|
[1]T. Garfinkel and M. Rosenblum, "A Virtual Machine Introspection Based Architecture for Intrusion Detection," in NDSS, 2003, pp. 191-206. [2]B. D. Payne, M. De Carbone, and W. Lee, "Secure and flexible monitoring of virtual machines," in Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, 2007, pp. 385-397. [3]X. Jiang, X. Wang, and D. Xu, "Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction," in Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 128-138. [4]J. Pfoh, C. Schneider, and C. Eckert, "Nitro: Hardware-based system call tracing for virtual machines," in Advances in Information and Computer Security, ed: Springer, 2011, pp. 96-112. [5]B. D. Payne, M. Carbone, M. Sharif, and W. Lee, "Lares: An architecture for secure active monitoring using virtualization," in Security and Privacy, 2008. SP 2008. IEEE Symposium on, 2008, pp. 233-247. [6]C. Willems, T. Holz, and F. Freiling, "Toward automated dynamic malware analysis using cwsandbox," IEEE Security & Privacy, pp. 32-39, 2007. [7]A. More and S. Tapaswi, "Virtual machine introspection: towards bridging the semantic gap," Journal of Cloud Computing, vol. 3, pp. 1-14, 2014. [8]F. Bellard, "QEMU, a Fast and Portable Dynamic Translator," in USENIX Annual Technical Conference, FREENIX Track, 2005, pp. 41-46. [9]A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, "kvm: the Linux virtual machine monitor," in Proceedings of the Linux Symposium, 2007, pp. 225-230. [10]G. Neiger, A. Santoni, F. Leung, D. Rodgers, and R. Uhlig, "Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization," Intel Technology Journal, vol. 10, 2006. [11](December 19). Page table. Available: https://en.wikipedia.org/wiki/Talk:Page_table [12]C. Wei-Ren. (December 19). kvm - 韋任的維基百科. Available: http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=kvm [13]"Intel® 64 and IA-32 Architectures," in Software Developer s : System Programming Guide,. vol. Manual Volume 3B, ed. [14]B. D. Payne, "Simplifying virtual machine introspection using libvmi," Sandia Report, 2012. [15](December 18). Volatility Foundation. Available: http://www.volatilityfoundation.org/ [16]Y. Fu and Z. Lin, "Exterior: Using a dual-vm based external shell for guest-os introspection, configuration, and recovery," ACM SIGPLAN Notices, vol. 48, pp. 97-110, 2013. [17]D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, et al., "BitBlaze: A new approach to computer security via binary analysis," in Information systems security, ed: Springer, 2008, pp. 1-25. [18]S.-W. Hsiao, Y.-N. Chen, Y. S. Sun, and M. C. Chen, "A cooperative botnet profiling and detection in virtualized environment," in Communications and Network Security (CNS), 2013 IEEE Conference on, 2013, pp. 154-162. [19]A. Dinaburg, P. Royal, M. Sharif, and W. Lee, "Ether: malware analysis via hardware virtualization extensions," in Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 51-62. [20]M. I. Sharif, W. Lee, W. Cui, and A. Lanzi, "Secure in-vm monitoring using hardware virtualization," in Proceedings of the 16th ACM conference on Computer and communications security, 2009, pp. 477-487. [21]S. Vogl and C. Eckert, "Using hardware performance events for instruction-level monitoring on the x86 architecture," in Proceedings of the 2012 European Workshop on System Security EuroSec, 2012. [22]C. Willems, R. Hund, and T. Holz, "Cxpinspector: Hypervisor-based, hardware-assisted system monitoring," Ruhr-Universitat Bochum, Tech. Rep, 2013. [23](May 22). Volatility - CommandReferenceWiki. Available: http://www.volatilityfoundation.org/ [24](July 18). Passmark. Available: https://www.passmark.com/ [25](July 18). Netperf. Available: http://www.netperf.org/netperf/ [26](July 18). diskbench. Available: https://www.nodesoft.com/diskbench
|