期刊文献+

一种基于KVM虚拟机的隐藏进程检测算法 被引量:3

Hidden Process Detection Algorithm Based on KVM Virtual Machine
下载PDF
导出
摘要 针对虚拟机环境下木马隐藏自身进程的方式多样化和隐蔽化的问题,提出一种基于虚拟机的隐藏进程检测算法.算法依据客户机调度进程时会访问CR3寄存器而引起VCPU陷出到根模式执行原理,在虚拟机的陷出异常处理函数中插入多视图进程检测算法.提出一种优化的hash算法来减小对虚拟机的性能损失.对比内存搜索算法,实验证明本算法能准确地检测出隐藏原理未知的进程,且性能损失较小. Aiming at the diversity and covert of problem of the Trojans hidden themselves in the virtualization environment, a new method to detect the hidden Trojan process based on the KVM virtual machine is presented. According to the Inter-VT technology, when the guest operation scheduling a process to run, the VCPU must read the CR3 register, which is a privileged behavior, and cause the VM-Exit exception. This Algorithm hooks the exception handle procedure, and injects the multi-view model to detect hidden processes. An optimized hash algorithm is presented to reduce the cost of virtual machine performance. Experiments show that this method can detect hidden processes accurately even the principle of hide is not clear, and the cost of performance is small.
作者 彭春洪 刘丹
出处 《小型微型计算机系统》 CSCD 北大核心 2016年第2期231-235,共5页 Journal of Chinese Computer Systems
关键词 虚拟机 虚拟机内省 隐藏进程 多视图模型 哈希算法 KVM virtual machine KVM introspection hidden process multi view model hash algorithm
  • 相关文献

参考文献8

二级参考文献111

共引文献1135

同被引文献35

引证文献3

二级引证文献4

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部