grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/procver/SnP/biblio.bib
grizzly f5712a3a73 backup before SnP
2025-06-05 10:07:53 -04:00

286 lines
12 KiB
BibTeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

@misc{win-msrt,
author = {Microsoft},
title = {Windows Malicious Software Removal Tool: Progress Made, Trends Observed},
year = 2024,
url = {https://www.microsoft.com/en-us/download/details.aspx?id=14591},
urldate = {01-05-2025}
}
@misc{cosmicstrand,
author = {Kaspersky},
title = {CosmicStrand: sophisticated firmware rootkit allows durable persistence},
year = 2022,
url = {https://www.kaspersky.com/about/press-releases/cosmicstrand-sophisticated-firmware-rootkit-allows-durable-persistence},
urldate = {01-05-2025}
}
@inproceedings{10.1145/1315245.1315262,
author = {Jiang, Xuxian and Wang, Xinyuan and Xu, Dongyan},
title = {Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction},
year = {2007},
isbn = {9781595937032},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1315245.1315262},
doi = {10.1145/1315245.1315262},
abstract = {An alarming trend in malware attacks is that they are armed with stealthy techniques to detect, evade, and subvert malware detection facilities of the victim. On the defensive side, a fundamental limitation of traditional host-based anti-malware systems is that they run inside the very hosts they are protecting ("in the box"), making them vulnerable to counter-detection and subversion by malware. To address this limitation, recent solutions based on virtual machine (VM) technologies advocate placing the malware detection facilities outside of the protected VM ("out of the box"). However, they gain tamper resistance at the cost of losing the native, semantic view of the host which is enjoyed by the "in the box" approach, thus leading to a technical challenge known as the semantic gap.In this paper, we present the design, implementation, and evaluation of VMwatcher - an "out-of-the-box" approach that overcomes the semantic gap challenge. A new technique called guest view casting is developed to systematically reconstruct internal semantic views (e.g., files, processes, and kernel modules) of a VM from the outside in a non-intrusive manner. Specifically, the new technique casts semantic definitions of guest OS data structures and functions on virtual machine monitor (VMM)-level VM states, so that the semantic view can be reconstructed. With the semantic gap bridged, we identify two unique malware detection capabilities: (1) view comparison-based malware detection and its demonstration in rootkit detection and (2) "out-of-the-box" deployment of host-based anti-malware software with improved detection accuracy and tamper-resistance. We have implemented a proof-of-concept prototype on both Linux and Windows platforms and our experimental results with real-world malware, including elusive kernel-level rootkits, demonstrate its practicality and effectiveness.},
booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security},
pages = {128138},
numpages = {11},
keywords = {virtual machines, rootkits, malware detection},
location = {Alexandria, Virginia, USA},
series = {CCS '07}
}
@inproceedings{wen2008implicit,
title={Implicit detection of hidden processes with a feather-weight hardware-assisted virtual machine monitor},
author={Wen, Yan and Zhao, Jinjing and Wang, Huaimin and Cao, Jiannong},
booktitle={Information Security and Privacy: 13th Australasian Conference, ACISP 2008, Wollongong, Australia, July 7-9, 2008. Proceedings 13},
pages={361--375},
year={2008},
organization={Springer}
}
@inproceedings{jones2008vmm,
title={VMM-based hidden process detection and identification using Lycosid},
author={Jones, Stephen T and Arpaci-Dusseau, Andrea C and Arpaci-Dusseau, Remzi H},
booktitle={Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments},
