Abstract:
In order to protect the computer from the destruction of the unknown malicious software, this paper carries out the idea of using virtual executing in a simulated system environment to protect computer resources. A lightweight virtual machine is introduced with HOOK to protect critical resources, and a series of API interfaces are provided to make this lightweight virtual machine an open platform available for secondary development. The method successfully identifies new Trojan without feature code.
Key words:
virtual machine,
resource protection,
computer security
摘要:
为了保护计算机不受未知恶意软件的破坏,采用模拟系统环境虚拟执行保护计算机关键资源,通过HOOK技术引入轻量级资源虚拟机,实现对计算机关键资源的保护。提供多种行为分析API,使之成为一个可供二次开发的分析平台,成功地解决了无特征码情况下新型木马的识别问题。
关键词:
虚拟,
资源保护,
计算机安全
CLC Number:
SHEN Wen-Di, LUO Ke-Lou. Research of System Resource Protection Layer on Lightweight Virtual Machine[J]. Computer Engineering, 2010, 36(14): 127-128.
申文迪, 罗克露. 轻量级虚拟机系统资源保护层研究[J]. 计算机工程, 2010, 36(14): 127-128.