Title :
A Layered Malware Detection Model Using VMM
Author :
Chen, Lin ; Liu, Bo ; Hu, Huaping ; Zheng, Qianbing
Author_Institution :
Comput. Sch., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
Virtual machine monitor (VMM)-based anti-malware systems have recently become a popular research topic in finding ways of overcoming the fundamental limitations of traditional host-based anti-malware systems, which are likely to be deceived and attacked by malicious codes. This paper analyzes existing VMM-based models of malware detection. "Out-of-the-box" detection, active defense model, or In-VM models have the same defects: (1) on top of the VMM, two virtual machines are used, one by the user (Guest OS) and the other as monitor (Host OS), and (2) users cannot directly view the detection results nor configure detection system in the Guest OS. A layered detection model is proposed to overcome these issues, the bottom layer is responsible for security for the layers above it. Detection results can be directly displayed in the Guest OS, and users can view and configure the detection system. Furthermore, the detection model can isolate malware attacks to the detection system in the Guest OS. Experiment results show the validity of the proposed detection model.
Keywords :
invasive software; operating systems (computers); system monitoring; virtual machines; Guest OS; Host OS; In-VM model; VMM; active defense model; layered malware detection model; malicious codes; malware attack isolation; out-of-the-box detection; virtual machine monitor-based antimalware systems; Graphics; Hardware; Malware; Mice; Monitoring; User interfaces; In-VM model; layered model; malware detection; network security; virtual machine;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.35
