[1]王丹,陈嘉,赵文兵,等.基于虚拟机的程序运行时监控方法[J].哈尔滨工程大学学报,2017,38(12):1969-1976.[doi:10.11990/jheu.201607055]
 WANG Dan,CHEN Jia,ZHAO Wenbing,et al.Virtual machine-based method for runtime monitoring of executing program[J].hebgcdxxb,2017,38(12):1969-1976.[doi:10.11990/jheu.201607055]
点击复制

基于虚拟机的程序运行时监控方法(/HTML)
分享到:

《哈尔滨工程大学学报》[ISSN:1006-6977/CN:61-1281/TN]

卷:
38
期数:
2017年12期
页码:
1969-1976
栏目:
出版日期:
2017-12-25

文章信息/Info

Title:
Virtual machine-based method for runtime monitoring of executing program
作者:
王丹1 陈嘉1 赵文兵1 林九川2
1. 北京工业大学 信息学部, 北京 100124;
2. 公安部第三研究所 信息网络安全公安部重点实验室, 上海 201204
Author(s):
WANG Dan1 CHEN Jia1 ZHAO Wenbing1 LIN Jiuchuan2
1. College of Computer Science, Beijing University of Technology, Beijing 100124, China;
2. Information and Network Safety Department, The Third Research Institute of Ministry of Public Security, Shanghai 201204, China
关键词:
运行时监控动态二进制分析虚拟机事件翻译控制流
分类号:
TP308
DOI:
10.11990/jheu.201607055
文献标志码:
A
摘要:
为实现在系统层面对程序运行时行为的监控,本文设计了基于虚拟机的程序运行时动态监控框架。利用事件驱动机制,借助虚拟机翻译程序的原理,选取特定事件作为被关注事件进行注册,从虚拟环境中提取CPU状态进行分析,从而获得相关程序动态运行信息。以基于控制流的可疑程序分析作为应用实例,描述了具体实现过程。测试结果表明,该框架能够在系统层进行有效的行为监控,方便获取操作系统内核状态和进程的信息,为程序的动态行为分析提供了有利的支持。

参考文献/References:

[1] HONG D Y, WU J J,YEW P C, et al. Efficient and retargetable dynamic binary translation on multicores[J]. IEEE transactions on parallel & distributed system, 2014, 25(3):622-632.
[2] DOSTAL M, EICHLER Z.A hybrid approach to user activity instrumentation in software applications[M]. Berlin:Springer Berlin Heidelberg, 2011:566-570.
[3] FEINER P, BROWN A D, GOEL A. Comprehensive kernel instrumentation via dynamic binary translation[J].ACM sigarch computer architecture news, 2012, 40(1):135-146.
[4] 王乾,舒辉,李洋,等.基于DynamoRIO的恶意代码行为分析[J].计算机工程, 2011, 37(18):139-144.WANG Qian, SHU Hui, LI Yang, et al. Malicious code behavior analysis based on dynamoRIO[J]. Computer engineering, 2011:37(18):139-144.
[5] 唐立斐.基于检测应用程序的研究与实现[D]. 武汉:华东理工大学, 2014:8-10.PEI Lifei. Analysing OSE application based on Valgrind tools[D]. Wuhan:East China University of Science and Technology, 2014:8-10.
[6] FABRICE B.QEMU,a fast and portable dynamic translator[C]//Proceedings of the USENIX 2005 Annual Technical Conference.Anaheim:USENIX Association, 2005:41-46.
[7] CHRISTODORESCU M, JHA S, SESHIA S A, et al. Semantics-aware malware detection[J]. Security and privacy, 2005:32-46.
[8] 付文, 魏博, 赵荣彩,等. 基于模糊推理的程序恶意性分析模型研究[J]. 通信学报, 2010, 31(1):44-50.FU Wen, WEI Bo, ZHAO Rongcai, et al. Fuzzy reasoning model for analysis of program maliciousness[J].Journal on communications, 2010, 31(1):44-50.
[9] 张鹏涛, 王维, 谭营. 基于带有惩罚因子的阴性选择算法的恶意程序检测模型[J]. 中国科学:信息科学, 2011, 41(7):798-812.ZHANG Pengtao,WANG Wei,TAN Ying. A malware detection model based on a negtive selection algorithm with penalty factor[J].China science:information science, 2011, 41(7):798-812.
[10] MARTIN A, MIHAI B, ULFAR E, et al. Control-flow integrity principles, implementations, and applications[J]. ACM transactions on information and system security, 2009, 13(1):1-40.
[11] MIGUEL C, MANUEL C. Securing software by enforcing data-flow integrity[C]//Proceedings of USENIX Symposium on Operating Systems Design and Implementation. Berkeley, USA, 2006:147-160.

备注/Memo

备注/Memo:
收稿日期:2016-07-21。
基金项目:北京市自然科学基金项目(4173072);信息网络安全公安部重点实验室开放课题.
作者简介:王丹(1969-),女,教授,博士导师;林九川(1980-),男,副研究员,博士.
通讯作者:林九川,E-mail:linjiuchuan@stars.org.cn.
更新日期/Last Update: 2018-01-13