Research On Security Perception Technology Of Virtualization-based Environment

Nowadays,computer system has been widely used in all walks of life,which has brought the great convenience to human social life.But the attacker's invasion way also evolves toward to complexity and intelligentization,continuously widening the attack surfaces,increasingly enriching the attack methods and penetrating into deeper layer.It has brought the unprecedented risks to sensitive data protection and normal operation of information system.Virtualizaiton abstracts and simulates the traditional hardware resources and it has many advantages such as resource isolation,cross-domain sharing,flexible deployment,and dynamic control.Utilizing these properties,we can deploy the traditional security module in the execution space separated from the target system,and implement the complete and continuous monitoring,which provides a new idea for the design and implementation of protection mechanism based on monitoring and analyzing.It's an important part in field of current system security research to combining with virtualization technology to improve the capability and reliability of information system.With the unique properties,virtualization has been generally used in each kind of security research.However,the introduction of virtualization has led to two obvious problems: First,due to the introduction of VMM(virtual machine monitor),the overall architecture of the system will become more complex,while the whole environment will face more extensive security threats;Second,taking advantage of isolation,the security design will lead the security module to only collect the original data of poor understandability.Under such a condition,it's relatively difficult to infer the realtime state of the target environment and this severely restricts the system protection effect.In order to improve the above issues,this thesis mainly studied protection mechanism using security perception to improve the reliability of the entire environment,and also studied the way to bridge the semantic gap to enhance recognition efficiency of the abnormal behavior and improve the effect of awareness protection.The main contents are as follows:(1)Focusing on solving the problem that the reliability of security modules in current virtualization framework is relatively low,this thesis analyzes the complex risks that virtualization environment faces at present stage and the various way of invasion implemented by attackers,and then summarizes the reason why the overall system is weak against the attack.Based on the sufficient study of current research,this thesis designs the protection model using security perception in virtualization environment,which not only could enhance the interaction between VMM and upper VM(virtual machine),but also ensure the integrity of VMM.In the proposed model,a security path for information transmission is constructed by leveraging the method of covert channel,which could be used to effectively block up the abnormal behavior while not being detected by suspicious program.In addition,the perceptual protection of VMM memory space is deployed based on parallel monitoring mode to ensure its own safety and reliability.(2)Focusing on solving the problem of difficulty in semantic understanding that commonly exists in virtualization environment,the thesis first chooses the underlying information of hardware level as the original data.It can make the information collection source more reliable,for the hardware level information is not easy to be manipulated by malicious program.Ensuring the security of the analysis source,the method of data mining is integrated into the system security design,and then the thesis establishes the mechanism of bridging the semantic gap.We could reduce the attribute dimension of original data by screening out the important features,and classify the screening results to judge the state of target environment and make response in time.The mechanism could enhance the ability of the entire system to bridge the semantic gap and improve the protection effect of security perception.(3)Focusing on solving the problem that the data information collected directly by the system is not suitable for data mining analysis,the thesis designs the preprocessing mechanism.The original data flow is characterized by feature construction and then segmented by window,thus it could be converted into the vector form for analyzing by data mining.Combining the system security properties with the corresponding relationship between the advanced and lowlevel behavior description,the thesis proposes two mechanisms of sample identification,so as to meet the requirements of processing by machine learning.The virtualization layer can not only use the security interactive channel to transmit information for sample identification,but also can deduce the window state and implement the identification by the change of relevant information collected in hardware level.(4)Focusing on solving the problem of key feature selection related to security analysis,the thesis designs three selection strategies to deal with the data generated by virtual environment in different scenarios,including two evaluation mechanisms based on the sample mean margin,which can be used to deal with the balanced data and imbalanced data of class.They could assign the weight for each feature of vectors.The thesis also designs a non-parametric evaluation mechanism based on LOF density estimation.It can be used to deal with the continuous and imbalanced data from the angle of outlier identification,and can calculate and assign the weight for each feature attribute.Furthermore,the corresponding three methods of feature selection are designed.Leveraging the sequential backward selection strategy to filter the evaluation results,we could extract the key features highly related to the state and activity of the target.Compared with the existing algorithms of the same type,the proposed methods have better overall performance which can significantly reduce the feature dimension,improve the efficiency of bridging the semantic gap,and endow the virtualization system with diverse ability of data processing.To build the efficient system of security perception protection in virtualization environment,it needs not only to protect the security of target VM,but also ensure the security of security function components.This thesis integrates the data mining method into design of analyzing the VM data.On the basis of screening out the vectorized features and verifying the perception model,we could know that it is an effective method to enhance the anti-attacking ability of entire virtualization environment by improving the interaction between targets VM and underlying VMM,and deploying the monitoring for VMM outside it.Also collecting the hardware level information for security analysis and extracting the execution mode of target can significantly improve the effect of security perception protection in virtualization environment.