Malicious Code Detection And Auditing Based On Hardware Virtualization Technology

There are many new challenges in information security while the rapid development of information technology. The focus of the malicious code detection lie on detection it and how to detect the running malicious code. The traditional detection method is not enough with the complex mechanism of model malicious code. Firstly, the detection is invalid to some new malicious code. Secondly, the detector can not get higher privilege while facing serious attacks. Thirdly, it is hard to improve the transparency of detector so that the detector is vulnerable to interference from malicious code. Therefore, this thesisis aimed at achieving a comprehensive, transparent detection and auditing, research the Rootkit technology, the boot process of Intel X86 platform and the malicious code detection technology.Around the personal computer information security, analyzed the problems of existing technologies.The thesis introduces the virtual technology, focused on the concept of hardware virtualization technology, and related technical features.Based on those mentioned above, this thesis proposes the transparent hardware-based virtualization detection and security audit technique, constructions a host malicious code detection and security audit system.The system can detect the operating system kernel address, the kernel code, system calls, interrupt descriptor base address and a range of memory protection, and audit file operations, process start, uninstall the software installation, network packets.The detection and auditing system is strong links between the various modules, functions complement each other. Largely make up the traditional host protection mechanisms in the face of the shortage of modern malicious code, achieved transparency and outside of the user access components.We have discussed these key technologies and mechanisms to achieve applications by the experiment, test the host detection and auditing system to validity of detect new malicious code, and reliability of host security auditing. Finally, this article pointed out the direction for further researching of the host detection and auditing system based hardware virtualization technology.