Nowadays, many scholars would like to use evidence derived from elicitation and introspection in their research. Both elicitation and introspection are common methods of data collection. The essay discusses the useful...Nowadays, many scholars would like to use evidence derived from elicitation and introspection in their research. Both elicitation and introspection are common methods of data collection. The essay discusses the usefulness and pitfall of elicitation and introspection. It finds out that both elicitation and introspection have their own advantages and disadvantages.展开更多
The authors thank the discusser for his interest and careful review of the paper and his valuable comments. They also welcome this discussion,because it gives the authors the opportunity to clarify several points whic...The authors thank the discusser for his interest and careful review of the paper and his valuable comments. They also welcome this discussion,because it gives the authors the opportunity to clarify several points which were not explained in sufficient detail in the paper,due展开更多
The authors thank the discusser for the additional information,which is provided related to the historical interventions of the church through the centuries. This information was known to the authors,however they deci...The authors thank the discusser for the additional information,which is provided related to the historical interventions of the church through the centuries. This information was known to the authors,however they decided not to include it in the paper because of lack of space.Additional details regarding the retrofit展开更多
Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two...Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.展开更多
The thesis of the paper,which is the object of this Discussion,is that the considerable damage suffered by the Basilica,after the earthquake of L’Aquila in 2009,was the exclusive result of the intervention of seismic...The thesis of the paper,which is the object of this Discussion,is that the considerable damage suffered by the Basilica,after the earthquake of L’Aquila in 2009,was the exclusive result of the intervention of seismic improvement of the naves,made in 2000;such展开更多
By L. we denote the set of all propositional fornmlas. Let C be the set of all clauses. Define C_n=C(Lη:η∈C}.In Sec. 2 of this paper. we prove that for normal modal logics S, the notions of (S. C_)-expansions and S...By L. we denote the set of all propositional fornmlas. Let C be the set of all clauses. Define C_n=C(Lη:η∈C}.In Sec. 2 of this paper. we prove that for normal modal logics S, the notions of (S. C_)-expansions and S-expansions coincide. In Sec. 3. we prove that if I consists of default clauses then the notions of S-expansions for I and (S.C)-expansions for I coincide. To this end. we first show. in Sec 3.that the notion of S-expansions for I is the same as that of (S.L)-expansions for I.展开更多
The vigorous development of the Internet is changing all aspects of our lives.Today’s“Internet plus”concept has played a vital role in the economic field with its unique advantages.In the cultural field,it still in...The vigorous development of the Internet is changing all aspects of our lives.Today’s“Internet plus”concept has played a vital role in the economic field with its unique advantages.In the cultural field,it still influences people’s spiritual and cultural life in a unique way.The free,open,and equal nature of the Internet provides an unprecedented broad platform for contemporary art criticism,and also frees it from the monopoly of a few authorities,entering the artistic life of the general public with a more humane and new attitude.This has played a certain guiding role in artistic creation,appreciation,dissemination,and popularization.展开更多
Landscape designs for modern urban open spaces are studied on the basis of traditional aesthetics, while aesthetic basis and development orientation can be provided for such designs through studies on traditional aest...Landscape designs for modern urban open spaces are studied on the basis of traditional aesthetics, while aesthetic basis and development orientation can be provided for such designs through studies on traditional aesthetics. It is hoped that landscape designs from aesthetic perspective can correct people’s aesthetic attitudes towards the city, transform their habitual aesthetic modes, so as to cultivate new aesthetic tastes.展开更多
Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In...Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.展开更多
The going global strategy of Chinese literature is a vital part of the going global strategy of Chinese culture. In recent years,the Chinese government has launched and strongly supported a series of activities and pr...The going global strategy of Chinese literature is a vital part of the going global strategy of Chinese culture. In recent years,the Chinese government has launched and strongly supported a series of activities and projects to promote this strategy,but little effect has been produced. Starting from analyzing the predicament and reasons of the current strategy,the essay suggests four strategic paths: enhancing the overall strength of the country to promote the international influence of Chinese culture,strengthening cultural awareness and cultural introspection,integrating the nationality and cosmopolitan of literature and establishing a market-oriented literary translation mechanism.展开更多
Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential role...Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.展开更多
Requirements elicitation is a fundamental phase of software development in which an analyst discovers the needs of different stakeholders and transforms them into requirements.This phase is cost-and time-intensive,and...Requirements elicitation is a fundamental phase of software development in which an analyst discovers the needs of different stakeholders and transforms them into requirements.This phase is cost-and time-intensive,and a project may fail if there are excessive costs and schedule overruns.COVID-19 has affected the software industry by reducing interactions between developers and customers.Such a lack of interaction is a key reason for the failure of software projects.Projects can also fail when customers do not know precisely what they want.Furthermore,selecting the unsuitable elicitation technique can also cause project failure.The present study,therefore,aimed to identify which requirements elicitation technique is the most cost-effective for large-scale projects when time to market is a critical issue or when the customer is not available.To that end,we conducted a systematic literature review on requirements elicitation techniques.Most primary studies identified introspection as the best technique,followed by survey and brainstorming.This finding suggests that introspection should be the first choice of elicitation technique,especially when the customer is not available or the project has strict time and cost constraints.Moreover,introspection should also be used as the starting point in the elicitation process of a large-scale project,and all known requirements should be elicited using this technique.展开更多
This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’behavior.Current security solutions rely on...This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’behavior.Current security solutions rely on information coming from attackers.Examples are current monitoring and detection security solutions such as intrusion prevention/detection systems and firewalls.This article envisions creating an imbalance between attackers and defenders in favor of defenders.As such,we are proposing to flip the security game such that it will be led by defenders and not attackers.We are proposing a security system that does not observe the behavior of the attack.On the contrary,we draw,plan,and follow up our own protection strategy regardless of the attack behavior.The objective of our security system is to protect assets rather than protect against attacks.Virtual machine introspection is used to intercept,inspect,and analyze system calls.The system callbased approach is utilized to detect zero-day ransomware attacks.The core idea is to take advantage of Xen and DRAKVUF for system call interception,and leverage system calls to detect illegal operations towards identified critical assets.We utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware attacks.The obtained results are promising and indicate that our prototype will achieve its goals.展开更多
The present paper discusses introspective methods in applied linguistics. Introspective methods are ways of eliciting self-reflections from respondent. Two special techniques of introspective methods, namely, Think-al...The present paper discusses introspective methods in applied linguistics. Introspective methods are ways of eliciting self-reflections from respondent. Two special techniques of introspective methods, namely, Think-aloud and Retrospective in?terview are presented. Furthermore, an evaluation of these methods is also provided.展开更多
<p align="justify"> <span style="font-family:Verdana;"></span>This double blind randomized clinical trial with 84 participants, revealed that mental patients diagnosed with narcis...<p align="justify"> <span style="font-family:Verdana;"></span>This double blind randomized clinical trial with 84 participants, revealed that mental patients diagnosed with narcissism, and narcissistic celebrities mirror each other’s paranoid, obsessive and histrionic symptomatology, grandiosity, manipulative charm, and inner emptiness. Elite narcissists manifested insidious sadism in the absence of depressive affect, while the narcissistic patients were differentiated by their depressive and masochistic symptomatology. Elite narcissists demonstrated advanced empathic skills, contradicting past literature. However, their empathic advantage appeared void of compassion, merely employed as a self-serving tactic to exploit, intimidate and subordinate. Both experimental narcissistic groups evidenced more prevalent psychopathology, yet, higher achievement, efficacy and ambition than their reciprocal control groups, confirming the narcissists’ finesse in concealing psychopathology under the brilliance of their pseudosuperiority. The main danger is the affinity between masochism and sadism, bonding low and high functioning narcissistic counterparts to endlessly feed from each-others’ pathology, forming dysfunctional interpersonal relationships, cults or disintegrating societies. This sadomasochistic dependency also reflects several countries’ authoritarian trends, where narcissistic constituents’ unyielding loyalty elevates idolized leaders to power, preluding the establishment of toxic tyrannical governments. </p>展开更多
