{"id":"https://openalex.org/W3036246938","doi":"https://doi.org/10.1109/tifs.2020.3004264","title":"Detecting Hardware-Assisted Virtualization With Inconspicuous Features","display_name":"Detecting Hardware-Assisted Virtualization With Inconspicuous Features","publication_year":2020,"publication_date":"2020-06-22","ids":{"openalex":"https://openalex.org/W3036246938","doi":"https://doi.org/10.1109/tifs.2020.3004264","mag":"3036246938"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2020.3004264","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2020.3004264","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100410710","display_name":"Zhi Zhang","orcid":"https://orcid.org/0000-0003-3604-5369"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Zhi Zhang","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia","School of Computer Science and Engineering, University of New South Wales, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"School of Computer Science and Engineering, University of New South Wales, Sydney, Australia","institution_ids":["https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047799795","display_name":"Yueqiang Cheng","orcid":"https://orcid.org/0000-0002-6277-340X"},"institutions":[{"id":"https://openalex.org/I98301712","display_name":"Baidu (China)","ror":"https://ror.org/03vs3wt56","country_code":"CN","type":"company","lineage":["https://openalex.org/I98301712"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yueqiang Cheng","raw_affiliation_strings":["Baidu Security Research, Sunnyvale, USA","Baidu Security Research, Sunnyvale, CA, USA"],"affiliations":[{"raw_affiliation_string":"Baidu Security Research, Sunnyvale, USA","institution_ids":["https://openalex.org/I98301712"]},{"raw_affiliation_string":"Baidu Security Research, Sunnyvale, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067969908","display_name":"Yansong Gao","orcid":"https://orcid.org/0000-0001-6029-5064"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU","CN"],"is_corresponding":false,"raw_author_name":"Yansong Gao","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia","School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia","Data61, CSIRO, Sydney, NSW, Australia#TAB#"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"Data61, CSIRO, Sydney, NSW, Australia#TAB#","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004490190","display_name":"Dongxi Liu","orcid":"https://orcid.org/0000-0002-0221-2571"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Dongxi Liu","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia","Data61, CSIRO, Sydney, NSW, Australia#TAB#"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"Data61, CSIRO, Sydney, NSW, Australia#TAB#","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100458990","display_name":"Yi Zou","orcid":"https://orcid.org/0000-0002-4382-4670"},"institutions":[{"id":"https://openalex.org/I1343180700","display_name":"Intel (United States)","ror":"https://ror.org/01ek73717","country_code":"US","type":"company","lineage":["https://openalex.org/I1343180700"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yi Zou","raw_affiliation_strings":["Intel Labs, Hillsboro, USA","Intel Labs., Hillsboro, OR, USA"],"affiliations":[{"raw_affiliation_string":"Intel Labs, Hillsboro, USA","institution_ids":["https://openalex.org/I1343180700"]},{"raw_affiliation_string":"Intel Labs., Hillsboro, OR, USA","institution_ids":["https://openalex.org/I1343180700"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100410710"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I31746571","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":1.9884,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.89089904,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"16","issue":null,"first_page":"16","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.8858605623245239},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8514004945755005},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.7970625162124634},{"id":"https://openalex.org/keywords/full-virtualization","display_name":"Full virtualization","score":0.7954452037811279},{"id":"https://openalex.org/keywords/hardware-virtualization","display_name":"Hardware virtualization","score":0.5909212231636047},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.5605992078781128},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5457727909088135},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.5415390729904175},{"id":"https://openalex.org/keywords/application-virtualization","display_name":"Application virtualization","score":0.4950925409793854},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.4695219397544861},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4445892572402954},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4233919084072113}],"concepts":[{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.8858605623245239},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8514004945755005},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.7970625162124634},{"id":"https://openalex.org/C47878483","wikidata":"https://www.wikidata.org/wiki/Q848333","display_name":"Full virtualization","level":4,"score":0.7954452037811279},{"id":"https://openalex.org/C68793194","wikidata":"https://www.wikidata.org/wiki/Q1616095","display_name":"Hardware