Secure and Efficient In-Hypervisor Memory Introspection Using Nested Virtualization

2018 ◽  
Author(s):  
Weiwen Tang ◽  
Zeyu Mi
Keyword(s):  
Memory Introspection

scholarly journals An Advanced Memory Introspection Technique to Detect Process Injection and Malwares of Varied Types in a Virtualized Environment

2021 ◽  
Author(s):  
Darshan Tank ◽  
Akshai Aggarwal ◽  
Nirbhay Kumar Chaubey
Keyword(s):  
Open Source ◽  
Research Work ◽  
High Accuracy ◽  
Malicious Code ◽  
Experimental Results ◽  
The Other ◽  
Address Space ◽  
Detection Approach ◽  
Injection Techniques ◽  
Memory Introspection

Today’s advanced malware can easily avoid detection by adopting several evasion strategies. Process injection is one such strategy to evade detection from security products since the execution is masked under a legitimate process. Malicious activities are often enforced by injecting malicious code into running processes, which is often undetectable by traditional antimalware techniques. Various process injection techniques are employed by malware to gain more stealth and to bypass security tools/products. Our main focus in this research work is to propose an entirely out-of-VM approach based on advanced memory introspection to detect process injection of varied types in a virtualized environment. We have implemented a plugin using the open-source Volatility tool and successfully tested it on live VMs and malware-infected memory images. Experimental results show that our model classifies injected memory regions with high accuracy and completeness and has more true positives and fewer false positives when compared to other existing systems/solutions. Our proposed detection approach assures precise and reliable results and exactly pinpoint injected memory regions. Our proposed system detects an actual malicious memory region in the virtual address space of an infected process. Our proposed system detects more malware families and dominates the other approaches in all evaluation metrics.

scholarly journals Secure Virtualization Environment Based on Advanced Memory Introspection

2018 ◽  
Vol 2018 ◽  
pp. 1-16 ◽  
Author(s):  
Shuhui Zhang ◽  
Xiangxu Meng ◽  
Lianhai Wang ◽  
Lijuan Xu ◽  
Xiaohui Han
Keyword(s):  
Virtual Machine ◽  
High Efficiency ◽  
High Reliability ◽  
Prototype System ◽  
Structure Information ◽  
Memory Forensics ◽  
Novel Approach ◽  
Host Machine ◽  
High Level ◽  
Memory Introspection

Most existing virtual machine introspection (VMI) technologies analyze the status of a target virtual machine under the assumption that the operating system (OS) version and kernel structure information are known at the hypervisor level. In this paper, we propose a model of virtual machine (VM) security monitoring based on memory introspection. Using a hardware-based approach to acquire the physical memory of the host machine in real time, the security of the host machine and VM can be diagnosed. Furthermore, a novel approach for VM memory forensics based on the virtual machine control structure (VMCS) is put forward. By analyzing the memory of the host machine, the running VMs can be detected and their high-level semantic information can be reconstructed. Then, malicious activity in the VMs can be identified in a timely manner. Moreover, by mutually analyzing the memory content of the host machine and VMs, VM escape may be detected. Compared with previous memory introspection technologies, our solution can automatically reconstruct the comprehensive running state of a target VM without any prior knowledge and is strongly resistant to attacks with high reliability. We developed a prototype system called the VEDefender. Experimental results indicate that our system can handle the VMs of mainstream Linux and Windows OS versions with high efficiency and does not influence the performance of the host machine and VMs.

scholarly journals Familiar Music as an Enhancer of Self-Consciousness in Patients with Alzheimer’s Disease

2013 ◽  
Vol 2013 ◽  
pp. 1-10 ◽  
Author(s):  
Eva M. Arroyo-Anlló ◽  
Juan Poveda Díaz ◽  
Roger Gil
Keyword(s):  
Alzheimer’S Disease ◽  
Alzheimer's Disease ◽  
Affective State ◽  
Body Representation ◽  
Moral Judgments ◽  
Cognitive State ◽  
Music Intervention ◽  
Before And After ◽  
The Impact ◽  
Memory Introspection

The main objective of this paper is to examine the impact of familiar music on self-consciousness (SC) in patients with Alzheimer’s disease (AD). For this purpose, two AD groups of 20 patients matched by age, educational level, gender, illness duration, and cognitive state were assessed using an SC questionnaire before and after music intervention. The SC questionnaire measured several aspects: personal identity, anosognosia, affective state, body representation, prospective memory, introspection and moral judgments. One AD group received familiar music stimulation and another AD group unfamiliar music stimulation over three months. The AD patients who received a familiar music intervention showed a stabilization or improvement in aspects of SC. By contrast, control AD group showed a deterioration of most of the SC aspects after unfamiliar music stimulation, except the SC aspects of body representation and affective state. Familiar music stimulation could be considered as an enhancer of SC in patients with Alzheimer’s disease.

Sign in / Sign up

Export Citation Format

Share Document