Proceedings of the AASRI Winter International Conference on Engineering and Technology (AASRI-WIET 2013)

Design of a Hypervisor-based Rootkit Detection Method for Virtualized Systems in Cloud Computing Environments

Authors
Tongwook Hwang, Youngsang Shin, Kyungho Son, Haeryong Park
Corresponding Author
Tongwook Hwang
Available Online December 2013.
DOI
https://doi.org/10.2991/wiet-13.2013.7How to use a DOI?
Keywords
Cloud security; Virtualization security; Rootkit detection; Hypervisor; Rootkit
Abstract
Cloud computing is becoming increasingly popular. Many companies utilize cloud computing services to minimize IT infrastructure costs. The popularity of cloud computing has attracted the interest of cyber criminals. As the result, virtualized environments are a valid and attractive target for APT attacks. Since the key components in APT attacks are rootkit malware that provides stealth, detecting rootkits is an effective measure for protecting against APT attacks. Traditional rootkit detection algorithms are based on non-virtualized environments, where a detection agent tries to identify incoherency in OS system calls to detect rootkits. However, applying these algorithms to cloud computing environments entails installing a copy of the detection agent in every virtual machine, resulting in inefficient storage use and performance degradation. We propose a hypervisor-based, out-of-the-box rootkit detection system that takes cloud computing environments into consideration. The method utilizes vIPS platform to gain many beneficial traits including hypervisor-independency, agentless virtual security appliance structure, and usability. Therefore the method provides effective protection against rootkits in cloud computing environments.
Open Access
This is an open access article distributed under the CC BY-NC license.

Download article (PDF)

Proceedings
Part of series
Advances in Intelligent Systems Research
Publication Date
December 2013
ISBN
978-90786-77-95-6
ISSN
1951-6851
DOI
https://doi.org/10.2991/wiet-13.2013.7How to use a DOI?
Open Access
This is an open access article distributed under the CC BY-NC license.

Cite this article

TY  - CONF
AU  - Tongwook Hwang
AU  - Youngsang Shin
AU  - Kyungho Son
AU  - Haeryong Park
PY  - 2013/12
DA  - 2013/12
TI  - Design of a Hypervisor-based Rootkit Detection Method for Virtualized Systems in Cloud Computing Environments
PB  - Atlantis Press
SP  - 27
EP  - 32
SN  - 1951-6851
UR  - https://doi.org/10.2991/wiet-13.2013.7
DO  - https://doi.org/10.2991/wiet-13.2013.7
ID  - Hwang2013/12
ER  -