| VirtAV: an Agentless Runtime Antivirus System for Virtual Machines | |
| Tang, Hongwei1,2,3,4; Feng, Shengzhong2,3,4; Zhao, Xiaofang1,2; Jin, Yan1,2 | |
| 刊名 | KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
 |
| 2017-11-30 | |
| 卷号 | 11期号:11页码:5642-5670 |
| 关键词 | agentless antivirus antivirus storm virtual machine virus signature |
| ISSN号 | 1976-7277 |
| DOI | 10.3837/tiis.2017.11.026 |
| 英文摘要 | Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series. |
| WOS研究方向 | Computer Science ; Telecommunications |
| 语种 | 英语 |
| 出版者 | KSII-KOR SOC INTERNET INFORMATION |
| WOS记录号 | WOS:000417653700026 |
| 内容类型 | 期刊论文 |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/6365]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Tang, Hongwei |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 3.Univ Chinese Acad Sci, Shenzhen Coll Adv Technol, Shenzhen 518055, Peoples R China 4.Chinese Acad Sci, Shenzhen Inst Adv Technol, Shenzhen 518055, Peoples R China |
| 推荐引用方式 GB/T 7714 | Tang, Hongwei,Feng, Shengzhong,Zhao, Xiaofang,et al. VirtAV: an Agentless Runtime Antivirus System for Virtual Machines[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,2017,11(11):5642-5670. |
| APA | Tang, Hongwei,Feng, Shengzhong,Zhao, Xiaofang,&Jin, Yan.(2017).VirtAV: an Agentless Runtime Antivirus System for Virtual Machines.KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,11(11),5642-5670. |
| MLA | Tang, Hongwei,et al."VirtAV: an Agentless Runtime Antivirus System for Virtual Machines".KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS 11.11(2017):5642-5670. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论