| 针对虚拟机查毒的规避方法研究 |
| |
| 引用本文: | 蒋晓峰,施勇,薛质.针对虚拟机查毒的规避方法研究[J].信息安全与通信保密,2011(2):55-57. |
| |
| 作者姓名: | 蒋晓峰 施勇 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 基金项目: | 国家自然科学基金资助项目,计算机网络系统安全评估优化的研究 |
| |
| 摘 要: | 如今杀毒软件利用虚拟机模拟执行程序,判断其行为是否会对系统安全造成影响,从而由用户决定是放行通过或是报警拦截。针对虚拟机查毒的特点,研究如何检测杀毒软件的虚拟机环境。根据虚拟机环境与真实用户环境的区别,以及特定杀毒软件虚拟机的特有属性,找到规避虚拟机模拟执行的方法,从而使程序不被杀毒软件虚拟执行,欺骗杀毒软件直接放行通过,用来满足某些特定程序的要求。
|
| 关 键 词: | 模拟执行 虚拟机查毒 规避 |
Study on Circumvention of Virtual Machine Anti-Virus |
| |
| JIANG Xiao-feng,SHI Yong,XUE Zhi.Study on Circumvention of Virtual Machine Anti-Virus[J].China Information Security,2011(2):55-57. |
| |
| Authors: | JIANG Xiao-feng SHI Yong XUE Zhi |
| |
| Affiliation: | JIANG Xiao-feng,SHI Yong,XUE Zhi(School of Information Security,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | Nowadays anti-viruses softwares use virtual machine to execute programme and determine whether it would do harm to the system,thus decides to let the program go or alarm.Aiming at virtual machine anti-viruses features,how to detect virtual environment of anti-viruses software is studied.According to the difference between virtual machine environment and actual user environment and virtual machine properties of specific anti-viruses software,how to circumvent virtual machine anti-virus is explored,thus to av... |
| |
| Keywords: | virtual execution virtual machine anti-virus circumvention |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
