Survey: Virtual Machine Introspection Based System Monitoring and Malware Detection Techniques
نویسنده
چکیده
In recent years, modern malware are growing powerful. It is very common to see them subvert their victim machine’s security tools upon installation. Traditionally, one can solve this problem by moving critical security services into network so that they are isolated from monitored host and attackers. However, this will result in a poor review of what’s happening inside the host. To address this problem, a technique called virtual machine introspection (VMI) is proposed. By placing security services into virtual machines (VMs), it inspects the host from outside for the purpose of analyzing the software running inside it. This technique leverages virtual machine monitor (VMM) technology such that the hardware state of the host can be directly inspected. Because of the abstraction and isolation provided by virtualization, VMI has received significant discussion in research literature. This paper introduces four popular VMIbased techniques in the field and gives a comparative study on these techniques.
منابع مشابه
Design and Implementation of a Virtual Machine Introspection based Intrusion Detection System
I assure the single handed composition of this diploma thesis only supported by declared resources. Ich versichere, dass ich diese Diplomarbeit selbständig verfasst und nur die angegebe-nen Quellen und Hilfsmittel verwendet habe. Datum, Unterschrift 2 Intrusion Detection is a widespread topic in current security research. Common intrusion detection systems (IDSs) today are either host-based or ...
متن کاملLO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been shown to expose numerous artifacts, which can either be detected and subverted, or potentially interfere with the analysis altogether, making their results untrustworthy. The need for less-intrusive methods of analysis has led many researchers to utilize introspection in p...
متن کاملAnalysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment
Malware detection and analysis is a major part of computer security. There is an arm race between security experts and malware developers to develop various techniques to secure computer systems and to nd ways to circumvent these security methods. In recent years process heap-based attacks have increased signi cantly. These attacks exploit the system under attack via the heap, typically by usin...
متن کاملCMPS223 Final Project Virtual Machine Introspection Techniques
This work is a survey of Virtual Machine (VM) introspection, a necessary tool when utilizing VMs for security purposes. In the the rest of this section, we discuss traditional techniques for dealing with malware and the appeals of using a VM in a security context. In Section 2, we outline the main problem for using VMs for security called the semantic gap. In Section 3, we analyze 3 related app...
متن کاملIntroLib: Efficient and transparent library call introspection for malware forensics
Dynamic malware analysis aims at revealing malware’s runtime behavior. To evade analysis, advanced malware is able to detect the underlying analysis tool (e.g., one based on emulation.) On the other hand, existing malware-transparent analysis tools incur significant performance overhead, making them unsuitable for live malware monitoring and forensics. In this paper, we present IntroLib, a prac...
متن کامل