@inproceedings{f8ffeafefc2d4703bd03c8813eed9ae5,
title = "RootkitDet: Practical end-to-end defense against kernel rootkits in a cloud environment",
abstract = "In cloud environments, kernel-level rootkits still pose serious security threats to guest OSes. Existing defenses against kernel-level rootkit have limitations when applied to cloud environments. In this paper, we propose RootkitDet, an end-to-end defense system capable of detecting and diagnosing rootkits in guest OSes with the intent to recover the system modifications caused by the rootkits in cloud environments. RootkitDet detects rootkits by identifying suspicious code region in the kernel space of guest OSes through the underneath hypervisor, performs diagnosis on the code of the detected rootkit to categorize it and identify modifications, and reverses the modifications if possible to eliminate the effect of rootkits. Our evaluation results show that the RootkitDet is effective on detection of kernel-level rootkits and recovery modifications with less than 1% performance overhead to the guest OSes and the computation and network overhead is linear with the quantity of the VM instances being monitored.",
author = "Lingchen Zhang and Sachin Shetty and Peng Liu and Jiwu Jing",
year = "2014",
doi = "10.1007/978-3-319-11212-1_27",
language = "English (US)",
isbn = "9783319112114",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
number = "PART 2",
pages = "475--493",
booktitle = "Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings",
address = "Germany",
edition = "PART 2",
note = "19th European Symposium on Research in Computer Security, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",
}