摘要： 针对当前恶意程序种类繁多、分析工作量大的问题，利用VMware vSphere虚拟化技术，设计并实现云环境下的恶意程序自动检测平台。该平台通过轮询机制获得服务器虚拟机资源的负载情况，将收集的可疑样本分类预处理，调用相应的服务器资源进行检测，可为用户终端节点提供多样化的虚拟环境，实现恶意程序文件、注册表、进程以及网络4类主机行为的自动分析，并自动生成分析报告。在真实样本上的实验结果表明，与金山火眼、Threat Expert平台相比，该平台能够更准确地反映恶意程序的特点及危害性。

关键词: VMware vSphere技术, 恶意代码, 自动分析, 行为特征, 虚拟机, 检测

Abstract: Aiming at the problem of wide range of malware and large analysis workload, in this paper, with the use of VMware vSphere virtualization technology, an automatic malware detection system upon the cloud platform is designed and implemented. This platform adopts polling mechanism to monitor the load of virtual machines in servers, conducts preprocessing of collected suspicious samples according to their type and tests the samples using correspond server resources. It can offer users a variety of virtual environment, automatic analysis malware’s four host behavior of files, registry, processes and network, provides online analysis report, and effectively responses to the problem of wide range of malicious programs, eliminates the analyzing workload, improves the efficiency of analysis. Experimental result on real samples shows that this platform can provide more precise character and threat information of analyzed samples compared with Jinshan Fireeye and Threat Expert platform.

Key words: VMware vSphere technology, malicious code, automatic analysis, behavioral characteristics, virtual machine, detection

中图分类号: 

• TP317