Vmscan: An out-of-vm malware scanner

Lin Jie; Liu Chuanyi; Fang Binxing

doi:10.19682/j.cnki.1005-8885.2020.0037

Vmscan: An out-of-vm malware scanner

Lin Jie
, Liu Chuanyi^*
, Fang Binxing

^*Corresponding author for this work

School of Computer Science and Technology, Harbin Institute of Technology
Beijing University of Posts and Telecommunications
China Academy of Engineering Physics

Research output: Contribution to journal › Article › peer-review

Abstract

The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

Original language	English
Pages (from-to)	59-68
Number of pages	10
Journal	Journal of China Universities of Posts and Telecommunications
Volume	27
Issue number	4
DOIs	https://doi.org/10.19682/j.cnki.1005-8885.2020.0037
State	Published - Aug 2020
Externally published	Yes

Keywords

Cloud
Detection
Malware
Scanning
Security
Signature
Virtualization
Virus

Access to Document

10.19682/j.cnki.1005-8885.2020.0037

Cite this

@article{ef40948321c143d0970668398743ac9f,

title = "Vmscan: An out-of-vm malware scanner",

abstract = "The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.",

keywords = "Cloud, Detection, Malware, Scanning, Security, Signature, Virtualization, Virus",

author = "Lin Jie and Liu Chuanyi and Fang Binxing",

year = "2020",

month = aug,

doi = "10.19682/j.cnki.1005-8885.2020.0037",

language = "英语",

volume = "27",

pages = "59--68",

journal = "Journal of China Universities of Posts and Telecommunications",

issn = "1005-8885",

publisher = "Beijing University of Posts and Telecommunications",

number = "4",

}

TY - JOUR

T1 - Vmscan

T2 - An out-of-vm malware scanner

AU - Jie, Lin

AU - Chuanyi, Liu

AU - Binxing, Fang

PY - 2020/8

Y1 - 2020/8

N2 - The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

AB - The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.

KW - Cloud

KW - Detection

KW - Malware

KW - Scanning

KW - Security

KW - Signature

KW - Virtualization

KW - Virus

UR - https://www.scopus.com/pages/publications/85099419591

U2 - 10.19682/j.cnki.1005-8885.2020.0037

DO - 10.19682/j.cnki.1005-8885.2020.0037

M3 - 文章

AN - SCOPUS:85099419591

SN - 1005-8885

VL - 27

SP - 59

EP - 68

JO - Journal of China Universities of Posts and Telecommunications

JF - Journal of China Universities of Posts and Telecommunications

IS - 4

ER -

Vmscan: An out-of-vm malware scanner

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this