信息与电子工程2012,Vol.10Issue(6):775-778,782,5.
基于CPU缓存操作模式差异的虚拟机检测方法
Virtual machine detection method based on discrepancies of CPU cache mode
杨鹏 1方勇 1刘亮 1浦伟 2左政1
作者信息
- 1. 四川大学信息安全研究所,四川成都610065
- 2. 四川省信息安全测评中心,四川成都610017
- 折叠
摘要
Abstract
Visualization technology has been widely used for malware analysis system, and as a kind of anti-analysis technology, the detecting technology of virtual machine is meaningful to both the authors of malware and the researchers of security. In order to describe and explore virtual machine detection method, this paper gives the basic principles and several existing methods for detection. Taking into account the versatility, a method based on discrepancies of CPU cache mode is proposed. The experiment results show that disabling CPU caching has significant influence on instruction execution efficiency in real machine environment, but not in virtual environment; and it is feasible to detect virtual machine via the distinction of different CPU cache modes.关键词
虚拟机检测/虚拟化/CPU缓存/恶意软件分析Key words
virtual machine detection/ virtualization/ CPU cache/ malware analysis分类
信息技术与安全科学引用本文复制引用
杨鹏,方勇,刘亮,浦伟,左政..基于CPU缓存操作模式差异的虚拟机检测方法[J].信息与电子工程,2012,10(6):775-778,782,5.
