{"id":"https://openalex.org/W3083181304","doi":"https://doi.org/10.1109/tc.2020.3022023","title":"Virtual Wall: Filtering Rootkit Attacks To Protect Linux Kernel Functions","display_name":"Virtual Wall: Filtering Rootkit Attacks To Protect Linux Kernel Functions","publication_year":2020,"publication_date":"2020-09-04","ids":{"openalex":"https://openalex.org/W3083181304","doi":"https://doi.org/10.1109/tc.2020.3022023","mag":"3083181304"},"language":"en","primary_location":{"id":"doi:10.1109/tc.2020.3022023","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2020.3022023","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100364655","display_name":"Yonggang Li","orcid":"https://orcid.org/0000-0003-2820-2424"},"institutions":[{"id":"https://openalex.org/I4210104064","display_name":"Shenzhen Academy of Robotics","ror":"https://ror.org/01h027j09","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210104064"]},{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210116924","display_name":"Chinese University of Hong Kong, Shenzhen","ror":"https://ror.org/02d5ks197","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633","https://openalex.org/I180726961","https://openalex.org/I4210116924"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yong-Gang Li","raw_affiliation_strings":["School of Data Science, Chinese University of Hong Kong, Shenzhen, China","Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","University of Science and Technology of China, Anhui, China"],"affiliations":[{"raw_affiliation_string":"School of Data Science, Chinese University of Hong Kong, Shenzhen, China","institution_ids":["https://openalex.org/I4210116924"]},{"raw_affiliation_string":"Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","institution_ids":["https://openalex.org/I4210104064"]},{"raw_affiliation_string":"University of Science and Technology of China, Anhui, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043627040","display_name":"Yeh\u2010Ching Chung","orcid":"https://orcid.org/0000-0002-8704-9821"},"institutions":[{"id":"https://openalex.org/I4210104064","display_name":"Shenzhen Academy of Robotics","ror":"https://ror.org/01h027j09","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210104064"]},{"id":"https://openalex.org/I4210116924","display_name":"Chinese University of Hong Kong, Shenzhen","ror":"https://ror.org/02d5ks197","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633","https://openalex.org/I180726961","https://openalex.org/I4210116924"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yeh-Ching Chung","raw_affiliation_strings":["School of Data Science, Chinese University of Hong Kong, Shenzhen, China","Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Data Science, Chinese University of Hong Kong, Shenzhen, China","institution_ids":["https://openalex.org/I4210116924"]},{"raw_affiliation_string":"Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","institution_ids":["https://openalex.org/I4210104064"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046994015","display_name":"Kai Hwang","orcid":"https://orcid.org/0000-0001-5503-3932"},"institutions":[{"id":"https://openalex.org/I4210116924","display_name":"Chinese University of Hong Kong, Shenzhen","ror":"https://ror.org/02d5ks197","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633","https://openalex.org/I180726961","https://openalex.org/I4210116924"]},{"id":"https://openalex.org/I4210104064","display_name":"Shenzhen Academy of Robotics","ror":"https://ror.org/01h027j09","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210104064"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Hwang","raw_affiliation_strings":["School of Data Science, Chinese University of Hong Kong, Shenzhen, China","Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Data Science, Chinese University of Hong Kong, Shenzhen, China","institution_ids":["https://openalex.org/I4210116924"]},{"raw_affiliation_string":"Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","institution_ids":["https://openalex.org/I4210104064"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040908982","display_name":"Yuejin Li","orcid":"https://orcid.org/0000-0003-1284-4668"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210116924","display_name":"Chinese University of Hong Kong, Shenzhen","ror":"https://ror.org/02d5ks197","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633","https://openalex.org/I180726961","https://openalex.org/I4210116924"]},{"id":"https://openalex.org/I4210104064","display_name":"Shenzhen Academy of Robotics","ror":"https://ror.org/01h027j09","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210104064"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yue-Jin Li","raw_affiliation_strings":["School of Data Science, Chinese University of Hong Kong, Shenzhen, China","Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","University of Science and Technology of China, Anhui, China"],"affiliations":[{"raw_affiliation_string":"School of Data Science, Chinese University of Hong Kong, Shenzhen, China","institution_ids":["https://openalex.org/I4210116924"]},{"raw_affiliation_string":"Shenzhen Institute of Artificial Intelligence and Robotics for Society, Guangdong, China","institution_ids":["https://openalex.org/I4210104064"]},{"raw_affiliation_string":"University of Science and Technology of China, Anhui, China","institution_ids":["https://openalex.org/I126520041"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100364655"],"corresponding_institution_ids":["https://openalex.org/I126520041","https://openalex.org/I4210104064","https://openalex.org/I4210116924"],"apc_list":null,"apc_paid":null,"fwci":0.5302,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.72900203,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"70","issue":"10","first_page":"1640","last_page":"1653"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9797165393829346},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8016024827957153},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.7504763603210449},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6376774907112122},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5147414207458496},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.5040335059165955},{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.4964607357978821},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.4799361824989319},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