VMScan: an out-of-VM malware scanner

作     者：Lin Jie Liu Chuanyi Fang Binxing Lin Jie;Liu Chuanyi;Fang Binxing

作者机构：School of Computer Science and TechnologyHarbin Institute of TechnologyShenzhenShenzhen 518055China Key Laboratory of Trustworthy Distributed Computing and ServiceBeijing University of Posts and TelecommunicationsBeijing 100876China Department of Information and Electronic EngineeringChinese Academy of EngineeringBeijing 100088China 

出 版 物：《The Journal of China Universities of Posts and Telecommunications》 (中国邮电高校学报（英文版）)

年 卷 期：2020年第27卷第4期

页      面：59-68页

核心收录：

学科分类：08[工学] 0835[工学-软件工程] 081201[工学-计算机系统结构] 081202[工学-计算机软件与理论] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Key Research and Development Program of China ( 2018YFB1004005 ) the Key Research and Development Program of Guangdong Province ( 2019B010136001 ) the National Natural Science Foundation of China ( 61872110) 

主　　题：security virtualization cloud malware virus detection signature scanning 

摘      要：The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.