Intricate malwares can result in the failure of Virtual System, and enable the system to be in an unsafe state and difficult to restore. The existing policies thwarting this extreme attack are ineffective. In this paper, based on cooperative recovery among multiple Virtual Machines and agent-based lightweight intrusion detection, an efficient recovery mechanism is proposed for Virtualization systems against malware attacks. The basic policy is to deploy an Emergency Response/Recovery (ER) agent on Virtual Machine to identify the state of the system, and cooperative security among multiple nodes is carried out so that the infected nodes can be rapidly recovered. Simulation results also demonstrate the practicality and efficiency of the proposed schemes.

• 出版日期2011
• 单位清华大学