Windows Virtualization Architecture For Cyber Threats Detection
Title | Windows Virtualization Architecture For Cyber Threats Detection |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Upadhyay, H., Gohel, H. A., Pons, A., Lagos, L. |
Conference Name | 2018 1st International Conference on Data Intelligence and Security (ICDIS) |
Keywords | alert system administrators, composability, cyber breaches, cyber threats detection, cybersecurity, data structures, hidden security issues, invasive software, Kernel, kernel data structures, learning (artificial intelligence), machine learning, machine learning techniques, malicious process behavior, Malware, malware detection, malware threats, memory data structure identification, memory forensic analysis, Metrics, Microsoft Windows, Microsoft Windows (operating systems), prediction tool, prediction tools development, pubcrawl, real-time monitoring, Resiliency, Rootkits, static methods, system monitoring, target Windows machines, virtual machine introspection, Virtual machine monitors, virtual machines, virtual memory introspection, virtualization, VMI, Windows operating system, Windows Operating System Security, Windows OS, Windows threat detection, Windows virtualization architecture, Xen hypervisor |
Abstract | This is very true for the Windows operating system (OS) used by government and private organizations. With Windows, the closed source nature of the operating system has unfortunately meant that hidden security issues are discovered very late and the fixes are not found in real time. There needs to be a reexamination of current static methods of malware detection. This paper presents an integrated system for automated and real-time monitoring and prediction of rootkit and malware threats for the Windows OS. We propose to host the target Windows machines on the widely used Xen hypervisor, and collect process behavior using virtual memory introspection (VMI). The collected data will be analyzed using state of the art machine learning techniques to quickly isolate malicious process behavior and alert system administrators about potential cyber breaches. This research has two focus areas: identifying memory data structures and developing prediction tools to detect malware. The first part of research focuses on identifying memory data structures affected by malware. This includes extracting the kernel data structures with VMI that are frequently targeted by rootkits/malware. The second part of the research will involve development of a prediction tool using machine learning techniques. |
URL | https://ieeexplore.ieee.org/document/8367749 |
DOI | 10.1109/ICDIS.2018.00025 |
Citation Key | upadhyay_windows_2018 |
- Virtual machine monitors
- prediction tool
- prediction tools development
- pubcrawl
- Real-time monitoring
- Resiliency
- Rootkits
- static methods
- system monitoring
- target Windows machines
- virtual machine introspection
- Microsoft Windows (operating systems)
- virtual machines
- virtual memory introspection
- Virtualization
- VMI
- Windows operating system
- Windows Operating System Security
- Windows OS
- Windows threat detection
- Windows virtualization architecture
- Xen hypervisor
- machine learning
- composability
- cyber breaches
- cyber threats detection
- Cybersecurity
- data structures
- hidden security issues
- invasive software
- Kernel
- kernel data structures
- learning (artificial intelligence)
- alert system administrators
- machine learning techniques
- malicious process behavior
- malware
- malware detection
- malware threats
- memory data structure identification
- memory forensic analysis
- Metrics
- microsoft windows