Hidden Process Detection Research Articles

Process-based Security Detection Approach for Virtual Machines on Private Cloud Platforms

A process-based security detection method PAMon is proposed in this paper based on analysis of current security detection techniques for virtual machines on private cloud platforms. The modules of PAMon, including semantic reconstruction, hidden process detection, resource utilization analysis, comprehensive analysis, and so forth, are thoroughly analyzed and investigated. To validate the feasibility of PAMon, a miniaturized private cloud was configured aided by Xen and eucalyptus technology. Through experiments, it is demonstrated that the PAMon detection system can effectively address malicious programs running on the monitored virtual machines by comprehensively analyzing the critical processes, hidden processes, and resource-seizing processes. Moreover, this detection system is more comprehensive, thorough, and reliable than existing detection techniques.

Hidden process detection technique based on memory search

To research the existing hidden process detection techniques and its anti-detection techniques in Windows, a new detect method based on the memory search was brought forth and its performance was improved. This technique made use of the inherent characteristics of process to traverse the system address space for establishing integrated process list, and then detected hidden process. Experiments show that this detection method is of higher reliability, efficiency and integrity.

Research of HSC-based hidden process detection technique

This article introduced normal hidden process detection techniques in Windows,and brought forth Hook System Call(HSC) based hidden process detection technique.Finally it improved the detection technique to withstand RootKit's attack.This technique made use of hidden process's action characteristics to hook system call for establishing integrated process list,and then detected hidden process.This detection method is more reliable,so it can detect more malware's intrusions than general security detection softwares.