Abstract: Aiming at the problems existed in Operating System(OS) process monitoring, a new full-virtualization-based process monitoring method is proposed. It uses full virtualization technology to detect and isolate all the harmful behaviors of untrusted processes in OS. Experimental results show this method has better performances of pellucidity and portability, which can prevent against multiple attacks and incur only a small amount of performance overhead.

Key words: process monitoring, intrusion detection, virtualization

摘要： 针对通用操作系统进程监控中存在的问题，提出一种基于完全虚拟化的进程监控方法，该方法利用完全虚拟化技术，在虚拟机监控器中对可疑进程产生的所有特权操作进行检测，并加以隔离。实验结果表明，该方法具有良好的透明性和可移植性，可以抵御多种攻击，且产生的性能损失较小。

关键词: 进程监控, 入侵检测, 虚拟化

CLC Number: 

• TP311.52