| With the rapid development of information technology, computer technology is widely used in many sectors, with which the production efficiency is highly improved and the manpower cost reduced. But it also produces a lot of problems of information security. Among these problems, the detection of malware and virus becomes more and more important. There are two main methods of the detection:static detection and dynamic detection. The former one is usually used with a signature database which contains the signatures of known malware and virus. By comparing the application to the signature database, we can determine whether the application is a malware. Obviously, this method can only detect the malware already known. With the dynamic method, we put the application in a virtual environment-sandbox, and run it. we can judge the characteristic of the application by inspecting the behavior of the process. Comparing to the static detection, the dynamic one is more accurate and general which can detect the unknown malware. However, it is slower than static method.Computer virtualization, a new technique for development of computer in modern world, provides the newer, more efficient and more reliable mechanism for sandbox. In this thesis, we utilize concepts and principle of virtualization. Integrated with the detection of malware, we designed a sandbox model based on xen para-virtualiztion which provides a effective proposal of the malware detection.Based on xen para-virtualization, the essay proposed a sandbox model which can perform automatic detection on malware in Linux. The testing results indicate that the model is more efficient compared with other sandbox product, which proves the practicability of the model. |
PDF Full Text Request