Pendergrass et al., 2013 - Google Patents
Lkim: The linux kernel integrity measurerPendergrass et al., 2013
View PDF- Document ID
- 3738987678375032700
- Author
- Pendergrass J
- McGill K
- Publication year
- Publication venue
- Johns Hopkins APL technical digest
External Links
Snippet
The Linux Kernel Integrity Measurer (LKIM) is an implementation of a dynamic measurement technique targeting the Linux operating system kernel. Unlike most other systems for malware detection, dynamic integrity measurement systems (IMSs) such as LKIM do not rely …
- 238000005259 measurement 0 abstract description 73
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Raju et al. | A survey on cross-architectural IoT malware threat hunting | |
| Bartel et al. | Static analysis for extracting permission checks of a large scale framework: The challenges and solutions for analyzing android | |
| Baliga et al. | Detecting kernel-level rootkits using data structure invariants | |
| Mishra et al. | KVMInspector: KVM Based introspection approach to detect malware in cloud environment | |
| Fattori et al. | Hypervisor-based malware protection with accessminer | |
| BR102015017215A2 (en) | computer-implemented method for classifying mobile applications, and computer program encoded on non-transient storage medium | |
| Zakeri et al. | A static heuristic approach to detecting malware targets | |
| More et al. | Virtual machine introspection: towards bridging the semantic gap | |
| Khalimov et al. | Container-based sandboxes for malware analysis: A compromise worth considering | |
| Mishra et al. | VAED: VMI‐assisted evasion detection approach for infrastructure as a service cloud | |
| Javaheri et al. | A framework for recognition and confronting of obfuscated malwares based on memory dumping and filter drivers | |
| Rana et al. | Automated windows behavioral tracing for malware analysis | |
| Zhou et al. | Hardware-based on-line intrusion detection via system call routine fingerprinting | |
| Pendergrass et al. | Lkim: The linux kernel integrity measurer | |
| Kadiyala et al. | Lambda: Lightweight assessment of malware for embedded architectures | |
| Hsiao et al. | Virtual machine introspection based malware behavior profiling and family grouping | |
| Jia et al. | Findevasion: an effective environment-sensitive malware detection system for the cloud | |
| Skormin et al. | Prevention of information attacks by run-time detection of self-replication in computer codes | |
| Nep et al. | A research on countering virtual machine evasion techniques of malware in dynamic analysis | |
| Leng et al. | MemInspect: Memory Forensics for investigating Fileless Attacks | |
| Yu et al. | Kernel-level Hidden Rootkit Detection Based on eBPF | |
| Yi et al. | DADE: a fast data anomaly detection engine for kernel integrity monitoring | |
| Reeves | Autoscopy Jr.: Intrusion detection for embedded control systems | |
| Chang et al. | Vulnerable service invocation and countermeasures | |
| Taheri | Investigating suspected background processes in Android malware classification through dynamic automated reverse engineering and semi-automated debugging |