Netinfo Security ›› 2017, Vol. 17 ›› Issue (11): 1-6.doi: 10.3969/j.issn.1671-1122.2017.11.001

• Orginal Article •     Next Articles

Research on Anomaly Behavior Detection Technology in Virtualization Environment Based on KVM

Jian ZHANG1(), Changliang CAI1, Liangyi GONG1, Zhaojun GU2   

  1. 1. School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China
    2. Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China, Tianjin 300300, China
  • Received:2017-08-01 Online:2017-11-20 Published:2020-05-12

Abstract:

With the security problem becoming the major problem of cloud computing, the traditional anomaly detection technology based on hosts and network can guarantee the reliability and security of the cloud computing service to a certain extent, but still faces deceiving and attacking threats. VMM has a high degree of isolation and transparency, the analysis of virtual machine behavior and network information can effectively improve the accuracy and security of anomaly behavior detection based on the agentless out-VM monitoring method. This paper analyzes anomaly behavior detection technology on physical environment, mixes the traditional intrusion detection algorithms, proposes anomaly behavior detection method based on KVM virtualization environment, experiments and analyses some aspects of the detection model. The results shows that the model can effectively detect the anomaly behavior of guest OS.

Key words: cloud computing, virtualization technology, detection, KVM, anomaly behavior

CLC Number: