###
DOI:
计算机系统应用英文版:2016,25(1):175-180
View/Add Comment     过刊浏览    高级检索     HTML
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
基于虚拟机自省的隐藏文件检测方法
乌云1, 李平2,3, 李勇钢2,3
(1.中国科学院合肥物质科学研究院应用技术研究所, 合肥 230088;2.中国科学院合肥智能机械研究所, 合肥 230031;3.中国科学技术大学自动化系, 合肥 230027)
Method of Hidden File Detection Based on Virtual Machine Introspection
WU Yun1, LI Ping2,3, LI Yong-Gang2,3
(1.Institute of Applied Technology, Chinese Academy of Sciences, Hefei 230088, China;2.Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei 230031, China;3.Department of Automation, University of Science and Technology of China, Hefei 230027, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 1202次   下载 2332
Received:May 03, 2015    Revised:June 15, 2015
中文摘要: 通过检测虚拟机内部的隐藏文件,检测工具可以及时判断虚拟机是否受到攻击.传统的文件检测工具驻留在被监视虚拟机中,容易遭到恶意软件的攻击.基于虚拟机自省原理,设计并实现一种模块化的虚拟机文件检测方法FDM. FDM借助操作系统内核知识,解析虚拟机所依存的物理硬件,构建虚拟机文件语义视图,并通过与内部文件列表比较来发现隐藏文件. FDM将硬件状态解析和操作系统语义信息获取以不同模块实现,不仅具备虚拟机自省技术的抗干扰性,还具备模块化架构的可移植性与高效性.实验结果表明, FDM能够准确快速地检测出虚拟机内部的隐藏文件.
中文关键词: 虚拟机自省  文件检测  隐藏文件
Abstract:The detection tools can judge whether the virtual machine is under attack or not through detecting the hidden files. The traditional file detection tools reside in the monitored virtual machine, which are vulnerable to attack by the malicious software. According to the virtual machine introspection, a modularized virtual machine file detection method(FDM) is designed and implemented. With the operating system kernel knowledge, FDM can parse the physical hardware and build the semantic view of the files. Then FDM can identify the hidden files by comparing with the internal file list. Meanwhile, parsing hardware status and obtaining semantic information are implemented in different modules. FDM has not only the tamper resistance of the virtual machine introspection, also has a modular architecture, portability and efficiency The experimental results show that the FDM can quickly and accurately detect the hidden filesinside virtual machine.
keywords: virtual machine introspection  file detection  hidden file
文章编号:     中图分类号:    文献标志码:
基金项目:中国科学院合肥物质科学研究院院长基金(YZJJ201329)
Author NameAffiliation
WU Yun Institute of Applied Technology, Chinese Academy of Sciences, Hefei 230088, China 
LI Ping Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei 230031, China
Department of Automation, University of Science and Technology of China, Hefei 230027, China 
LI Yong-Gang Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei 230031, China
Department of Automation, University of Science and Technology of China, Hefei 230027, China 
Author NameAffiliation
WU Yun Institute of Applied Technology, Chinese Academy of Sciences, Hefei 230088, China 
LI Ping Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei 230031, China
Department of Automation, University of Science and Technology of China, Hefei 230027, China 
LI Yong-Gang Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei 230031, China
Department of Automation, University of Science and Technology of China, Hefei 230027, China 
引用文本:
乌云,李平,李勇钢.基于虚拟机自省的隐藏文件检测方法.计算机系统应用,2016,25(1):175-180
WU Yun,LI Ping,LI Yong-Gang.Method of Hidden File Detection Based on Virtual Machine Introspection.COMPUTER SYSTEMS APPLICATIONS,2016,25(1):175-180

用微信扫一扫

Copyright:Institute of Software, Chinese Academy of Sciences
Postal address:4# South Fourth Street, Zhongguancun,Haidian, Beijing,Encoding:100190
Tel:010-62661041 Email:csa (a) iscas.ac.cn
Technical support:Beijing Qin Yun science and Technology Development Co., Ltd.