[1] LAUREANO M, MAZIERO C, JAMHOUR E. Protecting host-based intrusion detectors through virtual machines[J]. Computer Networks, 2007, 51(5): 1275-1283. [2] 项国富, 金海, 邹德清, 等. 基于虚拟化的安全监控[J]. 软件学报, 2012, 23(8): 2173-2187.(XIANG G F, JIN H, ZOU D Q, et al. Virtualization-based security monitoring[J]. Journal of Software, 2012, 23(8): 2173-2187.) [3] JIANG X, WANG X, XU D. Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007: 128-138. [4] DINABURG A, ROYAL P, SHARIF M, et al. Ether: malware analysis via hardware virtualization extensions[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008: 51-62. [5] LANZI A, SHARIF M I, LEE W. K-Tracer: a system for extracting kernel malware behavior[EB/OL].[2016-03-10]. https://www.isoc.org/isoc/conferences/ndss/09/pdf/12.pdf. [6] XUAN C, COPELAND J, BEYAH R. Toward revealing kernel malware behavior in virtual execution environments[C]//RAID 2009: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection. Berlin: Springer, 2009: 304-325. [7] SESHADRI A, LUK M, QU N, et al. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes[C]//SOSP 2007: Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles. New York: ACM, 2007: 335-350. [8] PAYNE B D, LEINHOS M. LibVMI[EB/OL].[2016-08-29]. http://libvmi.com. [9] PAYNE B D, CARBONE M, SHARIF M, et al. Lares: an architecture for secure active monitoring using virtualization[C]//SP 2008: Proceedings of the 2008 IEEE Symposium on Security and Privacy. Piscataway, NJ: IEEE, 2008: 233-247. [10] ZHANG X, LI Q, QING S, et al. VNIDA: building an IDS architecture using VMM-based non-intrusive approach[C]//WKDD 2008: Proceedings of the First International Workshop on Knowledge Discovery and Data Mining. Piscataway, NJ: IEEE, 2008: 594-600. [11] SHARIF M I, LEE W, CUI W, et al. Secure in-VM monitoring using hardware virtualization[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York: ACM, 2009: 477-487. [12] XI X, JIA X, LIU P. SHELF: preserving business continuity and availability in an intrusion recovery system[C]//ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference. Piscataway, NJ: IEEE, 2009: 484-493. [13] WU R, CHEN P, LIU P, et al. System call redirection: a practical approach to meeting real-world virtual machine introspection needs[C]//Proceedings of the 201444th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway, NJ: IEEE, 2014: 574-585. |