安全性是虚拟化平台用户最为关心的问题。保护系统内核的完整性，检测和防御漏洞利用攻击、内核数据篡改、恶意代码植入等恶意行为，是确保虚拟机安全的关键。然而，在无准确先验知识的情况下，现有方案对未知漏洞利用攻击、未知恶意代码植入的检测效果都十分有限，尤其是在虚拟机已经被污染时，检测和发现内核层恶意行为更是十分困难。.申请人前期研究表明，基于虚拟机监控器（VMM）的恶意代码检测技术具有很好的检测效果。本项目拟在此基础上，研究内核数据动态保护技术、内核代码动态保护技术、漏洞利用攻击检测技术和恶意行为深度检测技术，解决内核数据动态性和内核代码复杂性带来的内核完整性保护难题，无准确先验知识的漏洞利用攻击检测问题，虚拟机被污染环境下的内核层恶意行为检测问题。.本项目的实施，预期可形成一套无需准确先验知识、高精度、可扩展的虚拟化平台内核层攻击动态防御方案，兼容和支持多类型操作系统和多类型虚拟机监控器。

Security is the most important concern for virtualization platform users. Protecting the integrity of the system kernel, detecting and defending against malicious behaviors such as vulnerability exploitation, kernel data tampering and malicious code injection is the key to ensure the security of virtual machines. However, without accurate prior knowledge, the existing methods are very limited in detecting unknown attacks of vulnerabilities and malicious codes. Especially when virtual machines are infected, it is extremely difficult to detect kernel-level malicious behaviors..The previous research by the applicant shows that malicious code detection based on virtual machine monitor (VMM) has a good effect. Following and developing the idea, this project intends to study the technology of kernel data dynamic protection, kernel code dynamic protection, vulnerability exploitation attack detection and malicious behavior deep detection. It solves the problems of kernel integrity protection caused by dynamic kernel data and complex kernel code. It also solves the problems of vulnerability exploitation detection without accurate prior knowledge, and kernel-level malicious behavior detection when virtual machines are infected. .This project is expected to build a dynamic defense scheme in virtualization platforms against kernel attacks with high precision and extensibility, and without accurate prior knowledge. The scheme supports and can be compatible with multi-type operating systems and multi-type virtual machine monitors.