Download now Free registration required
Nowadays, a variety of applications of Windows OS has become more sophisticated and the complexity of its behavior has also been increased. Large scale applications generate the vast size of traffic and logs hard to understand for a shot while which impose a great burden on administrators. Visualization could be one of the solutions for this problem. In this paper, the authors propose a visualization technique of anomaly memory behavior of full-virtualized Windows OS using virtual machine introspection. Proposed system has been implemented in tree steps: modification of Windows OS by inserting library and filter driver, modification of the debug register handler of virtual machine monitor, and deploying visualization tool on host OS.
- Format: PDF
- Size: 730.54 KB