The Journal of China Universities of Posts and Telecommunications ›› 2020, Vol. 27 ›› Issue (4): 59-68.doi: 10.19682/j.cnki.1005-8885.2020.0037

• Security • Previous Articles     Next Articles

VMScan: an out-of-VM malware scanner

Lin Jie, Liu Chuanyi, Fang Binxing   

  1. Harbin Institute of Technology, Shenzhen
  • Received:2019-10-24 Revised:2020-11-19 Online:2020-08-31 Published:2020-08-31
  • Contact: Lin Jie E-mail:jie_lin@hit.edu.cn

Abstract: The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

Key words: security, virtualization, cloud, malware, virus, detection, signature, scanning

CLC Number: