Developing a Virtual Network Environment for Analyzing Malicious Network Behavior
QEMU, an excellent PC simulator which emulates the entire hardware components, is widely used to construct virtual networks. But its restricted by efficiency and security. In order to solve these problems, the authors design a new component for connecting multiple virtual machines (VMs) to the host machine so as to build an emulated network environment effectively and easily. This paper provides the component called VSFilter for every QEMU guest to forward network packets to the exact guest system. All the network packets coming from the emulated network card are designed to go through VSFilter, and then delivered to physical network interface. Any disallowed packets are discarded, while allowed packets are forwarded to the designated destination directly. Accordingly, this paper develops a manageable, high performance and efficiency virtual network for analyzing malicious activities on the Internet.
QEMU VLAN virtual network malware
Qi-Guang Miao Hui-Liu Xian-Guo Zhang Zhong-Lin Liu Yuan-Zhu Yang Yun-Wang Yin-Cao
School of Computer Science and Technology Xidian University, 710071 Xian, Shaanxi, P.R.China North China Institute of Computing Technology, 100083, Beijing, P.R.China
国际会议
2010 International Conference on Educational and Network Technology(2010教育与网络技术国际会议 ICENT 2010)
秦皇岛
英文
271-275
2010-06-25(万方平台首次上网日期,不代表论文的发表时间)