Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and...Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.展开更多
This paper investigates the feedback control of hidden Markov process(HMP) in the face of loss of some observation processes.The control action facilitates or impedes some particular transitions from an inferred cur...This paper investigates the feedback control of hidden Markov process(HMP) in the face of loss of some observation processes.The control action facilitates or impedes some particular transitions from an inferred current state in the attempt to maximize the probability that the HMP is driven to a desirable absorbing state.This control problem is motivated by the need for judicious resource allocation to win an air operation involving two opposing forces.The effectiveness of a receding horizon control scheme based on the inferred discrete state is examined.Tolerance to loss of sensors that help determine the state of the air operation is achieved through a decentralized scheme that estimates a continuous state from measurements of linear models with additive noise.The discrete state of the HMP is identified using three well-known detection schemes.The sub-optimal control policy based on the detected state is implemented on-line in a closed-loop,where the air operation is simulated as a stochastic process with SimEvents,and the measurement process is simulated for a range of single sensor loss rates.展开更多
Elbow draft-tubes are widely used in large- and medium-sized hydropower stations in many countries. During the application, handling the somatotype of elbow tubes has been found challenging: in order to maintain the ...Elbow draft-tubes are widely used in large- and medium-sized hydropower stations in many countries. During the application, handling the somatotype of elbow tubes has been found challenging: in order to maintain the designed shape of draft tube and to meet the requirement of construction lofting, the configuration of reinforcing bars and the fabrication of templates, the geometry of elbow tubes has to be accurately calculated to draw engineering graphics. Based on the derived equations in this paper, the motion of elbow tube curve envelope is simulated by using computers, which shows directly the smoothness of the curve and provides dynamic simulation for the study and optimization of the design and construction of elbow draft tubes, along with the front view and bottom view.展开更多
Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat...Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.展开更多
Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture fo...Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture for current popular cloud platform Open Stack with kernel-based virtual machine(KVM). With this architecture, we can monitor all active processes in online virtual machine(VMs) and scan them for their potential maliciousness in OpenS tack with no agent, and can also detect hidden processes in offline VMs’ memory snapshots and notice the user to decide whether to kill them when VMs become active. Analysis and experimental results show that our architecture is able to reduce consumption of CPU, memory and bandwidth in cloud platform and can detect viruses and hidden processes effectively in VMs.展开更多
基金National High Technical Research and Development Program of China(863 Program)under Grant No. 2008AA01Z414
文摘Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.
文摘This paper investigates the feedback control of hidden Markov process(HMP) in the face of loss of some observation processes.The control action facilitates or impedes some particular transitions from an inferred current state in the attempt to maximize the probability that the HMP is driven to a desirable absorbing state.This control problem is motivated by the need for judicious resource allocation to win an air operation involving two opposing forces.The effectiveness of a receding horizon control scheme based on the inferred discrete state is examined.Tolerance to loss of sensors that help determine the state of the air operation is achieved through a decentralized scheme that estimates a continuous state from measurements of linear models with additive noise.The discrete state of the HMP is identified using three well-known detection schemes.The sub-optimal control policy based on the detected state is implemented on-line in a closed-loop,where the air operation is simulated as a stochastic process with SimEvents,and the measurement process is simulated for a range of single sensor loss rates.
基金Supported by Open Fund of Key Laboratory of Ministry of Education of Hydraulic and Waterway Engineering of Chongqing Jiaotong University Province and Department Construction together(SLK2009A04)
文摘Elbow draft-tubes are widely used in large- and medium-sized hydropower stations in many countries. During the application, handling the somatotype of elbow tubes has been found challenging: in order to maintain the designed shape of draft tube and to meet the requirement of construction lofting, the configuration of reinforcing bars and the fabrication of templates, the geometry of elbow tubes has to be accurately calculated to draw engineering graphics. Based on the derived equations in this paper, the motion of elbow tube curve envelope is simulated by using computers, which shows directly the smoothness of the curve and provides dynamic simulation for the study and optimization of the design and construction of elbow draft tubes, along with the front view and bottom view.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Traditional security framework in cloud platform usually brings self-vulnerability and considerable additional resource consumption. To solve these problems, we propose an external processes monitoring architecture for current popular cloud platform Open Stack with kernel-based virtual machine(KVM). With this architecture, we can monitor all active processes in online virtual machine(VMs) and scan them for their potential maliciousness in OpenS tack with no agent, and can also detect hidden processes in offline VMs’ memory snapshots and notice the user to decide whether to kill them when VMs become active. Analysis and experimental results show that our architecture is able to reduce consumption of CPU, memory and bandwidth in cloud platform and can detect viruses and hidden processes effectively in VMs.