pages={91--100},
year={2008}
}
@inproceedings{wang2005detecting,
title={Detecting stealth software with strider ghostbuster},
author={Wang, Y-M and Beck, Doug and Vo, Binh and Roussev, Roussi and Verbowski, Chad},
booktitle={2005 International Conference on Dependable Systems and Networks (DSN'05)},
pages={368--377},
year={2005},
organization={IEEE}
}
@article{cloudburst,
title={Cloudburst},
author={Kortchinsky, Kostya},
journal={Black Hat USA.[http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf]},
year={2009}
}
@misc{cve-vmware-2017,
title = {CVE-2017-4902},
author = {VMware},
howpublished = "Available from NIST NVD",
year = {2017},
url={https://nvd.nist.gov/vuln/detail/CVE-2017-4902},
urldate={03 May 2025}
}
@misc{cve-vbox-2021,
title = {CVE-2021-2443},
author = {VirtualBox},
howpublished = "Available from NIST NVD",
year = {2021},
url={https://nvd.nist.gov/vuln/detail/CVE-2021-2443},
urldate={03 May 2025}
}
@misc{cve-qemu-2019,
title = {CVE-2019-6778},
author = {QEMU},
howpublished = "Available from NIST NVD",
year = {2019},
url={https://nvd.nist.gov/vuln/detail/CVE-2019-6778},
urldate={03 May 2025}
}
@misc{cve-xen-2015,
title = {CVE-2015-5154},
author = {Xen},
howpublished = "Available from NIST NVD",
year = {2015},
url={https://nvd.nist.gov/vuln/detail/CVE-2015-5154},
urldate={03 May 2025}
}
@misc{cve-hyperv-2021,
title = {CVE-2021-28476},
author = {Microsoft Hyper-V},
howpublished = "Available from NIST NVD",
year = {2021},
url={https://nvd.nist.gov/vuln/detail/CVE-2021-28476},
urldate={03 May 2025}
}
@inproceedings{kocher1996timing,
title={Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems},
author={Kocher, Paul C},
booktitle={Advances in Cryptology—CRYPTO96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18--22, 1996 Proceedings 16},
pages={104--113},
year={1996},
organization={Springer}
}
@article{van1985electromagnetic,
title={Electromagnetic radiation from video display units: An eavesdropping risk?},
author={Van Eck, Wim},
journal={Computers \& Security},
volume={4},
number={4},
pages={269--286},
year={1985},
publisher={Elsevier}
}
@article{brumley2005remote,
title={Remote timing attacks are practical},
author={Brumley, David and Boneh, Dan},
journal={Computer Networks},
volume={48},
number={5},
pages={701--716},
year={2005},
publisher={Elsevier}
}
@INPROCEEDINGS{1301311,
author={Asonov, D. and Agrawal, R.},
booktitle={IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004},
title={Keyboard acoustic emanations},
year={2004},
volume={},
number={},
pages={3-11},
keywords={Keyboards;Neural networks;Microphones;Telephony;Acoustic devices;Immune system;Humans;Ear;Computer security;Information security},
doi={10.1109/SECPRI.2004.1301311}
}
@article{worden2007application,
title={The application of machine learning to structural health monitoring},
author={Worden, Keith and Manson, Graeme},
journal={Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences},
volume={365},
number={1851},
pages={515--537},
year={2007},
publisher={The Royal Society London}
}
@inproceedings{shewale2019novel,
title={Novel machine health monitoring system},
author={Shewale, Mahesh S and Mulik, Sharad S and Deshmukh, Suhas P and Patange, Abhishek D and Zambare, Hrishikesh B and Sundare, Advait P},
booktitle={Proceedings of the 2nd International Conference on Data Engineering and Communication Technology: ICDECT 2017},
pages={461--468},
year={2019},
organization={Springer}
}
@article{khan2019malware,
title={Malware detection in embedded systems using neural network model for electromagnetic side-channel signals},
author={Khan, Haider Adnan and Sehatbakhsh, Nader and Nguyen, Luong N and Prvulovic, Milos and Zaji{\'c}, Alenka},
journal={Journal of Hardware and Systems Security},
volume={3},
pages={305--318},
year={2019},
