{"id":"https://openalex.org/W2958328211","doi":"https://doi.org/10.1109/access.2019.2928060","title":"A Kernel Rootkit Detection Approach Based on Virtualization and Machine Learning","display_name":"A Kernel Rootkit Detection Approach Based on Virtualization and Machine Learning","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2958328211","doi":"https://doi.org/10.1109/access.2019.2928060","mag":"2958328211"},"language":"en","primary_location":{"id":"doi:10.1109/access.2019.2928060","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2928060","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08759003.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08759003.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059751912","display_name":"Donghai Tian","orcid":"https://orcid.org/0000-0003-2217-4514"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Donghai Tian","raw_affiliation_strings":["Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-2217-4514","affiliations":[{"raw_affiliation_string":"Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101551878","display_name":"Rui Ma","orcid":"https://orcid.org/0000-0003-1728-0056"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui Ma","raw_affiliation_strings":["Beijing Key Laboratory of Software Security Engineering Technique, Beijing Institute of Technology, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Software Security Engineering Technique, Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015456692","display_name":"Xiaoqi Jia","orcid":"https://orcid.org/0000-0002-8376-3235"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoqi Jia","raw_affiliation_strings":["School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102753688","display_name":"Changzhen Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Changzhen Hu","raw_affiliation_strings":["Beijing Key Laboratory of Software Security Engineering Technique, Beijing Institute of Technology, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Software Security Engineering Technique, Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5059751912"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":2.1705,"has_fulltext":true,"cited_by_count":28,"citation_normalized_percentile":{"value":0.88351407,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"7","issue":null,"first_page":"91657","last_page":"91666"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9821089506149292},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8342024087905884},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6715096831321716},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6575113534927368},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.6326550245285034},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5323078632354736},{"id":"https://openalex.org/keywords/hardware-virtualization","display_name":"Hardware virtualization","score":0.4233807325363159},{"id":"https://openalex.org/keywords/full-virtualization","display_name":"Full virtualization","score":0.37655261158943176},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.36730995774269104},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.26543861627578735},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.16357821226119995}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9821089506149292},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8342024087905884},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6715096831321716},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6575113534927368},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.6326550245285034},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5323078632354736},{"id":"https://openalex.org/C68793194","wikidata":"https://www.wikidata.org/wiki/Q1616095","display_name":"Hardware virtualization","level":5,"score":0.4233807325363159},{"id":"https://openalex.org/C47878483","wikidata":"https://www.wikidata.org/wiki/Q848333","display_name":"Full virtualization","level":4,"score":0.37655261158943176},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.36730995774269104},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.26543861627578735},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.16357821226119995},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2019.2928060","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2928060","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08759003.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:955340a9258641e49371b7aede862e25","is_oa":true,"landing_page_url":"https://doaj.org/article/955340a9258641e49371b7aede862e25","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 7, Pp 91657-91666 (2019)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2019.2928060","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2928060","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08759003.