The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.
School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Shenzhen 518055, China
Key Laboratory of Trustworthy Distributed Computing and Service, Beijing University of Posts and Telecommunications, Beijing 100876, China
Department of Information and Electronic Engineering, Chinese Academy of Engineering, Beijing 100088, China
National Key Research and Development Program of ChinaKey Research and Development Program of Guangdong ProvinceNational Natural Science Foundation of China
NETL
NSTL
万方数据
维普
