RecObj: detection and recovery of hidden objects based on virtualization.

Saved in:
Bibliographic Details
Title: RecObj: detection and recovery of hidden objects based on virtualization.
Authors: Wu, Yun1 (AUTHOR), Bao, Yang2 (AUTHOR), Li, Yonggang3 (AUTHOR), Jin, Guang4 (AUTHOR), Cui, Chaoyuan1 (AUTHOR)
Source: Computer Journal. Jun2026, Vol. 69 Issue 6, p1015-1026. 12p.
Subjects: Virtual machine systems, Intrusion detection systems (Computer security), Hypervisor (Computer software), Computer operating systems, Computer memory management, Malware
Abstract: The security of operating system has always been challenged by the hidden operation of rootkits. Based on virtual machine introspection technology, security tools are deployed outside the target virtual machine (TVM) that provides strict isolation between them and enhances the anti-interference of security tools. However, the current methods based on virtualization can only detect the hidden objects but cannot make them visible to TVM that leads to handling failure for host-based security tools. To solve this problem, this paper proposes a hidden object detection and recovery method RecObj based on virtualization technology. RecObj uses multidimensional semantic views cross-comparison to discover the hidden processes and files. By dynamically monitoring the change of logical relationship between loadable kernel modules and the change of their states, the hiding detection of rootkit itself can be realized. For processes and modules hidden by direct kernel object manipulation technology, RecObj uses memory writable mapping to restore hidden objects to be visible objects. Finally, the processing signal is transmitted to the hidden object manager in TVM through xenstore, and the cleanup operation to the hidden object is completed. The feasibility and effectiveness of RecObj is proved through the hiding detection, recovery, and processing experiments. [ABSTRACT FROM AUTHOR]
Copyright of Computer Journal is the property of Oxford University Press / USA and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 194728442
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: RecObj: detection and recovery of hidden objects based on virtualization.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Wu%2C+Yun%22">Wu, Yun</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Bao%2C+Yang%22">Bao, Yang</searchLink><relatesTo>2</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Li%2C+Yonggang%22">Li, Yonggang</searchLink><relatesTo>3</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Jin%2C+Guang%22">Jin, Guang</searchLink><relatesTo>4</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Cui%2C+Chaoyuan%22">Cui, Chaoyuan</searchLink><relatesTo>1</relatesTo> (AUTHOR)
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Computer+Journal%22">Computer Journal</searchLink>. Jun2026, Vol. 69 Issue 6, p1015-1026. 12p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Virtual+machine+systems%22">Virtual machine systems</searchLink><br /><searchLink fieldCode="DE" term="%22Intrusion+detection+systems+%28Computer+security%29%22">Intrusion detection systems (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Hypervisor+%28Computer+software%29%22">Hypervisor (Computer software)</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+operating+systems%22">Computer operating systems</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+memory+management%22">Computer memory management</searchLink><br /><searchLink fieldCode="DE" term="%22Malware%22">Malware</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The security of operating system has always been challenged by the hidden operation of rootkits. Based on virtual machine introspection technology, security tools are deployed outside the target virtual machine (TVM) that provides strict isolation between them and enhances the anti-interference of security tools. However, the current methods based on virtualization can only detect the hidden objects but cannot make them visible to TVM that leads to handling failure for host-based security tools. To solve this problem, this paper proposes a hidden object detection and recovery method RecObj based on virtualization technology. RecObj uses multidimensional semantic views cross-comparison to discover the hidden processes and files. By dynamically monitoring the change of logical relationship between loadable kernel modules and the change of their states, the hiding detection of rootkit itself can be realized. For processes and modules hidden by direct kernel object manipulation technology, RecObj uses memory writable mapping to restore hidden objects to be visible objects. Finally, the processing signal is transmitted to the hidden object manager in TVM through xenstore, and the cleanup operation to the hidden object is completed. The feasibility and effectiveness of RecObj is proved through the hiding detection, recovery, and processing experiments. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Computer Journal is the property of Oxford University Press / USA and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=194728442
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1093/comjnl/bxag007
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 12
        StartPage: 1015
    Subjects:
      – SubjectFull: Virtual machine systems
        Type: general
      – SubjectFull: Intrusion detection systems (Computer security)
        Type: general
      – SubjectFull: Hypervisor (Computer software)
        Type: general
      – SubjectFull: Computer operating systems
        Type: general
      – SubjectFull: Computer memory management
        Type: general
      – SubjectFull: Malware
        Type: general
    Titles:
      – TitleFull: RecObj: detection and recovery of hidden objects based on virtualization.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Wu, Yun
      – PersonEntity:
          Name:
            NameFull: Bao, Yang
      – PersonEntity:
          Name:
            NameFull: Li, Yonggang
      – PersonEntity:
          Name:
            NameFull: Jin, Guang
      – PersonEntity:
          Name:
            NameFull: Cui, Chaoyuan
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 06
              Text: Jun2026
              Type: published
              Y: 2026
          Identifiers:
            – Type: issn-print
              Value: 00104620
          Numbering:
            – Type: volume
              Value: 69
            – Type: issue
              Value: 6
          Titles:
            – TitleFull: Computer Journal
              Type: main
ResultId 1