The present study investigates the testees' test-taking process for banked cloze, focusing on the following two aspects: the information sources and strategies. Employing simultaneous introspection and immediate r...The present study investigates the testees' test-taking process for banked cloze, focusing on the following two aspects: the information sources and strategies. Employing simultaneous introspection and immediate retrospection, the study is conducted among 18 non-English major students. After examining their test-taking processes, a framework for analyzing testees' test-taking processes for banked cloze test is put forward. And then the researcher applies this framework to analyze the testees' protocols. Results show that regarding information sources, clause-level information accounts for the largest proportion, followed by text-level information, sentence-level information and extra-textual information, and in terms of strategies, the testees show a clear preference for bottom-up processing strategies, followed by top-down processing strategies and test-wise processing strategies. The verbal protocols have further revealed that the proficient readers seem to have a context-based reading model and they prefer to grasp the gist of the text, whereas the less proficient readers often employ word-based approaches and they are apt to identify parts of the text.展开更多
Facing that the students were afraid of speaking English, we conducted a business English mock companies program to encourage students to communicate in English within a business environment. After fully preparation, ...Facing that the students were afraid of speaking English, we conducted a business English mock companies program to encourage students to communicate in English within a business environment. After fully preparation, students found they could speak English fluently to motivate their interest of English. This article is a report stating the aim, method, result and conclusion of this program. Besides, a foreign instructor gives her opinion of the mock program.展开更多
For the lack of detailed semantic in prior works, a transparent fine-grained monitoring technique (cMonitor) is pro- posed. Deployed outside the virtual machines, the cMonitor util- izes the elevated privileges of t...For the lack of detailed semantic in prior works, a transparent fine-grained monitoring technique (cMonitor) is pro- posed. Deployed outside the virtual machines, the cMonitor util- izes the elevated privileges of the virtual machine monitor to monitor the network connection, the processes and the relationship between them in protected systems by reconstructing fine-grained system semantics. These semantics contain process states and corresponding network connection. Experimental results show that cMonitor not only can be rapidly deployed in realistic cloud, but also can effectively and universally obtain these fine-grained semantics to assist detection of some advanced network attack. Meanwhile, the network performance overhead is about 3%, which is acceptable.展开更多
Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat...Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.展开更多
文摘Nowadays, many scholars would like to use evidence derived from elicitation and introspection in their research. Both elicitation and introspection are common methods of data collection. The essay discusses the usefulness and pitfall of elicitation and introspection. It finds out that both elicitation and introspection have their own advantages and disadvantages.
文摘The authors thank the discusser for his interest and careful review of the paper and his valuable comments. They also welcome this discussion,because it gives the authors the opportunity to clarify several points which were not explained in sufficient detail in the paper,due
文摘The authors thank the discusser for the additional information,which is provided related to the historical interventions of the church through the centuries. This information was known to the authors,however they decided not to include it in the paper because of lack of space.Additional details regarding the retrofit
基金This paper is supported by National Natural Science Foundation of China(http://www.nsfc.gov.cn/)under Grant No.61872111,and Sichuan Science and Technology Program(http://kjt.sc.gov.cn/)under Grant No.2019YFSY0049 which are both received by L.Ye.
文摘Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.
文摘The thesis of the paper,which is the object of this Discussion,is that the considerable damage suffered by the Basilica,after the earthquake of L’Aquila in 2009,was the exclusive result of the intervention of seismic improvement of the naves,made in 2000;such
文摘By L. we denote the set of all propositional fornmlas. Let C be the set of all clauses. Define C_n=C(Lη:η∈C}.In Sec. 2 of this paper. we prove that for normal modal logics S, the notions of (S. C_)-expansions and S-expansions coincide. In Sec. 3. we prove that if I consists of default clauses then the notions of S-expansions for I and (S.C)-expansions for I coincide. To this end. we first show. in Sec 3.that the notion of S-expansions for I is the same as that of (S.L)-expansions for I.
文摘The vigorous development of the Internet is changing all aspects of our lives.Today’s“Internet plus”concept has played a vital role in the economic field with its unique advantages.In the cultural field,it still influences people’s spiritual and cultural life in a unique way.The free,open,and equal nature of the Internet provides an unprecedented broad platform for contemporary art criticism,and also frees it from the monopoly of a few authorities,entering the artistic life of the general public with a more humane and new attitude.This has played a certain guiding role in artistic creation,appreciation,dissemination,and popularization.
文摘Landscape designs for modern urban open spaces are studied on the basis of traditional aesthetics, while aesthetic basis and development orientation can be provided for such designs through studies on traditional aesthetics. It is hoped that landscape designs from aesthetic perspective can correct people’s aesthetic attitudes towards the city, transform their habitual aesthetic modes, so as to cultivate new aesthetic tastes.
基金This research was supported in part by the National Natural Science Foundation of China under grant numbers 61672206,61572170.
文摘Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.
基金The study has been supported by Center for Translation Studies of Guangdong University of Foreign Studies(Fund No.CTS201711B).
文摘The going global strategy of Chinese literature is a vital part of the going global strategy of Chinese culture. In recent years,the Chinese government has launched and strongly supported a series of activities and projects to promote this strategy,but little effect has been produced. Starting from analyzing the predicament and reasons of the current strategy,the essay suggests four strategic paths: enhancing the overall strength of the country to promote the international influence of Chinese culture,strengthening cultural awareness and cultural introspection,integrating the nationality and cosmopolitan of literature and establishing a market-oriented literary translation mechanism.
文摘Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.
基金funding this work through research group no.RG-1441-490.
文摘Requirements elicitation is a fundamental phase of software development in which an analyst discovers the needs of different stakeholders and transforms them into requirements.This phase is cost-and time-intensive,and a project may fail if there are excessive costs and schedule overruns.COVID-19 has affected the software industry by reducing interactions between developers and customers.Such a lack of interaction is a key reason for the failure of software projects.Projects can also fail when customers do not know precisely what they want.Furthermore,selecting the unsuitable elicitation technique can also cause project failure.The present study,therefore,aimed to identify which requirements elicitation technique is the most cost-effective for large-scale projects when time to market is a critical issue or when the customer is not available.To that end,we conducted a systematic literature review on requirements elicitation techniques.Most primary studies identified introspection as the best technique,followed by survey and brainstorming.This finding suggests that introspection should be the first choice of elicitation technique,especially when the customer is not available or the project has strict time and cost constraints.Moreover,introspection should also be used as the starting point in the elicitation process of a large-scale project,and all known requirements should be elicited using this technique.
基金This project is funded by King Abdulaziz City for Science and Technology(KACST)under the National Science,Technology,and Innovation Plan(Project Number 11-INF1657-04).
文摘This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’behavior.Current security solutions rely on information coming from attackers.Examples are current monitoring and detection security solutions such as intrusion prevention/detection systems and firewalls.This article envisions creating an imbalance between attackers and defenders in favor of defenders.As such,we are proposing to flip the security game such that it will be led by defenders and not attackers.We are proposing a security system that does not observe the behavior of the attack.On the contrary,we draw,plan,and follow up our own protection strategy regardless of the attack behavior.The objective of our security system is to protect assets rather than protect against attacks.Virtual machine introspection is used to intercept,inspect,and analyze system calls.The system callbased approach is utilized to detect zero-day ransomware attacks.The core idea is to take advantage of Xen and DRAKVUF for system call interception,and leverage system calls to detect illegal operations towards identified critical assets.We utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware attacks.The obtained results are promising and indicate that our prototype will achieve its goals.
文摘The present paper discusses introspective methods in applied linguistics. Introspective methods are ways of eliciting self-reflections from respondent. Two special techniques of introspective methods, namely, Think-aloud and Retrospective in?terview are presented. Furthermore, an evaluation of these methods is also provided.
文摘<p align="justify"> <span style="font-family:Verdana;"></span>This double blind randomized clinical trial with 84 participants, revealed that mental patients diagnosed with narcissism, and narcissistic celebrities mirror each other’s paranoid, obsessive and histrionic symptomatology, grandiosity, manipulative charm, and inner emptiness. Elite narcissists manifested insidious sadism in the absence of depressive affect, while the narcissistic patients were differentiated by their depressive and masochistic symptomatology. Elite narcissists demonstrated advanced empathic skills, contradicting past literature. However, their empathic advantage appeared void of compassion, merely employed as a self-serving tactic to exploit, intimidate and subordinate. Both experimental narcissistic groups evidenced more prevalent psychopathology, yet, higher achievement, efficacy and ambition than their reciprocal control groups, confirming the narcissists’ finesse in concealing psychopathology under the brilliance of their pseudosuperiority. The main danger is the affinity between masochism and sadism, bonding low and high functioning narcissistic counterparts to endlessly feed from each-others’ pathology, forming dysfunctional interpersonal relationships, cults or disintegrating societies. This sadomasochistic dependency also reflects several countries’ authoritarian trends, where narcissistic constituents’ unyielding loyalty elevates idolized leaders to power, preluding the establishment of toxic tyrannical governments. </p>
基金a small part of the research project,"A Chronological Study on the CET Washback"(07BYY030)National Philosophy and Social Science Foundation of China
文摘The present study investigates the testees' test-taking process for banked cloze, focusing on the following two aspects: the information sources and strategies. Employing simultaneous introspection and immediate retrospection, the study is conducted among 18 non-English major students. After examining their test-taking processes, a framework for analyzing testees' test-taking processes for banked cloze test is put forward. And then the researcher applies this framework to analyze the testees' protocols. Results show that regarding information sources, clause-level information accounts for the largest proportion, followed by text-level information, sentence-level information and extra-textual information, and in terms of strategies, the testees show a clear preference for bottom-up processing strategies, followed by top-down processing strategies and test-wise processing strategies. The verbal protocols have further revealed that the proficient readers seem to have a context-based reading model and they prefer to grasp the gist of the text, whereas the less proficient readers often employ word-based approaches and they are apt to identify parts of the text.
文摘Facing that the students were afraid of speaking English, we conducted a business English mock companies program to encourage students to communicate in English within a business environment. After fully preparation, students found they could speak English fluently to motivate their interest of English. This article is a report stating the aim, method, result and conclusion of this program. Besides, a foreign instructor gives her opinion of the mock program.
基金Supported by the National Natural Science Foundation of China(61373169,61103219,61303213)the Program of National Development and Reform Commission([2013]1309)the Ph.D.Programs Foundation of Ministry of Education of China(20110141130006)
文摘For the lack of detailed semantic in prior works, a transparent fine-grained monitoring technique (cMonitor) is pro- posed. Deployed outside the virtual machines, the cMonitor util- izes the elevated privileges of the virtual machine monitor to monitor the network connection, the processes and the relationship between them in protected systems by reconstructing fine-grained system semantics. These semantics contain process states and corresponding network connection. Experimental results show that cMonitor not only can be rapidly deployed in realistic cloud, but also can effectively and universally obtain these fine-grained semantics to assist detection of some advanced network attack. Meanwhile, the network performance overhead is about 3%, which is acceptable.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.