中国邮电高校学报(英文) ›› 2020, Vol. 27 ›› Issue (4): 59-68.doi: 10.19682/j.cnki.1005-8885.2020.0037

• • 上一篇    下一篇

VMScan: an out-of-VM malware scanner

林杰 刘川意 方滨兴   

  1. 哈尔滨工业大学(深圳)
  • 收稿日期:2019-10-24 修回日期:2020-11-19 出版日期:2020-08-31 发布日期:2020-08-31
  • 通讯作者: 林杰 E-mail:jie_lin@hit.edu.cn

VMScan: an out-of-VM malware scanner

Lin Jie, Liu Chuanyi, Fang Binxing   

  1. Harbin Institute of Technology, Shenzhen
  • Received:2019-10-24 Revised:2020-11-19 Online:2020-08-31 Published:2020-08-31
  • Contact: Lin Jie E-mail:jie_lin@hit.edu.cn

摘要:

The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

关键词:

security, virtualization, cloud, malware, virus, detection, signature, scanning

Abstract: The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

Key words: security, virtualization, cloud, malware, virus, detection, signature, scanning

中图分类号: