Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Malware Clearance for Secure Commitment of OS-Level Virtual Machines


Affiliations
1 Masters Degree Program in Computer Science Engineering, MPNMJ Engineering College, Anna University, India
2 Computer Science Department, MPNMJ Engineering College, Anna University, India
     

   Subscribe/Renew Journal


The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can compromise software. The Secom prototype can effectively eliminate malicious state changes while committing a VM with small performance degradation. The Secom prototype has a smaller number of false negatives and thus can more thoroughly clean up malware side effects. In addition, the number of false positives of the Secom prototype is also lower than that achieved by the online behavior-based approach of the commercial tools. Multivariant execution is an intrusion detection mechanism that executes several slightly different versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. At runtime, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. The project presents a monitoring mechanism that does not need any kernel privileges to supervise the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multithreaded or multiprocess applications, can cause divergence in behavior of variants. These divergences cause false alarms.

Keywords

False Positives, Kernel Privileges, Malicious State Changes, Multivariant Execution.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 242

PDF Views: 3




  • Malware Clearance for Secure Commitment of OS-Level Virtual Machines

Abstract Views: 242  |  PDF Views: 3

Authors

A. Vidhya
Masters Degree Program in Computer Science Engineering, MPNMJ Engineering College, Anna University, India
R. Rajeswari
Computer Science Department, MPNMJ Engineering College, Anna University, India

Abstract


The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can compromise software. The Secom prototype can effectively eliminate malicious state changes while committing a VM with small performance degradation. The Secom prototype has a smaller number of false negatives and thus can more thoroughly clean up malware side effects. In addition, the number of false positives of the Secom prototype is also lower than that achieved by the online behavior-based approach of the commercial tools. Multivariant execution is an intrusion detection mechanism that executes several slightly different versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. At runtime, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. The project presents a monitoring mechanism that does not need any kernel privileges to supervise the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multithreaded or multiprocess applications, can cause divergence in behavior of variants. These divergences cause false alarms.

Keywords


False Positives, Kernel Privileges, Malicious State Changes, Multivariant Execution.



DOI: https://doi.org/10.36039/ciitaas%2F6%2F4%2F2014%2F106775.107-110