VirtAV: an Agentless Runtime Antivirus System for Virtual Machines

doi:10.3837/tiis.2017.11.026

	VirtAV: an Agentless Runtime Antivirus System for Virtual Machines
	Tang, Hongwei 1,2,3,4; Feng, Shengzhong 1,2,3; Zhao, Xiaofang 3,4; Jin, Yan 3,4
	2017-11-30
发表期刊	KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
ISSN	1976-7277
卷号	11 期号:11 页码:5642-5670
摘要	Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.
关键词	agentless antivirus antivirus storm virtual machine virus signature
DOI	10.3837/tiis.2017.11.026
收录类别	SCI
语种	英语
WOS研究方向	Computer Science ; Telecommunications
WOS类目	Computer Science, Information Systems ; Telecommunications
WOS记录号	WOS:000417653700026
出版者	KSII-KOR SOC INTERNET INFORMATION
引用统计	被引频次：1[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/6366
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Tang, Hongwei
作者单位	1.Chinese Acad Sci, Shenzhen Inst Adv Technol, Shenzhen 518055, Peoples R China 2.Univ Chinese Acad Sci, Shenzhen Coll Adv Technol, Shenzhen 518055, Peoples R China 3.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 4.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China
推荐引用方式 GB/T 7714	Tang, Hongwei,Feng, Shengzhong,Zhao, Xiaofang,et al. VirtAV: an Agentless Runtime Antivirus System for Virtual Machines[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,2017,11(11):5642-5670.
APA	Tang, Hongwei,Feng, Shengzhong,Zhao, Xiaofang,&Jin, Yan.(2017).VirtAV: an Agentless Runtime Antivirus System for Virtual Machines.KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS,11(11),5642-5670.
MLA	Tang, Hongwei,et al."VirtAV: an Agentless Runtime Antivirus System for Virtual Machines".KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS 11.11(2017):5642-5670.