| “In-VM”模型的隐藏代码检测模型 |
| |
| 引用本文: | 陈林,刘波,胡华平,肖枫涛,张静.“In-VM”模型的隐藏代码检测模型[J].中国通信学报,2011,8(4):99-108. |
| |
| 作者姓名: | 陈林 刘波 胡华平 肖枫涛 张静 |
| |
| 摘 要: |
|
| 收稿时间: | 2011-09-08; |
Detecting Hidden Malware Method Based on “In-VM” Model |
| |
| Chen Lin,Liu Bo,Hu Huaping,Xiao Fengtao,Zhang Jing.Detecting Hidden Malware Method Based on “In-VM” Model[J].China communications magazine,2011,8(4):99-108. |
| |
| Authors: | Chen Lin Liu Bo Hu Huaping Xiao Fengtao Zhang Jing |
| |
| Affiliation: | Computer School, National University of Defense Technology, Changsha 410073, Hunan Province, P. R. China |
| |
| Abstract: | Security tools are rapidly developed as network security threat is becoming more and more serious. To overcome the fundamental limitation of traditional host based anti malware system which is likely to be deceived and attacked by malicious codes, VMM based anti malware systems have recently become a hot research field. In this article, the existing malware hiding technique is analyzed, and a detecting model for hidden process based on “In VM” idea is also proposed. Based on this detecting model, a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully. This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies. In order to detect the malwares which use remote injection method to hide themselves, a method by hijacking sysenter instruction is also proposed. Experiments show that the proposed methods guarantee the isolation of virtual machines, can detect all malware samples, and just bring little performance loss. |
| |
| Keywords: | network security Virtual Machine Monitor(VMM) malware detection hidden process hardware virtualization |
|
| 点击此处可从《中国通信学报》浏览原始摘要信息 |
|
点击此处可从《中国通信学报》下载全文 |
|
