[1] Wikimedia Foundation. Malware[EB/OL].[2016-03-04]. https://en.wikipedia.org/wiki/Malware. [2] IDIKA N, MATHUR A P. A survey of malware detection techniques[D]. West Lafayette, IN:Purdue University, 2007:1-48. [3] UHLIG R, NEIGER G, RODGERS D, et al. Intel virtualization technology[J]. Computer, 2005, 38(5):48-56. [4] YIN H, SONG D, EGELE M, et al. Panorama:capturing system-wide information flow for malware detection and analysis[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:116-127. [5] QEMU main page[EB/OL].[2016-03-04]. http://wiki.qemu.org/Main_Page. [6] VASUDEVAN A, YERRABALLI R. Stealth breakpoints[C]//Proceedings of the 21st Annual Computer Security Applications Conference. Piscataway, NJ:IEEE, 2005:383-392. [7] VASUDEVAN A, YERRABALLI R. Cobra:fine-grained malware analysis using stealth localized-executions[C]//Proceedings of the 2006 IEEE Symposium on Security and Privacy. Piscataway, NJ:IEEE, 2006:265-279. [8] JIANG X, WANG X, XU D. Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:128-138. [9] BAYER U, KRUEGEL C, KIRDA E. TTAnalyze:a tool for analyzing malware[EB/OL].[2015-12-20]. https://www.cs.ucsb.edu/~chris/research/doc/eicar06_ttanalyze.pdf. [10] Linux Foundation. The Xen project[EB/OL].[2016-03-04]. http://www.xenproject.org/. [11] Linux-KVM organization. Kernel virtual machine[EB/OL].[2016-03-04]. http://www.linux-kvm.org/page/Main_Page. [12] PAYNE B D, CARBONE M, SHARIF M, et al. Lares:an architecture for secure active monitoring using virtualization[C]//SP 2008:Proceedings of the 2008 IEEE Symposium on Security and Privacy. Piscataway, NJ:IEEE, 2008:233-247. [13] SHARIF M I, LEE W, CUI W, et al. Secure in-VM monitoring using hardware virtualization[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York:ACM, 2009:477-487. [14] MAO Y, CHEN X, LUO Y. HVSM:an in-out-VM security monitoring architecture in IAAS cloud[C]//Proceedings of the 2014 IEEE Information and Network Security. Piscataway, NJ:IEEE, 2014:185-192. [15] HIZVER J, CHIUEH T. Real-time deep virtual machine introspection and its applications[C]//VEE'14:Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. New York:ACM, 2014:3-14. [16] BARHAM P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5):164-177. [17] BUCHANAN E, ROEMER R, SHACHAM H, et al. When good instructions go bad:Generalizing return-oriented programming to RISC[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security. New York:ACM, 2008:27-38. [18] SHACHAM H. The geometry of innocent flesh on the bone:return-into-libc without function calls (on the x86)[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:552-561. [19] JIA X, WANG R, JIANG J, et al. Defending return-oriented programming based on virtualization techniques[J]. Security and Communication Networks, 2013, 6(10):1236-1249. |