虚拟化环境下基于职能分离的Rootkit检测系统架构研究

针对现有虚拟化环境下Rootkit检测技术易被绕过、性能开销大的问题,提出了虚拟化环境下基于职能分离的检测系统架构XenMatrix,其在保证检测系统透明性的同时提高了自身的安全性；设计了检测频率的自适应调整策略,实现了Rootkit检测频率的动态调整,有效降低了系统的性能开销。最后对实验结果的分析表明,相比现有检测技术,该原型系统能够有效检测Rookit,具有较高的检测率和较低的性能开销。

Research on Rootkit Detection System Architecture Based on Functional Separation in Virtualized Environment

A kind of Rootkit detection system architecture XenMatrix based on duty separation in virtualization environment was proposed in light of the problems of Rootkit detection technology being easy to be avoided and large perfor-mance overhead in existing virtualization environment,which can improve the security of its own and at the same time ensure the transparency of the detecting system.A strategy of adaptive adjustment to detect the frequency was proposed,which can achieve dynamic adjustment of Rootkit detecting frequency and reduce the overhead of the system effectively.The analysis of experimental results shows that this prototype system can effectively detect known and unknown Rootkit and has higher success rate of detecting and lower performance overhead compared to existing detecting technology at present.