中文摘要：

近年来,恶意软件对物理机和云平台上虚拟机均构成巨大的安全威胁。在基础设施即服务（Iaa S）云平台上部署传统的杀毒软件、防火墙等恶意软件检测工具存在以下问题：1）检测工具可能被破坏或者关闭;2）单一的检测工具效果不理想;3）检测工具可能被加壳等方式绕过;4）需要给每台客户机安装额外软件,难以部署实施。为此提出一种面向云平台的多样化恶意软件检测架构。该架构利用虚拟化技术截获客户机的特定行为,抓取客户机内软件释放的代码,通过多种杀毒软件多样化的扫描确定软件的恶意性。采用的动态内存提取的方式对客户机完全透明。最后在Xen上部署该架构并进行恶意软件检测测试,该架构对加壳恶意软件的检测率为85.7%,比杀毒软件静态扫描的检测率高14.3个百分点。实验结果表明,在云平台上采用多样化恶意软件检测框架能更好地保障客户机的安全。

英文摘要：

In recent years, physical and virtual machines are heavily threatened by malwares. Deploying traditional detection tools such as anti-virus softwares and firewalls on Infrastructure as a Service（ Iaa S） cloud faces the following problems： 1） detection tools may be damaged or shut down by malwares; 2） the detection rate of a single tool is insufficient;3） detection tools are easily bypassed; 4） it＇s difficult to deploy additional softwares in each virtual machine. A diversified malware detection framework was proposed to overcome these shortcomings. The framework leveraged virtualization technology to intercept some specific behavior of virtual machines at first. Then codes from virtual machines＇ memory were extracted dynamically. Finally, several anti-virus softwares were used to codetermine whether the extracted codes were malicious or not.The extraction and judgment processes were totally transparent to virtual machines. A prototype was implemented based on the Xen hypervisor and some experiments were done. The prototype has a malware detection rate of 85. 7%, which is 14. 3percentage points higher than static anti-virus softwares. The experimental results show that the diversified malware detection framework on cloud platform can provide more effective protection to the security of virtual machines.