Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat...Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.展开更多
Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture fo...Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture for current popular cloud platform Open Stack with kernel-based virtual machine(KVM). With this architecture, we can monitor all active processes in online virtual machine(VMs) and scan them for their potential maliciousness in OpenS tack with no agent, and can also detect hidden processes in offline VMs’ memory snapshots and notice the user to decide whether to kill them when VMs become active. Analysis and experimental results show that our architecture is able to reduce consumption of CPU, memory and bandwidth in cloud platform and can detect viruses and hidden processes effectively in VMs.展开更多
The stochastic resonance based on optical bistability in the semiconductor optical amplifier is numerically investigated to extract a weak pulse signal buried in noise. The output property of optical bistability under...The stochastic resonance based on optical bistability in the semiconductor optical amplifier is numerically investigated to extract a weak pulse signal buried in noise. The output property of optical bistability under different system parameters is analyzed, which determines the performance of the stochastic resonance. Through optimizing these parameters, the noise-hidden signal is extracted via stochastic resonance, in which the maximum cross-correlation gain higher than nine is obtained. This provides a novel technology for detecting a weak optical signal in various signal processing fields.展开更多
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture for current popular cloud platform Open Stack with kernel-based virtual machine(KVM). With this architecture, we can monitor all active processes in online virtual machine(VMs) and scan them for their potential maliciousness in OpenS tack with no agent, and can also detect hidden processes in offline VMs’ memory snapshots and notice the user to decide whether to kill them when VMs become active. Analysis and experimental results show that our architecture is able to reduce consumption of CPU, memory and bandwidth in cloud platform and can detect viruses and hidden processes effectively in VMs.
基金supported by the National Natural Science Foundation of China under Grant No.61275134
文摘The stochastic resonance based on optical bistability in the semiconductor optical amplifier is numerically investigated to extract a weak pulse signal buried in noise. The output property of optical bistability under different system parameters is analyzed, which determines the performance of the stochastic resonance. Through optimizing these parameters, the noise-hidden signal is extracted via stochastic resonance, in which the maximum cross-correlation gain higher than nine is obtained. This provides a novel technology for detecting a weak optical signal in various signal processing fields.
