信息网络安全 ›› 2017, Vol. 17 ›› Issue (11): 1-6.doi: 10.3969/j.issn.1671-1122.2017.11.001

• •    下一篇

基于KVM虚拟化环境的异常行为检测技术研究

张健1(), 蔡长亮1, 宫良一1, 顾兆军2   

  1. 1. 天津理工大学计算机科学与工程学院,天津 300384
    2. 中国民航大学信息安全测评中心,天津 300300
  • 收稿日期:2017-08-01 出版日期:2017-11-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 张健(1968—),男,天津,正高级工程师,博士,主要研究方向为网络空间安全、恶意代码防治;蔡长亮(1992—),男,内蒙古,硕士研究生,主要研究方向为信息安全;宫良一(1987—),男,山东,博士研究生,主要研究方向为普适计算;顾兆军(1966—),男,山东,教授,博士,主要研究方向为网络与信息安全、民航信息系统。

  • 基金资助:
    国家重点研发计划[2016YFB0800805];天津市科技服务业科技重大专项[16ZXFWGX00140];中国民航大学信息安全测评中心开放基金课题[CAAC-ISECCA-201501]

Research on Anomaly Behavior Detection Technology in Virtualization Environment Based on KVM

Jian ZHANG1(), Changliang CAI1, Liangyi GONG1, Zhaojun GU2   

  1. 1. School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China
    2. Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China, Tianjin 300300, China
  • Received:2017-08-01 Online:2017-11-20 Published:2020-05-12

摘要:

随着安全问题成为云计算面临的主要问题,虽然基于主机、网络的传统入侵检测技术在一定程度上可以保证云计算服务的可靠性和安全性,但会受到欺骗、攻击等威胁。虚拟机监视器具有高度的隔离性和透明性,基于无代理的方式对虚拟机行为和网络信息进行提取分析可以有效提升异常行为检测的准确性和安全性。文章分析了实体环境中的异常行为检测技术,结合传统入侵检测算法提出了基于KVM虚拟化环境的异常行为检测模型,并对检测模型进行了实验和分析。实验结果表明,该模型可以有效检测出客户虚拟机的异常行为。

关键词: 云计算, 虚拟化技术, 检测, KVM, 异常行为

Abstract:

With the security problem becoming the major problem of cloud computing, the traditional anomaly detection technology based on hosts and network can guarantee the reliability and security of the cloud computing service to a certain extent, but still faces deceiving and attacking threats. VMM has a high degree of isolation and transparency, the analysis of virtual machine behavior and network information can effectively improve the accuracy and security of anomaly behavior detection based on the agentless out-VM monitoring method. This paper analyzes anomaly behavior detection technology on physical environment, mixes the traditional intrusion detection algorithms, proposes anomaly behavior detection method based on KVM virtualization environment, experiments and analyses some aspects of the detection model. The results shows that the model can effectively detect the anomaly behavior of guest OS.

Key words: cloud computing, virtualization technology, detection, KVM, anomaly behavior

中图分类号: