi.org/10.1109/mce.2019.2941351

2019-01-01

IEEE Consumer Electronics Magazine

Abstract:Computer viruses can affect any consumer electronics that need an operating system, such as tablet, and smartphone. To address the issue of computer viruses, some detection systems that contain multiple antivirus engines are being used. The systems may save and share user-uploaded files to the community, which is not acceptable for users with high privacy requirement. This paper presents a private multiengine online virus detection system called MultiScan that can perform the "isolated detection and update" to guarantee that the uploaded confidential samples are not exposed to the Internet.

GUAN Xin,ZHU Bing,CHEN Zhen,PENG Xue-hai

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.04.003

2013-01-01

Abstract:As the computing technology flourishes recently,the computing world is also in the peril of viruses.Network transferred viruses,such as worms,which threat millions of hosts in Internet.As countermeasure of such attacks,the research work for Anti-Virus is urgent affairs and a big problem.This paper describes an implementation of Anti-Virus engine.It focuses on technologies for scanning viruses by the use of virus signatures based on Hex Sig and MD5 Sig.The author implements two Hex-Sig-based scanning algorithms by using binary tree and hash table,and compares the performances of the two algorithms.Some conceived experiments are conducted,and results show that the hash-table-based algorithm achieves better performance in terms of the scanning speed.The author also investigates into a MD5-Sig-based scanning algorithm,and evaluates its performance.Finally,future work is planned and prospected.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/ChinaGrid.2009.45

2009-01-01

Abstract:It is very important to protect critical resources such as private data and code in computer systems. It is promising to protect private data and to improve the system security by leveraging the isolation attribute of virtual machine(VM). The isolation attribute of VM is provided by Virtual Machine Monitor (VMM) that runs in higher priority than guest OSes. If the critical components are isolated in VMs,access control can be enforced or attestation can be made when the subject is accessing via VMs. In this way, VMs can improve the security level of critical components such as OS, kernel, data, and applications. For computer system security, VMs can be used to detect malware intrusions and to protect critical components, which can be implemented by integrating detection or protection mechanism in either VMM or VMs. Authentication is required to create trustful VMs. This paper surveys technologies related of using virtual machines to enhance system security.

Tengfei Yi,Aijun Zong,Miao Yu,Shang Gao,Qian Lin,Peijie Yu,Zhong Ren,Zhengwei Qi

DOI: https://doi.org/10.1109/icrccs.2009.63

2009-01-01

Abstract:Anti-debugging technique is widely used to protect executable files in commercial software applications. However, most of contemporary anti-debugging products fail to guarantee their functionalities in that when the application code is running on Ring 0 or above, malicious attackers can still manipulate it to block the anti-debugging process. This paper introduces an anti-debugging framework based on hardware virtualization technology called Virtual Machine Monitor (VMM), which can monitor each code running above its privilege level on Intel x86 platform. Our experiments demonstrate that major debuggers running on Microsoft Windows, such as VC2005 and WinDBG, are incapable to debug the target application with the protection of our anti-debugging framework.

Babak Bashari Rad,Maslin Masrom,Suhaimi Ibrahim

DOI: https://doi.org/10.48550/arXiv.1104.1070

2011-04-06

Cryptography and Security

Abstract:This paper presents a general overview on evolution of concealment methods in computer viruses and defensive techniques employed by anti-virus products. In order to stay far from the anti-virus scanners, computer viruses gradually improve their codes to make them invisible. On the other hand, anti-virus technologies continually follow the virus tricks and methodologies to overcome their threats. In this process, anti-virus experts design and develop new methodologies to make them stronger, more and more, every day. The purpose of this paper is to review these methodologies and outline their strengths and weaknesses to encourage those are interested in more investigation on these areas.

MA Jian-kun,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.11.024

2011-01-01

Computer Science

Abstract:The message flow of Windows operating system was introduced and the potential threats was analyzed.A solution based on hardware-assisted virtualization was developed to defend against the software key logger.A virtual machine monitor was implemented using Intel virtual technology.When the protected thread is reading keyboard input,the keyboard interrupt is handled in the virtual machine monitor.By reading scan code of the keyboard in the virtual machine monitor,the keyboard input can be safely sent to the protected thread.

Chen Zhifeng,Zhang Shensheng,Zhang Xizhe

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.03.092

2009-01-01

Abstract:The security of cryptography system is based on the safety of cipher key.The cipher key which was stored in the computer system can be easily obtained by malicious worms like computer virus etc,and then the security of computer system was broken down.This paper brings forward an approach to solve this issue by using virtual machine technology and multi-core technology,at the same time the solution model and implementation of the cryptography system based on them are also introduced.

Yang Zhao,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.04.001

2013-01-01

Abstract:This paper proposes a method to automatically detect anti-analysis malware.This approach records the traces of system calls and instructions executed by malware across four different analysis platform based on two monitoring and recording technologies.At first,the system call traces are compared.If a deviation exists,further comparison on instruction traces is needed to determine whether the root cause is anti-analysis or not.Experimental results have demonstrated that the approach can detect varies of analysis evasion technology.

Qingkai Zeng

2013-01-01

Abstract:In order to improve the security of operate systems and applications,the system virtualization technology is studied;the typical security applications and research are discussed.According to the software level of existing researches,the current research progress and future trends from three aspects: security improvement of applications,operating system and virtual machine monitor are analyzed and summarized.An analysis and debug method for malware based on system virtualization be designed,the feasibility and effectiveness of the method are verified by implementing prototype system on the Intel-VT platform.