摘要： 针对传统方法只能发现单一类型虚拟机的缺陷，提出基于虚拟机监控器时间开销的虚拟机发现方法。特定指令能使监控器运行时产生显著的额外开销，该方法能利用监控器执行不同指令序列产生的相对时间开销对虚拟机进行判别。实验结果表明，该方法能够准确发现目前3类主流虚拟机。

关键词: 网络安全, 虚拟机发现, 虚拟机监控器, 相对时间开销

Abstract: Aming at the shortcomings that conventional detection methods can only be practicable for a special Virtual Machine(VM), this paper presents, a VM detection method based on time-overhead of Virtual Machine Monitor(VMM). Executions of some special instructions produce remarkable additional Virtual Machine Monitor-overhead. It produces different time-overheads while VMM executes different instruction sequences. By making use of the relative time-overhead, the method implements VM detection. Experimental results show that OVD can detect three kinds of popular VMs accurately.

Key words: network security, Virtual Machine(VM) detection, Virtual Machine Monitor(VMM), relative time-overhead

中图分类号: 

• TP393.03