Recent years have witnessed an increasing threat from kernel rootkits. A common feature of such attack is hiding malicious objects to conceal their presence, including processes, sockets, and kernel modules. Scanning ...
详细信息
ISBN:
(纸本)9781450305648
Recent years have witnessed an increasing threat from kernel rootkits. A common feature of such attack is hiding malicious objects to conceal their presence, including processes, sockets, and kernel modules. Scanning memory with object signatures to detect the stealthy rootkit has been proven to be a powerful approach only when it is hard for adversaries to evade. However, it is difficult, if not impossible, to select fields from a single data structure as robust signatures with traditional techniques. In this paper, we propose the concepts of inter-structure signature and imported signature, and present techniques to detect stealthy malware based on these concepts. The key idea is to use cross-reference relationships of multiple data structures as signatures to detect stealthy malware, and to import some extra information into regions attached to target data structures as signatures. We have inferred four invariants as signatures to detect hidden processes, sockets, and kernel modules in Linux respectively and implemented a prototype detection system called DeepScanner. Meanwhile, we have also developed a hypervisor-based monitor to protect imported signatures. Our experimental result shows that our DeepScanner can effectively and efficiently detect stealthy objects hidden by seven real-world rootkits without any false positives and false negatives, and an adversary can hardly evade DeepScanner if he/she does not break the normal functions of target objects and the system. Copyright 2011 ACM.
In this paper, we consider skyline queries in a mobile and distributed environment, where data objects are distributed in some sites (database servers) which are interconnected through a high-speed wired network, an...
详细信息
In this paper, we consider skyline queries in a mobile and distributed environment, where data objects are distributed in some sites (database servers) which are interconnected through a high-speed wired network, and queries are issued by mobile units (laptop, cell phone, etc.) which access the data objects of database servers by wireless channels. The inherent properties of mobile computing environment such as mobility, limited wireless bandwidth, frequent disconnection, make skyline queries more complicated. We show how to efficiently perform distributed skyline queries in a mobile environment and propose a skyline query processing approach, called efficient distributed skyline based on mobile computing (EDS-MC). In EDS-MC, a distributed skyline query is decomposed into five processing phases and each phase is elaborately designed in order to reduce the network communication, network delay and query response time. We conduct extensive experiments in a simulated mobile database system, and the experimental results demonstrate the superiority of EDS-MC over other skyline query processing techniques on mobile computing.
Detecting and exploiting correlations among columns in relational databases are of great value for query optimizers to generate better query execution plans (QEPs). We propose a more robust and informative metric, nam...
详细信息
knowledge graph alignment aims to link equivalent entities across different knowledge graphs. To utilize both the graph structures and the side information such as name, description and attributes, most of the works p...
详细信息
Complex spatial data is the fundamental content of Smart Earth. Spatial data mining plays an important role in Smart Earth. In this paper, it is proposed that "Smart earth equals to Digital Earth plus the Interne...
详细信息
Predicting student performance is a fundamental task in Intelligent Tutoring Systems (ITSs), by which we can learn about students’ knowledge level and provide personalized teaching strategies for them. Researche...
详细信息
Subjective logic provides a means to describe the trust relationship of the realworld. However, existing fusion operations it offers Weal fused opiniotts equally, which makes it impossible to deal with the weighted op...
详细信息
Subjective logic provides a means to describe the trust relationship of the realworld. However, existing fusion operations it offers Weal fused opiniotts equally, which makes it impossible to deal with the weighted opinions effectively. A. Jcsang presents a solution, which combines the discounting operator and the fusion operator to produce the consensus to the problem. In this paper, we prove that this approach is unsuitable to deal with the weighted opinions because it increases the uncertainty of the consensus. To address the problem, we propose two novel fusion operators that are capable of fusing opinions according to the weight of opinion in a fair way, and one of the strengths of them is improving the trust expressiveness of subjective logic. Furthermore, we present the justification on their definitions with the mapping between the evidence space and the opinion space. Comparisons between existing operators and the ones we proposed show the effectiveness of our new fusion operations.
When acquiring labels from crowdsourcing platforms, a task may be designed to include multiple labels and the values of each label may belong to a set of various distinct options, which is the so-called multi-class mu...
详细信息
Analyzing short texts infers discriminative and coherent latent topics that is a critical and fundamental task since many real-world applications require semantic understanding of short texts. Traditional long text to...
详细信息
Few-shot knowledge graph completion (FKGC) aims to infer unknown fact triples of a relation using its few-shot reference entity pairs. Recent FKGC studies focus on learning semantic representations of entity pairs by ...
详细信息
暂无评论