virtualization","level":5,"score":0.5909212231636047},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.5605992078781128},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5457727909088135},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.5415390729904175},{"id":"https://openalex.org/C13062989","wikidata":"https://www.wikidata.org/wiki/Q651531","display_name":"Application virtualization","level":5,"score":0.4950925409793854},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.4695219397544861},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4445892572402954},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4233919084072113}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2020.3004264","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2020.3004264","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W7103708","https://openalex.org/W23711711","https://openalex.org/W78162143","https://openalex.org/W191656338","https://openalex.org/W1503814339","https://openalex.org/W1934458198","https://openalex.org/W2032151752","https://openalex.org/W2061354941","https://openalex.org/W2107776555","https://openalex.org/W2120297918","https://openalex.org/W2131726714","https://openalex.org/W2140807364","https://openalex.org/W2163563130","https://openalex.org/W2327709439","https://openalex.org/W2329308213","https://openalex.org/W2496872468","https://openalex.org/W2516668814","https://openalex.org/W2522718524","https://openalex.org/W2585270215","https://openalex.org/W2612454599","https://openalex.org/W2787617994","https://openalex.org/W2795222486","https://openalex.org/W2889508486","https://openalex.org/W2910131692","https://openalex.org/W2963311060","https://openalex.org/W2978655370","https://openalex.org/W4206599048","https://openalex.org/W4233459511","https://openalex.org/W6600275301","https://openalex.org/W6601006388","https://openalex.org/W6677743974","https://openalex.org/W6732938580","https://openalex.org/W6754306559"],"related_works":["https://openalex.org/W2021257679","https://openalex.org/W2106040863","https://openalex.org/W2134071009","https://openalex.org/W137788609","https://openalex.org/W4256146708","https://openalex.org/W1606290493","https://openalex.org/W759120778","https://openalex.org/W2608663509","https://openalex.org/W1833762821","https://openalex.org/W2130605493"],"abstract_inverted_index":{"Recent":[0],"years":[1],"have":[2],"witnessed":[3],"the":[4,7,72,82,116,124,129,175,238],"proliferation":[5],"of":[6,9,131,151,162],"deployment":[8],"virtualization":[10,59,79,83,133,182],"techniques.":[11],"Virtualization":[12],"is":[13,31,171],"designed":[14],"to":[15,26,70,91,111],"be":[16,24,65,92,105],"transparent,":[17],"that":[18,215],"is,":[19],"unprivileged":[20,109],"users":[21],"should":[22],"not":[23],"able":[25],"detect":[27,71,115],"whether":[28],"a":[29],"system":[30,232],"virtualized.":[32],"Such":[33],"detection":[34,183,219],"can":[35,64,104],"result":[36],"in":[37,236],"serious":[38],"security":[39],"threats":[40],"such":[41],"as":[42],"evading":[43],"virtual":[44],"machine":[45],"(VM)-based":[46],"malware":[47],"dynamic":[48],"analysis":[49],"and":[50,89,113,165,194,208,227],"exploiting":[51],"vulnerabilities":[52],"for":[53],"cross-VM":[54],"attacks.":[55],"The":[56,139],"traditional":[57],"software-based":[58,132],"leaves":[60],"numerous":[61],"artifacts/fingerprints,":[62],"which":[63,103,185],"exploited":[66],"without":[67],"much":[68],"effort":[69],"virtualization.":[73,118],"In":[74],"contrast,":[75],"current":[76],"mainstream":[77],"hardware-assisted":[78,117],"significantly":[80],"enhances":[81],"transparency,":[84],"making":[85],"itself":[86],"more":[87,160],"transparent":[88],"difficult":[90],"detected.":[93],"Nonetheless,":[94],"we":[95,178],"showcase":[96],"three":[97,120,180,191,195,217],"new":[98],"identified":[99,140],"low-level":[100],"inconspicuous":[101],"features,":[102,177],"leveraged":[106],"by":[107],"an":[108,148],"adversary":[110],"effectively":[112],"stealthily":[114],"All":[119],"features":[121,141],"come":[122],"from":[123],"chipset":[125],"fingerprints,":[126],"rather":[127],"than":[128],"traces":[130],"implementations":[134],"(e.g.,":[135],"Xen":[136],"or":[137],"KVM).":[138],"include":[142],"i)":[143,199],"Translation-Lookaside":[144],"Buffer":[145],"(TLB)":[146],"stores":[147],"extra":[149],"layer":[150,161],"address":[152],"translations;":[153],"ii)":[154,204],"Last-Level":[155],"Cache":[156,170],"(LLC)":[157],"caches":[158],"one":[159],"page-table":[163],"entries;":[164],"iii)":[166,209],"Level-1":[167],"Data":[168],"(L1D)":[169],"unstable.":[172],"Based":[173],"on":[174,190],"above":[176,239],"develop":[179],"corresponding":[181],"techniques,":[184],"are":[186,221],"then":[187],"comprehensively":[188],"evaluated":[189],"native":[192],"environments":[193],"popular":[196],"cloud":[197],"providers:":[198],"Amazon":[200],"Elastic":[201],"Compute":[202,206],"Cloud,":[203],"Google":[205],"Engine":[207],"Microsoft":[210],"Azure.":[211],"Experimental":[212],"results":[213],"validate":[214],"these":[216],"adversarial":[218],"techniques":[220],"effective":[222],"(with":[223],"no":[224],"false":[225],"positive)":[226],"stealthy":[228],"(without":[229],"triggering":[230],"suspicious":[231],"events,":[233],"e.g.,":[234],"VM-exit)":[235],"detecting":[237],"commodity":[240],"virtualized":[241],"environments.":[242]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}