publisher={Springer}
}
@inproceedings{cathis2024sok,
title={SoK Paper: Power Side-Channel Malware Detection},
author={Cathis, Alexander and Li, Ge and Wei, Shijia and Orshansky, Michael and Tiwari, Mohit and Gerstlauer, Andreas},
booktitle={Proceedings of the International Workshop on Hardware and Architectural Support for Security and Privacy 2024},
pages={1--9},
year={2024}
}
@ARTICLE{7362010,
author={Caviglione, Luca and Gaggero, Mauro and Lalande, Jean-François and Mazurczyk, Wojciech and Urbański, Marcin},
journal={IEEE Transactions on Information Forensics and Security},
title={Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence},
year={2016},
volume={11},
number={4},
pages={799-810},
keywords={Malware;Mobile handsets;Power demand;Energy measurement;Energy consumption;Performance evaluation;Neural networks;Energy-based malware detection;covert channels;colluding applications;neural networks;decision trees;Energy-based malware detection;covert channels;colluding applications;neural networks;decision trees},
doi={10.1109/TIFS.2015.2510825}
}
@article{chou2014real,
title={Real-time detection of anomalous power consumption},
author={Chou, Jui-Sheng and Telaga, Abdi Suryadinata},
journal={Renewable and Sustainable Energy Reviews},
volume={33},
pages={400--411},
year={2014},
publisher={Elsevier}
}
@inproceedings{cortez2017resource,
title={Resource central: Understanding and predicting workloads for improved resource management in large cloud platforms},
author={Cortez, Eli and Bonde, Anand and Muzio, Alexandre and Russinovich, Mark and Fontoura, Marcus and Bianchini, Ricardo},
booktitle={Proceedings of the 26th Symposium on Operating Systems Principles},
pages={153--167},
year={2017}
}
@misc{azure-dataset,
author = {Azure},
title = {Azure Public Dataset},
year = {2019},
publisher = {GitHub},
journal = {GitHub repository},
howpublished = {\url{https://https://github.com/Azure/AzurePublicDataset}},
}
@misc{zenodo-dataset,
author = {Anonymous},
title = {Power Consumption and Process List from Replayed Azure VM Dataset},
year = {2025},
publisher = {Zenodo},
howpublished = {\url{https://https://zenodo.org/records/14775781}},
}
@inproceedings{tekiner2021sok,
title={SoK: cryptojacking malware},
author={Tekiner, Ege and Acar, Abbas and Uluagac, A Selcuk and Kirda, Engin and Selcuk, Ali Aydin},
booktitle={2021 IEEE European Symposium on Security and Privacy (EuroS\&P)},
pages={120--139},
year={2021},
organization={IEEE}
}
@inproceedings{bridges2018towards,
title={Towards malware detection via cpu power consumption: Data collection design and analytics},
author={Bridges, Robert and Jim{\'e}nez, Jarilyn Hern{\'a}ndez and Nichols, Jeffrey and Goseva-Popstojanova, Katerina and Prowell, Stacy},
booktitle={2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)},
pages={1680--1684},
year={2018},
organization={IEEE}
}
@misc{chollet2015keras,
title={Keras},
author={Chollet, Fran\c{c}ois and others},
year={2015},
howpublished={\url{https://keras.io}},
}
@article{eresheim2017evolution,
title={The evolution of process hiding techniques in malware-current threats and possible countermeasures},
author={Eresheim, Sebastian and Luh, Robert and Schrittwieser, Sebastian},
journal={Journal of Information Processing},
volume={25},
pages={866--874},
year={2017},
publisher={Information Processing Society of Japan}
}
@incollection{MCCUE20073,
title = {1 - Basics},
editor = {Colleen McCue},
booktitle = {Data Mining and Predictive Analysis},
publisher = {Butterworth-Heinemann},
address = {Burlington},
pages = {3-18},
year = {2007},
isbn = {978-0-7506-7796-7},
doi = {https://doi.org/10.1016/B978-075067796-7/50023-4},
url = {https://www.sciencedirect.com/science/article/pii/B9780750677967500234},
author = {Colleen McCue}
Reference in a new issue View git blame Copy permalink