3308                                 Journal of Software  软件学报 Vol.32, No.10, October 2021

                [10]    Xiong H, Liu Z, Xu W, Jiao S. Libvmi: A library for bridging the semantic gap between guest OS and VMM. In: Proc. of the 12th
                     IEEE Int’l Conf. on Computer and Information Technology. Washington: IEEE Computer Society, 2012. 549556. [doi: 10.1109/
                     CIT.2012.119]
                [11]    Payne BD. Xen access library. https://code.google.com/p/xenaccess/
                [12]    Jones ST, Arpaci-Dusseau AC, Arpaci-Dusseau RH. Antfarm: Tracking processes in a virtual machine environment. In: Proc. of the
                     USENIX Annual Technical Conf. New York: ACM, 2006. 114.
                [13]    Srinivasan  D,  Wang Z, Jiang XX,  Xu  DY. Process out-grafting:  An  efficient “out-of-VM”  approach for fine-grained process
                     execution  monitoring. In: Proc. of the 18th  ACM  Conf. on  Computer  and Communications Security.  New  York:  ACM, 2011.
                     363374. [doi: 10.1145/2046707,2046751]
                [14]    Dolan-Gavitt B, Leek T, Zhivich M, Giffin J, Lee W. Virtuoso: Narrowing the semantic GAP in virtual machine introspection. In:
                     Proc. of the 32nd IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 2011. 297312. [doi: 10.1109/SP.
                     2011,11]
                [15]    Fu YC, Lin ZQ. Space traveling across VM: Automatically bridging the semantic GAP in virtual machine introspection via online
                     kernel data redirection. In: Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 2012. 586600.
                     [doi: 10.1109/SP.2012,40]
                [16]    Saberi A,  Fu YC, Lin  Z.  Hybrid-bridge: Efficiently  bridging  the semantic GAP in  virtual machine introspection  via  decoupled
                     execution and training memorization. In: Proc. of the 21st Annual Network and Distributed System Security Symp. Washington:
                     Internet Society, 2014. 115. [doi: 10.14722/ndss.2014.23226]
                [17]    Carbone M, Cui WD, Lu L, Lee W, Peinado M, Jiang XX. Mapping kernel objects to enable systematic integrity checking. In: Proc.
                     of the 16th ACM Conf. on Computer and Communications Security (CCS 2009). New York: ACM, 2009. 555565. [doi: 10.1145/
                     1653662,1653729]
                [18]    Andersen  LO. Program  analysis  and specialization for the  C programming language [Ph.D.  Thesis].  Copenhagen:  University of
                     Copenhagen, 1994.
                [19]    Schneider C, Pfoh J, Echert C. Bridging the semantic GAP through static code analysis. In: Proc. of the 2012 European Workshop
                     on System Security (EuroSec 2012). New York: ACM, 2012. 16.
                [20]    Jiang XX, Wang XY, Xu DY. Stealthy Malware detection through VMM-based “out-of-the-box” semantic view reconstruction. In:
                     Ning P, ed. Proc. of the 14th ACM Conf. on Computer and Communications Security. New York: ACM, 2007. 128138. [doi: 10.
                     1145/1315245,1315262]
                [21]    Inoue H, Adelstein F, Donovan M, Brueckner S. Automatically bridging the semantic GAP using c interpreter. In: Proc. of the 2011
                     Annual Symp. on Information Assurance. 2011. 5158.
                [22]    Volatilitux: Physical memory analysis of linux systems. http://code.google.com/p/volatilitux
                [23]    Pfoh J, Schneider C, Eckert C. Nitro: Hardware-based system call tracing for virtual machines. In: Tetsu I, Nishigaki M, eds. Proc.
                     of the 6th Int'l Conf. on Advances in Information and Computer Security. Washington: IEEE Computer Society, 2011. 96112. [doi:
                     10.1007/978-3-642-25141-2_7]
                [24]    Chen XS, Chen MM, Jin X.  Shadow memory-based  agentless  virtual machine  process  protection.  Journal  of University of
                     Electronic Science and Technology of China, 2018,47(1):8087 (in Chinese with English abstract). [doi: cnki:sun:dkdx.0.2018-01-
                     012]
                [25]    OpenCIT: Open continuous integration and test. http://opencit.openengsb.org
                [26]    Cai MJ, Chen XS,  Jin X,  Zhao C, Yin MY.  Paging-measurement method  for  virtual machine  process code based  on  hardware
                     virtualization. Journal of  Computer  Applications, 2018,38(2):305309 (in Chinese  with  English  abstract). [doi: 10.11772/j.issn.
                     1001-9081.2017082167]
                [27]    Xiao JD, Lu L, Wang HN, Zhu XY. HyperLink: Virtual machine introspection and memory forensic analysis without kernel source
                     code. In: Proc. of the IEEE Int’l Conf. on Autonomic Computing. Washington: IEEE Computer Society, 2016. 127136. [doi: 10.
                     1109/icac.2016.46]
                [28]    Cui CY, Wu Y, Li P, Zhang XM. Narrowing the semantic GAP in virtual machine introspection. Journal on Communications, 2015,
                     36(8):3137 (in Chinese with English abstract). [doi: cnki:sun:txxb.0.2015-08-005]