AIT: A method for operating system kernel function call graph generation with a virtualization technique

被引:0
|
作者
Jiao, Longlong [1 ]
Luo, Senlin [1 ]
Liu, Wangtong [1 ]
Pan, Limin [1 ]
机构
[1] Beijing Inst Technol, Informat Syst & Secur & Countermeasures Expt Ctr, Beijing 100081, Peoples R China
来源
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS | 2020年 / 14卷 / 05期
关键词
Function call graph; operating system kernel; virtualization; system trap;
D O I
10.3837/tiis.2020.05.012
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.
引用
收藏
页码:2084 / 2100
页数:17
相关论文
共 50 条
  • [11] Evolution of Function-Call Network Reliability in Android Operating System
    Yao, Anzhuo
    Sun, Pengfei
    Yang, Shunkun
    Li, Daqing
    IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS I-REGULAR PAPERS, 2020, 67 (04) : 1264 - 1275
  • [12] An Improved Method for Visual Word Generation Based on Kernel Function
    Wang, Hongxia
    Yang, Kejian
    Gao, Feng
    MECHANICAL AND ELECTRONICS ENGINEERING III, PTS 1-5, 2012, 130-134 : 166 - +
  • [13] A Graph Method of Package Dependency Analysis on Linux Operating System
    Wang, Jing
    Wu, Qingbo
    Tan, Yusong
    Xu, Jing
    Sun, Xiaoli
    PROCEEDINGS OF 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2015), 2015, : 412 - 415
  • [14] Embedding vector generation based on function call graph for effective malware detection and classification
    Xiao-Wang Wu
    Yan Wang
    Yong Fang
    Peng Jia
    Neural Computing and Applications, 2022, 34 : 8643 - 8656
  • [15] Embedding vector generation based on function call graph for effective malware detection and classification
    Wu, Xiao-Wang
    Wang, Yan
    Fang, Yong
    Jia, Peng
    NEURAL COMPUTING & APPLICATIONS, 2022, 34 (11): : 8643 - 8656
  • [16] A similarity metric method of obfuscated malware using function-call graph
    Xu M.
    Wu L.
    Qi S.
    Xu J.
    Zhang H.
    Ren Y.
    Zheng N.
    Journal in Computer Virology, 2013, 9 (01): : 35 - 47
  • [17] Hash-Based Function Call Graph Fusion Method for IoT Malware Detection
    Lin, Gao-Yu
    Lin, Ming-Huang
    Hong, Bing-Kai
    Cheng, Shin-Ming
    2023 26TH INTERNATIONAL SYMPOSIUM ON WIRELESS PERSONAL MULTIMEDIA COMMUNICATIONS, WPMC, 2023, : 159 - 164
  • [18] SeGDroid: An Android malware detection method based on sensitive function call graph learning
    Liu, Zhen
    Wang, Ruoyu
    Japkowicz, Nathalie
    Gomes, Heitor Murilo
    Peng, Bitao
    Zhang, Wenbin
    EXPERT SYSTEMS WITH APPLICATIONS, 2024, 235
  • [19] HGDetector: A hybrid Android malware detection method using network traffic and Function call graph
    Feng, Jiayin
    Shen, Limin
    Chen, Zhen
    Lei, Yu
    Li, Hui
    ALEXANDRIA ENGINEERING JOURNAL, 2025, 114 : 30 - 45
  • [20] Intelligent Legal Document Generation System and Method Based on Knowledge Graph
    Wei, Haifeng
    PROCEEDINGS OF 2024 INTERNATIONAL CONFERENCE ON MACHINE INTELLIGENCE AND DIGITAL APPLICATIONS, MIDA2024, 2024, : 350 - 354