Title :
An advanced method of process reconstruction based on VMM
Author :
Chen, Lin ; Liu, Bo ; Zhang, Jing ; Hu, Huaping
Author_Institution :
Comput. Sch., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
Recently, VMM-based anti-malware systems have become a hot research topic in finding ways of overcoming the fundamental limitations of traditional host-based anti-malware systems, which are likely to be deceived and attacked by malicious codes. Guest system semantic views (e.g., files, processes) must be reconstructed to overcome the semantic gap challenge. As a result of frequent switching between processes, process reconstruction based on CR3 register causes many VM EXIT events and some performance losses. In the current study, an advanced method to reconstruct processes is presented. Utilizing the features of hardware virtualization technology, this method reduces VM EXIT events caused by process switching; thus, the efficiency of process reconstruction is improved. Experiments show that the method can reduce nearly 85% of VM EXIT events caused by process switching.
Keywords :
invasive software; virtual machines; CR3 register; VM EXIT events; VMM-based anti-malware systems; guest system semantic views; host-based anti-malware systems; malicious codes; process reconstruction; semantic gap challenge; Electronic mail; Hardware; Software; Switches; hardware virtualization; hidden process; malware detection; network security; process reconstruction;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
DOI :
10.1109/ICCSNT.2011.6182127
