Virtual Machine Security Monitoring Technology Based On VMI

Virtual machine introspection technology (VMI) uses the virtualization technology to set Virtual Machine Monitor (VMM) between the system and virtual machines, in particular, the management domain can watch the other virtual domains. Because the VMM has a higher authority, so there can be a better application security research work.VMI technology to control the virtual platform is one aspect of virtualization technology to achieve. VMI is currently used in IDS intrusion detection, malware detection more and more.In this paper, we propose a research direction-Virtual Machine Safety Monitoring Technology Based on VMI. The VMI technology to monitor virtual machine to obtain system status information and data can be used as a software behavior analysis data sources, software behavior analysis research combined with the VMI technology, can make full use of the advantages of virtualization platform high isolation, full use of the limited resources. It confirmed that the VMI-based data collated by Virtual Machine Security Monitoring Technical is feasibility and effectiveness. This work mainly did the works that following aspects:1. the VMI technology were analyzed, and the paper discussed the principle and implementation of VMI technology, detailed description of the research progress VMI in different areas to explore ways and means of VMI technology in software behavior analysis research.2. issues of a detailed configuration of the system environment, is using the libraries and interfaces of XenAccess introspection and libvmi,and data obtained by running a virtual machine monitor, placed by environmental variables measured before and after the extraction behavior of the software. 3.contents of the virtual machine security monitoring and security surveillance VMI are detailed studies, we also did the current pros and cons of security monitoring technology, focusing depict different directions based VMI virtual machine security monitoring, focusing on malware has done.4. The use of a particular aspect of the experimental data analysis of the virtual machine security monitoring experiment, the results support the theory VMI-based virtual machine security monitoring technology.5. AHP (Analytic Hierarchy Process) was used and verified the validity of the conclusions.