Skip to Main Content
Virus detection technology is an important approach to protect host and network security. However, once the operating system (OS) is infected, anti-virus (AV) software and any other software running in it will be equally vulnerable. To address this problem, VMSecurexec, which we proposed, is designed to move on-access virus detection engine out of the target OS to another virtual machine (VM). The system firstly monitors every system call event of loading codes from an executable or shared library into memory. Then it intercepts these system call events and retrieves their parameters and return values via Second Trap mechanism. Finally, utilizing the virtual machine introspection (VMI) technique, it examines whether the binary content is malicious or not transparently. The experiments show the efficiency of out-of-VM virus detection and the moderate overhead it introduces.