This paper presents a new approach to dynamically monitoring operating system kernel integrity, based on a property called state-based control-flow integrity (SBCFI). Violations ...
A new class of stealthy kernel-level malware, called transient kernel control flow attacks, uses dynamic soft timers to achieve significant work while avoiding any persistent ch...
Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calt...
Abstract. In order to obtain and maintain control, kernel malware usually makes persistent control flow modifications (i.e., installing hooks). To avoid detection, malware develope...
Heng Yin, Pongsin Poosankam, Steve Hanna, Dawn Xia...
System-call monitoring has become the basis for many hostbased intrusion detection as well as policy enforcement techniques. Mimicry attacks attempt to evade system-call monitorin...
Abstract—System availability is difficult for systems to maintain in the face of Internet worms. Large systems have vulnerabilities, and if a system attempts to continue operati...
Daniela A. S. de Oliveira, Jedidiah R. Crandall, G...