Research On Malware Detection System Based On Virtualization Technology

Cloud computing provides inexpensive,scalable computing services over the network.As more and more applications migrate to the cloud,the number and variety of malware attacks against virtualized environments are increasing,becoming a key factor limiting the widespread deployment and application of cloud platforms.Traditional in-VM-based protection software is not effective against malware attacks,as these protection software itself becomes the target of malware attacks and is vulnerable to interference and damage.This paper first analyzes the virtualization technology and malware detection methods.A dynamic multi-feature malware detection method based on virtualization technology is proposed.The method first uses virtual machine introspection(VMI)technology combined with memory forensics analysis(MFA)technology.The out-of-vm method is used to transparently extract multiple types of features in the guest virtual machine,thereby reducing the number of sampling times,thereby effectively reducing the intervention of the running guest virtual machine.Then,the classifier is designed by using the ensemble learning method Ada Boost and the combination strategy Voting,which effectively improves the detection accuracy and generalization ability of the overall classifier.Finally,based on the Xen-based virtualization platform,a virtualized malware detection prototype system based on virtualization technology is designed.Using the collected a large amount of real malware and normal software as experimental examples,the final classification model was obtained through training.The experimental results show that the system can achieve 99.93% detection accuracy,and through comparative analysis,the malware detection method used by the system is better than the existing methods.In summary,the main research results of this paper are as follows:1)This paper proposes a combination of virtual machine introspection and memory forensics analysis technology,which realizes the extraction of multiple kinds of dynamic features from the guest virtual machine at one time.It can effectively improve the type and reliability of acquiring feature data,reduce the cost of data acquisition and the intervention of guest virtual machines.2)This paper uses multi-feature dynamic data that depicts the state of the guest virtual machine from different sides,improving the detection capabilities for complex malware.Therefore,the multi-feature dynamic malware detection method is more effective than the single feature or static malware detection method.3)In this paper,the optimal classification algorithm for each type of dynamic features is selected by experiment,and then the ensemble learning model is used to effectively integrate these base classifiers.It effectively improves the generalization ability and classification accuracy of the overall classifier,and enhances the versatility of the classification model for different types of malware detection.In summary,the virtualized technology-based malware detection prototype system designed and implemented in this paper can reduce system overhead and improve malware detection rate.It can improve the security of virtual machines and has certain significance for ensuring the security of the entire cloud platform.