Virtual machine-based method for runtime monitoring of executing program

被引：0

作者：

Wang D. ^{[1
]}

Chen J. ^{[1
]}

Zhao W. ^{[1
]}

Lin J. ^{[2
]}

机构：

[1] College of Computer Science, Beijing University of Technology, Beijing

[2] Information and Network Safety Department, The Third Research Institute of Ministry of Public Security, Shanghai

来源：

Harbin Gongcheng Daxue Xuebao/Journal of Harbin Engineering University | 2017年 / 38卷 / 12期

关键词：

Control flow; Dynamic binary analysis; Event; Runtime monitoring; Translation; Virtual machine;

D O I：

10.11990/jheu.201607055

中图分类号：

学科分类号：

摘要：

To provide runtime monitoring for executing programs at system level, a dynamic monitoring framework based on virtual machine was designed and implemented. By utilizing an event-driven mechanism based on the theory of a translation program for virtual machines, this study selected a specific event as the target for registration, and the CPU state was obtained for analysis to obtain dynamic running information on the tested program. This paper describes the structure of the dynamic monitoring framework, analyzes the working principle, and introduces the process of acquiring monitoring information. The analysis of suspicious programs based on control flow technique was used as an example to describe the entire process. The test results show that this method is effective in conducting comprehensive monitoring. Furthermore, this method facilitates obtaining the kernel status of the operating system and process information to support the analysis of the dynamic behavior of the executing program. © 2017, Editorial Department of Journal of HEU. All right reserved.

引用

页码：1969 / 1976

页数：7

共 11 条

[1] Hong D.Y., Wu J.J., Yew P.C., Et al., Efficient and retargetable dynamic binary translation on multicores, IEEE Transactions on Parallel & Distributed System, 25, 3, pp. 622-632, (2014)
[2] Dostal M., Eichler Z., A hybrid Approach to User Activity Instrumentation in Software Applications, pp. 566-570, (2011)
[3] Feiner P., Brown A.D., Goel A., Comprehensive kernel instrumentation via dynamic binary translation, ACM Sigarch Computer Architecture News, 40, 1, pp. 135-146, (2012)
[4] Wang Q., Shu H., Li Y., Et al., Malicious code behavior analysis based on dynamoRIO, Computer Engineering, 37, 18, pp. 139-144, (2011)
[5] Pei L., Analysing OSE application based on Valgrind tools, pp. 8-10, (2014)
[6] Fabrice B., QEMU, a fast and portable dynamic translator, Proceedings of the USENIX 2005 Annual Technical Conference, pp. 41-46, (2005)
[7] Christodorescu M., Jha S., Seshia S.A., Et al., Semantics-aware malware detection, Security and Privacy, pp. 32-46, (2005)
[8] Fu W., Wei B., Zhao R., Et al., Fuzzy reasoning model for analysis of program maliciousness, Journal on Communications, 31, 1, pp. 44-50, (2010)
[9] Zhang P., Wang W., Tan Y., A malware detection model based on a negtive selection algorithm with penalty factor, China Science: Information Science, 41, 7, pp. 798-812, (2011)
[10] Martin A., Mihai B., Ulfar E., Et al., Control-flow integrity principles, implementations, and applications, ACM Transactions on Information and System Security, 13, 1, pp. 1-40, (2009)

← 1 2 →