Lightweight Non-intrusive Virtual Machine Introspection
| Autor: | Ivan Vasiliev, Natalia Fursova, Vladimir Makarov, Pavel Dovgalyuk |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Reverse engineering
Profiling (computer programming) business.industry Computer science 020206 networking & telecommunications 02 engineering and technology Intrusion detection system Reuse computer.software_genre Software development process Virtual machine Embedded system 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Plug-in Malware analysis business computer |
| Zdroj: | Lecture Notes in Computer Science ISBN: 9783319743127 Ershov Informatics Conference |
| DOI: | 10.1007/978-3-319-74313-4_11 |
| Popis: | Dynamic analysis is an important technology for different phases of the software life cycle. Dynamic analysis is used for profiling, malware analysis, intrusion detection, protocol reverse engineering, software testing, and many other activities. This paper presents a lightweight approach for monitoring of systems using virtual machines. Our approach is based on non-intrusive virtual machine introspection, which provides system-wide analysis capabilities. We reuse ABI of the platform to be analyzed for creating introspection tools. We show how to recover the part of kernel-level information related to the system calls executed on the guest machine. The paper describes how to use this approach to create plugin-based analysis framework for simulator QEMU and evaluates performance overhead for these plugins. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|