Virtual machine introspection based spurious process detection in virtualized cloud computing environment

摘要

Virtual Machines are prime target for adversary to take control by exploiting the identified vulnerability present in it. Due to increasing number of Advanced Persistent Attacks such as malware, rootkit, spyware etc., virtual machine protection is highly challenging task. The key element of Advanced Persistent Threat is rootkit that provides stealthy control of underlining Operating System (kernel). Protecting individual guest operating system by using antivirus and commercial security defense mechanism is cost effective and ineffective for virtualized environment. To solve this problem, Virtual Machine Introspection has emerged as one of the promising approaches to secure the state of the virtual machine. Virtual Machine Introspection inspects the state of multiple virtual machines by operating outside the virtual machine i.e. at hypervisor level. In this work, Virtual Machine Introspection based malicious process detection approach is proposed. It extracts the high level information such as system call details, opened known backdoor ports from introspected memory to identify the spurious process. It triggers an alert in response to detected intrusion.