Abstract: Virtual machine introspection technology is a kind of technology that monitors the operating system and the operating status of the virtual machine from outside the virtual machine. The technology is less expensive and more secure because it does not require agents to be installed inside the virtual machine. In this paper, a virtual machine introspection technology based on system call interception is proposed, which intercepts the system calls that occur within the virtual machine by adjusting the response mechanism of VMM to system calls, and by analyzing system calls, the purpose of monitoring abnormal behavior state within the virtual machine is achieved.

Key words: Virtualization, Cloud Computing, Virtual Machine, VMI, System Call, Interrupt

摘要： 虚拟机自省技术，是一类从虚拟机外部监控虚拟机内部操作系统及应用的运行状态的技术。由于不需要在虚拟机内部安装代理，因而该技术的管理维护成本较低，且安全性更高。提出一种基于系统调用截获的虚拟机自省技术，通过调整VMM对系统调用的响应机制，截获虚拟机内部发生的系统调用；通过分析系统调用，达到监控虚拟机内部异常行为状态的目的。

关键词: 虚拟化, 云计算, 虚拟机, 虚拟机自省, 系统调用, 中断