By Topic

A Layered Malware Detection Model Using VMM

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Lin Chen ; Comput. Sch., Nat. Univ. of Defense Technol., Changsha, China ; Bo Liu ; Huaping Hu ; Qianbing Zheng

Virtual machine monitor (VMM)-based anti-malware systems have recently become a popular research topic in finding ways of overcoming the fundamental limitations of traditional host-based anti-malware systems, which are likely to be deceived and attacked by malicious codes. This paper analyzes existing VMM-based models of malware detection. "Out-of-the-box" detection, active defense model, or In-VM models have the same defects: (1) on top of the VMM, two virtual machines are used, one by the user (Guest OS) and the other as monitor (Host OS), and (2) users cannot directly view the detection results nor configure detection system in the Guest OS. A layered detection model is proposed to overcome these issues, the bottom layer is responsible for security for the layers above it. Detection results can be directly displayed in the Guest OS, and users can view and configure the detection system. Furthermore, the detection model can isolate malware attacks to the detection system in the Guest OS. Experiment results show the validity of the proposed detection model.

Published in:

2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

Date of Conference:

25-27 June 2012