摘要
传统的检测机制主要基于物理实体机,检测程序与恶意程序同时运行在系统中,会受到恶意程序的干扰,无法准确检测到系统状态。文章分析了当前网络突出的异常行为形式和特点,提出了通过建立异常行为在线检测平台实现网络监管的思路,并分析了搭建在线检测平台涉及的相关关键技术,研究了虚拟化技术和虚拟机自省技术的特点,提出了依托虚拟化技术,利用虚拟机自省技术实现对网络突出的异常行为进行连续测试与监测的方法。文章设计并实现了基于Xen的网络异常行为在线检测平台模型。
The traditional detection mechanism mainly based on the physical machine. The detection software is disturbed by the malicious software which resides on the same OS, so it is hard to detect OS status accurately. This paper presented an approach of supervision to the Internet by establishing an online detection platform against the abnormal behavior. It analyzed the key technologies in establishing the online detection platform and the characteristics of virtualization technology and virtual machine introspection technology. This paper proposes a method that can test and monitor the abnormal behavior in a continuous way relying on virtualization technology and virtual machine introspection technology. At last, this paper designs and implements a model of Xen-based online detection platform against the abnormal behavior.
出处
《信息网络安全》
2016年第9期139-144,共6页
Netinfo Security
基金
国家重点研发计划[2016YFB0800805]
天津市科技服务科技重大专项[16ZXFWGX00140]
中国民航大学信息安全测评中心开放基金课题[CAAC-ISECCA-201501]