.43653783202171326},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.4354715049266815},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4326176345348358},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.41584235429763794},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.18214505910873413},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.09640076756477356}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9797165393829346},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8016024827957153},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.7504763603210449},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6376774907112122},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5147414207458496},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.5040335059165955},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.4964607357978821},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.4799361824989319},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.43653783202171326},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.4354715049266815},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4326176345348358},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.41584235429763794},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.18214505910873413},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.09640076756477356},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tc.2020.3022023","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2020.3022023","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6000000238418579,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W19788882","https://openalex.org/W57172993","https://openalex.org/W1226496485","https://openalex.org/W1550115315","https://openalex.org/W1658564704","https://openalex.org/W1825424464","https://openalex.org/W1903860135","https://openalex.org/W1990763629","https://openalex.org/W1992496112","https://openalex.org/W2017889480","https://openalex.org/W2025698937","https://openalex.org/W2046366674","https://openalex.org/W2078661549","https://openalex.org/W2091618476","https://openalex.org/W2135162105","https://openalex.org/W2138580357","https://openalex.org/W2275408761","https://openalex.org/W2279504918","https://openalex.org/W2290702548","https://openalex.org/W2376304198","https://openalex.org/W2594161941","https://openalex.org/W2601109594","https://openalex.org/W2750034649","https://openalex.org/W2782776600","https://openalex.org/W2804097031","https://openalex.org/W3155059565","https://openalex.org/W6600813141","https://openalex.org/W6638779862","https://openalex.org/W6656860525","https://openalex.org/W6695080766","https://openalex.org/W7071079943"],"related_works":["https://openalex.org/W1994712384","https://openalex.org/W2393767428","https://openalex.org/W1979469929","https://openalex.org/W4240186231","https://openalex.org/W2550565492","https://openalex.org/W2354398839","https://openalex.org/W2171038386","https://openalex.org/W2025088090","https://openalex.org/W4385750663","https://openalex.org/W1514297880"],"abstract_inverted_index":{"Linux":[0,13,41,144,266],"servers":[1],"are":[2,16,70,89,191],"being":[3],"used":[4],"in":[5,39,63,146,278],"almost":[6],"all":[7],"clouds,":[8],"datacenters":[9],"and":[10,50,84,138,179,194,204,213,229,280],"supercomputers":[11],"today.":[12],"Kernel":[14],"functions":[15],"facing":[17],"a":[18,107,131,147,151,168],"kind":[19],"of":[20,87,181,273],"malware":[21],"attacks,":[22],"known":[23],"as":[24,32,252],"rootkits":[25,30,69,88,233],"with":[26,59,102,135,247,261,290],"root-access":[27],"capability.":[28],"The":[29,67,171,201,235],"appear":[31],"<italic":[33,109],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[34,110],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">loadable":[35],"kernel":[36,48,54,64,68,125,232],"modules</i>":[37],"(LKM)":[38],"today's":[40],"servers.":[42,267],"These":[43],"modules":[44],"hide":[45],"from":[46],"other":[47,186,248,292],"objects,":[49],"can":[51],"redirect":[52],"the":[53,60,118,123,143,155,160,162,177,221,271],"control":[55,164,212],"flow":[56],"by":[57,121,159],"tampering":[58],"metadata":[61],"needed":[62],"service":[65],"functions.":[66],"invisible":[71],"to":[72,96,115,167,196,227,259],"users":[73],"after":[74],"loading,":[75],"which":[76,92],"may":[77],"bypass":[78],"most":[79],"security":[80,156],"shields.":[81],"Both":[82],"spatial":[83],"temporal":[85],"appearance":[86],"randomly":[90],"distributed,":[91],"makes":[93],"it":[94],"difficult":[95],"detect":[97,228],"or":[98],"removal.":[99],"To":[100],"deal":[101],"rootkit":[103,136,182,189,293],"threats,":[104],"we":[105],"propose":[106],"novel":[108],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Virtual":[111],"Wall</i>":[112],"(VTW)":[113],"approach":[114],"filtering":[116,199],"out":[117],"rootkit-embedded":[119],"LKMs":[120],"tracing":[122,140,180,205],"incurred":[124],"activities.":[126],"This":[127],"VTW":[128,172,222,240,274],"is":[129,207,225,241,257],"essentially":[130],"lightweight":[132],"hypervisor":[133],"built":[134],"detection":[137,178,203],"event":[139,214],"capabilities.":[141],"Normally,":[142],"runs":[145],"guest":[148],"mode.":[149,170],"When":[150],"LKM":[152],"execution":[153],"violates":[154],"policy":[157],"set":[158],"VTW,":[161],"OS":[163],"will":[165,269,285],"switch":[166],"host":[169,174],"at":[173],"mode":[175],"enables":[176],"events":[183],"timely.":[184,234],"In":[185],"words,":[187],"potential":[188,281],"attacks":[190],"detected,":[192],"traced":[193],"classified":[195],"make":[197],"meaningful":[198],"decisions.":[200],"whole":[202],"process":[206],"based":[208],"on":[209,265],"memory":[210],"access":[211],"injection":[215],"mechanisms.":[216],"Experimental":[217],"results":[218],"show":[219],"that":[220],"defense":[223,249,294],"system":[224,289],"effective":[226],"defend":[230],"against":[231],"CPU":[236],"overhead":[237],"for":[238],"executing":[239],"less":[242],"than":[243],"2":[244],"percent.":[245],"Compared":[246],"schemes":[250],"(such":[251],"DIKernel,":[253],"etc.),":[254],"our":[255,288],"vs":[256],"easier":[258],"implement":[260],"low":[262],"performance":[263,282],"degradation":[264],"We":[268,284],"demonstrate":[270],"advantages":[272],"through":[275],"its":[276],"simplicity":[277],"implementation":[279],"gains.":[283],"also":[286],"compare":[287],"seven":[291],"systems.":[295]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}