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4000000059604645,"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8"}],"awards":[{"id":"https://openalex.org/G1480663469","display_name":null,"funder_award_id":"61602035","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3545308168","display_name":null,"funder_award_id":"2016QY07X1404","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G3853462455","display_name":null,"funder_award_id":"61772078","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2958328211.pdf","grobid_xml":"https://content.openalex.org/works/W2958328211.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W5790907","https://openalex.org/W31433452","https://openalex.org/W143519483","https://openalex.org/W161166442","https://openalex.org/W945058183","https://openalex.org/W1641762327","https://openalex.org/W1775664482","https://openalex.org/W1813040609","https://openalex.org/W1837052416","https://openalex.org/W1858426298","https://openalex.org/W2000249510","https://openalex.org/W2009346622","https://openalex.org/W2077841421","https://openalex.org/W2087740020","https://openalex.org/W2101077503","https://openalex.org/W2126220112","https://openalex.org/W2131726714","https://openalex.org/W2132874238","https://openalex.org/W2154933195","https://openalex.org/W2160679421","https://openalex.org/W2176830056","https://openalex.org/W2399284314","https://openalex.org/W2470989862","https://openalex.org/W2496872468","https://openalex.org/W2524202097","https://openalex.org/W2602229646","https://openalex.org/W2607923856","https://openalex.org/W2792875990","https://openalex.org/W2809318075","https://openalex.org/W2889959453","https://openalex.org/W4243947286","https://openalex.org/W6600239850","https://openalex.org/W6605901207","https://openalex.org/W6624833351","https://openalex.org/W6637110787","https://openalex.org/W6638853398","https://openalex.org/W6685576885","https://openalex.org/W6712621799","https://openalex.org/W6999680128"],"related_works":["https://openalex.org/W2021257679","https://openalex.org/W2067755938","https://openalex.org/W2134071009","https://openalex.org/W1606290493","https://openalex.org/W2106040863","https://openalex.org/W252333682","https://openalex.org/W137788609","https://openalex.org/W2065933154","https://openalex.org/W2019379525","https://openalex.org/W2374289827"],"abstract_inverted_index":{"OS":[0,17,25],"kernel":[1,26,30,34,43,57,92,110,138,172,193],"is":[2,27,39],"the":[3,7,42,65,116,136,147,158,163,181],"core":[4],"part":[5],"of":[6],"operating":[8],"system,":[9],"and":[10,94,130,167,198],"it":[11,45],"plays":[12],"an":[13,131],"important":[14,148],"role":[15],"for":[16,135,151],"resource":[18],"management.":[19],"A":[20],"popular":[21],"way":[22],"to":[23,89,140],"compromise":[24],"through":[28],"a":[29,37,109,128],"rootkit":[31,38,82,111,173],"(i.e.,":[32],"malicious":[33,50],"module).":[35],"Once":[36],"loaded":[40],"into":[41],"space,":[44],"can":[46,126,190],"carry":[47],"out":[48],"arbitrary":[49],"operations":[51],"with":[52,122,195],"high":[53,196],"privilege.":[54],"To":[55,102,145],"defeat":[56],"rootkits,":[58],"many":[59],"approaches":[60],"have":[61],"been":[62],"proposed":[63],"in":[64,180],"past":[66],"few":[67],"years.":[68],"However,":[69],"existing":[70],"methods":[71,78,86,97],"suffer":[72],"from":[73],"some":[74,85,96],"limitations:":[75],"1)":[76],"most":[77],"focus":[79],"on":[80,115],"user-mode":[81],"detection;":[83],"2)":[84],"are":[87],"limited":[88],"detect":[90,191],"obfuscated":[91],"modules;":[93],"3)":[95],"introduce":[98],"significant":[99],"performance":[100,200],"overhead.":[101],"address":[103],"these":[104],"problems,":[105],"we":[106,156],"propose":[107],"VKRD,":[108],"detection":[112,154,174],"system":[113,189],"based":[114],"hardware":[117,164],"assisted":[118,165],"virtualization":[119,166],"technology.":[120],"Compared":[121],"previous":[123],"methods,":[124],"VKRD":[125],"provide":[127],"transparent":[129],"efficient":[132],"execution":[133],"environment":[134],"target":[137],"module":[139],"reveal":[141],"its":[142],"run-time":[143,149],"behavior.":[144],"select":[146],"features":[150],"training":[152],"our":[153,171,188],"models,":[155],"utilize":[157],"TF-IDF":[159],"method.":[160],"By":[161],"combining":[162],"machine":[168],"learning":[169],"techniques,":[170],"solution":[175],"could":[176],"be":[177],"potentially":[178],"applied":[179],"cloud":[182],"environment.":[183],"The":[184],"experiments":[185],"show":[186],"that":[187],"windows":[192],"rootkits":[194],"accuracy":[197],"moderate":[199],"cost.":[201]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":1}],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}