| 注册
首页|期刊导航|计算机应用与软件|基于虚拟机的运行时入侵检测技术研究

基于虚拟机的运行时入侵检测技术研究

魏辉 吴庆波 谭郁松

计算机应用与软件2011,Vol.28Issue(9):52-55,59,5.
计算机应用与软件2011,Vol.28Issue(9):52-55,59,5.

基于虚拟机的运行时入侵检测技术研究

STUDY ON INTRUSION DETECTION TECHNOLOGY AT RUNNING BASED ON VIRTUAL MACHINE

魏辉 1吴庆波 1谭郁松1

作者信息

  • 1. 国防科学技术大学计算机学院 湖南长沙410073
  • 折叠

摘要

Abstract

There are two kinds of intrusion detection methods: misuse-based detection and anomaly-based detection. Misuse-based detection can detect known attacks based on the attack rule library, but is failing in detecting the attacks without pre-knowledge. Anomaly-based detection can forecast latent attacks which deviate normal value of threshold intervals, but has higher false alarm rate. In this paper we carry out the out-of-band surveillance against running behaviour of virtual machine operating system on the monitor of virtual machine, in this way the puzzle of the surveillance module inside the operating system being infected by the virus is avoided. By monitoring the behaviour of virtual machine at running and making validity analysis on its combined sequence, the ability of misuse-based detection in preventing long-time attacks is expanded, malicious attacks inflicted through legitimated system calls are differentiated. Testing data show that this method can preferably detect complex compositional attacks.

关键词

入侵检测/虚拟机监视器/系统调用监控

Key words

Intrusion detection Virtual machine monitor System call monitoring

分类

信息技术与安全科学

引用本文复制引用

魏辉,吴庆波,谭郁松..基于虚拟机的运行时入侵检测技术研究[J].计算机应用与软件,2011,28(9):52-55,59,5.

基金项目

国家高技术研究发展计划项目(2009AA01Z101) (2009AA01Z101)

NSFC重点项目(90718040) (90718040)

计算机应用与软件

OA北大核心CSCDCSTPCD

1000-386X

访问量5
|
下载量0
段落导航相关论文