虚拟环境下病毒查杀问题研究

doi:10.3969/j.issn.1000-3428.2016.11.030

摘要/Abstract

摘要： 传统的安全服务大多将病毒查杀实体置于用户的操作内部,会产生大量资源开销和浪费,且病毒查杀的程序本身就处于不安全的环境,容易遭到恶意程序的破坏,很难保证安全服务的完整性。为此,提出一种无代理的病毒查杀机制,将服务实体置于被保护的操作系统外部,不在被保护系统中安装任何插件和代理程序。基于虚拟化平台,利用虚拟化技术实现在线和离线的病毒查杀,且无需向系统中植入任何插件,以保证服务的完整性。实验结果表明,该离线杀毒安全服务具有较好的用户透明性,可以有效检测系统当前进程是否为恶意代码,并且成功终止恶意程序。

关键词: 云计算安全, 虚拟化技术, 病毒检测, 病毒查杀, 进程定位

Abstract: The traditional security services mostly put virus killing entities inside the users’ operating systems,which causes huge resource expenditure and waste,and the security software itself is in the unsafe environment,thus being easily destroyed by malicious programs,so it is difficult to ensure the integrity of the security service.Therefore,this paper proposes a new virus killing mechanism with no proxy.The service entity is placed outside the protected operating system,and no plug-in or proxy program is installed in the protected system.Based on virtualization platform,online and offline virus killing are realized by using virtualization technology,and no plug-ins are required to be inserted into the system,which ensures the integrity of the service.Experimental results show that,the proposed offline virus killing security service has better user transparency,can effectively detect whether the current process of the system is malicious code or not,and successfully terminates malicious programs.

Key words: cloud computing security, virtualization technology, virus detection, virus killing, process orientation

中图分类号:

TP393.08

冯文林. 虚拟环境下病毒查杀问题研究[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2016.11.030.

FENG Wenlin. Research on Virus Killing Problem Under Virtual Environment[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2016.11.030.

参考文献

参考文献［1］Rosenblum M,Garfinkel T.Virtual Machine Monitors:Current Technology and Future［J］.IEEE Computer,2005,38(5):39-47. ［2］Amazon.Amazon Elastic Compute Cloud(Amazon EC2)［EB/OL］.(2009-08-15).http://aws.amazon.com/ec2. ［3］Dinaburg A,Royal P,Sharif M,et al.Ether:Malware Analysis via Hardware Virtualization Extensions［C］//Proceedings of the 15th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2008:51-62. ［4］Tian Ming,Zhang Yongsheng.Analysis of Cloud Computing and Its Security［C］//Proceedings of International Symposium on Information Technology in Medicine and Education.Washington D.C.,USA:IEEE Press,2012:99-102. ［5］King S T,Chen P M.SubVirt:Implementing Malware with Virtual Machines［C］//Proceedings of IEEE Sym-posium on Security and Privacy.Washington D.C.,USA:IEEE Press,2006:314-327. ［6］Goldberg R P.Survey of Virtual Machine Research［J］.Computer,1974,7(6):34-45. ［7］Holsopple J,Yang S,Argauer B.Virtual Terrain:A Security-based Representation of a Computer Network［C］//Pro-ceedings of Defense and Security Symposium on Inter-national Society for Optical Engineering.Berlin,Germany:Springer,2008. ［8］Kalagiakos P,Bora M.Cloud Security Tactics:Virtuali-zation and the VMM［C］//Proceedings of the 6th International Conference on Application of Information & Communication Technologies.Washington D.C.,USA:IEEE Press,2012. ［9］金戈,薛质,齐开悦.主引导记录型Rootkit建模及其静态检测方法［J］.计算机工程,2015,41(7):184-189. ［10］Chen Lin,Liu Bo,Hu Huaping,et al.A Layered Malware Detection Model Using VMM［C］//Proceedings of the 11th International Conference on Trust,Security and Pri-vacy in Computing and Communications.Washington D.C.,USA:IEEE Press,2012. ［11］高勇,范明钰.基于虚拟机技术的进程分析方法［J］.计算机应用,2010,35(5):1327-1330. ［12］温研,赵金晶,王怀民.基于本地虚拟化技术的隐藏进程检测［J］.计算机应用,2008,28(7):1769-1771. ［13］Li Bo,Li Jianxin,Wo Tianyu,et al.A VMM-based System Call Interposition Framework for Program Monitoring［C］//Proceedings of the 16th IEEE International Conference on Parallel and Distributed Systems.Washington D.C.,USA:IEEE Press,2010. ［14］V Probes Programming Reference［EB/OL］.(2013-07-10).http://wenku.it168.com/d_001133146.shtml. ［15］乔然,胡俊,荣星.云计算客户虚拟机间的安全机制研究与实现［J］.计算机工程,2014,40(12):26-32. 编辑顾逸斐

[1]	谭宏楠,石京燕,邹佳恒,杜然,姜晓巍,孙震宇. 应用于JUNO实验的容器技术研究[J]. 计算机工程, 2019, 45(4): 1-5.
[2]	吴恋,马敏耀,黄一峰,赵勇. 基于AdaBoost算法的Linux病毒检测研究[J]. 计算机工程, 2018, 44(8): 161-166,173.
[3]	朱俊,陈琳琳,朱娴,谢玲,韦伟. 面向云计算安全的无证书代理重加密方案[J]. 计算机工程, 2017, 43(8): 8-14.
[4]	崔竞松,田昌友,郭迟,尹雪. CloudStack恶意隐藏进程监测框架设计[J]. 计算机工程, 2016, 42(2): 7-14.
[5]	李坤丽，张大方，关洪涛，谢高岗. 虚拟路由器管控平面的设计与实现[J]. 计算机工程, 2014, 40(5): 94-98,102.
[6]	武杰，阚文枭，杜然，李莎，伍文静，Andrei Tsaregorodtsev,陈刚. 面向应用的虚拟桌面网格架构[J]. 计算机工程, 2014, 40(3): 88-92.
[7]	陈志伟, 杜敏, 杨亚涛, 李子臣. 基于RSA和Paillier的同态云计算方案[J]. 计算机工程, 2013, 39(7): 35-39.
[8]	徐鹏, 刘超, 斯雪明. 基于整数多项式环的全同态加密算法[J]. 计算机工程, 2012, 38(24): 1-4.
[9]	左黎明, 汤鹏志, 刘二根, 徐保根. 基于行为特征的恶意代码检测方法[J]. 计算机工程, 2012, 38(2): 129-131.
[10]	公伟, 刘培玉, 迟学芝, 贾娴. 云取证模型的构建与分析[J]. 计算机工程, 2012, 38(11): 14-16.
[11]	侯建宁, 董贵山, 银, 申娅. 基于虚拟化的系统安全增强及显卡透传研究[J]. 计算机工程, 2012, 38(08): 224-227.
[12]	庄蔚蔚;叶艳芳;姜青山;韩智雪. 增量式关联分类方法在病毒检测中的应用[J]. 计算机工程, 2009, 35(4): 159-161.
[13]	董耀祖;;周正伟. 基于X86架构的系统虚拟机技术与应用[J]. 计算机工程, 2006, 32(13): 71-73.