摘要
The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.
基金
supported by the National Key Research and Development Program of China ( 2018YFB1004005 )
the Key Research and Development Program of Guangdong Province ( 2019B010136001 )
the National Natural Science Foundation of China ( 61872110)。
