Narrowing the semantic gap in virtual machine introspection
Virtual machine introspection(VMI)has been widely used in areas such as intrusion detection and malware analysis.However,due to the existence of semantic gap,the generality and the efficiency of VMI were partly influenced while getting internal information of a virtual machine.By analyzing the defic...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2015-08-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015103/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539673360433152 |
|---|---|
| author | Chao-yuan CUI Yun WU Ping LI Xiao-ming ZHANG |
| author_facet | Chao-yuan CUI Yun WU Ping LI Xiao-ming ZHANG |
| author_sort | Chao-yuan CUI |
| collection | DOAJ |
| description | Virtual machine introspection(VMI)has been widely used in areas such as intrusion detection and malware analysis.However,due to the existence of semantic gap,the generality and the efficiency of VMI were partly influenced while getting internal information of a virtual machine.By analyzing the deficiencies of existing technology of semantic gap restoration,a method called ModSG was proposed to bridge the semantic gap.ModSG was a modularity system,it divided semantic restoration into two parts.One was online phase that interact directly with user to construct semantic views,the other was offline phase that only interact with operating system to parse high-level semantic knowledge.Both were implemented via independent module,and the latter provided the former with necessary kernel information during semantic view construction.Experiments on different virtual machine states and different kernel versions show that the ModSG is accurate and efficient in narrowing semantic gap.The modular design and deployment also make ModSG easily to be extended to other operating systems and virtualization platforms. |
| format | Article |
| id | doaj-art-9af93bb9136a4c0e8a823e01f834a90d |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2015-08-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-9af93bb9136a4c0e8a823e01f834a90d2025-01-14T06:46:52ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2015-08-0136313759694624Narrowing the semantic gap in virtual machine introspectionChao-yuan CUIYun WUPing LIXiao-ming ZHANGVirtual machine introspection(VMI)has been widely used in areas such as intrusion detection and malware analysis.However,due to the existence of semantic gap,the generality and the efficiency of VMI were partly influenced while getting internal information of a virtual machine.By analyzing the deficiencies of existing technology of semantic gap restoration,a method called ModSG was proposed to bridge the semantic gap.ModSG was a modularity system,it divided semantic restoration into two parts.One was online phase that interact directly with user to construct semantic views,the other was offline phase that only interact with operating system to parse high-level semantic knowledge.Both were implemented via independent module,and the latter provided the former with necessary kernel information during semantic view construction.Experiments on different virtual machine states and different kernel versions show that the ModSG is accurate and efficient in narrowing semantic gap.The modular design and deployment also make ModSG easily to be extended to other operating systems and virtualization platforms.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015103/semantic gapvirtual machine introspectionmodularity systemportability |
| spellingShingle | Chao-yuan CUI Yun WU Ping LI Xiao-ming ZHANG Narrowing the semantic gap in virtual machine introspection Tongxin xuebao semantic gap virtual machine introspection modularity system portability |
| title | Narrowing the semantic gap in virtual machine introspection |
| title_full | Narrowing the semantic gap in virtual machine introspection |
| title_fullStr | Narrowing the semantic gap in virtual machine introspection |
| title_full_unstemmed | Narrowing the semantic gap in virtual machine introspection |
| title_short | Narrowing the semantic gap in virtual machine introspection |
| title_sort | narrowing the semantic gap in virtual machine introspection |
| topic | semantic gap virtual machine introspection modularity system portability |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015103/ |
| work_keys_str_mv | AT chaoyuancui narrowingthesemanticgapinvirtualmachineintrospection AT yunwu narrowingthesemanticgapinvirtualmachineintrospection AT pingli narrowingthesemanticgapinvirtualmachineintrospection AT xiaomingzhang narrowingthesemanticgapinvirtualmachineintrospection |