Hiding "real" machine from attackers and malware with a minimal virtual machine monitor
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
FAC '09 Proceedings of the 5th International Conference on Foundations of Augmented Cognition. Neuroergonomics and Operational Neuroscience: Held as Part of HCI International 2009
Split personality malware detection and defeating in popular virtual machines
Proceedings of the Fifth International Conference on Security of Information and Networks
VMM detection using privilege rings and benchmark execution times
International Journal of Communication Networks and Distributed Systems
| Hi-index | 0.00 |
With security researchers relying on virtual machine environments (VMEs) in their analysis work, attackers and their malicious code have a significant stake in detecting the presence of a virtual machine. Virtualization, by its very nature, creates systems that have different characteristics from real machines. From a theoretical perspective, any difference between the virtual and the real could lead to a fingerprinting opportunity for attackers. This article focuses on detection techniques and mitigation options for the most widely deployed VME product today, VMware.