Detecting stealth network communications

摘要

A computer has a hypervisor that supervises a virtual machine. The virtual machine includes a guest security module that enforces a security policy on network traffic entering and exiting the virtual machine. Malicious software (malware) uses stealth network communications to avoid the guest security module and attempts to communicate with its home base. A security module within the hypervisor has access to all network communications entering and exiting the computer. The security module communicates with the guest security module to identify communications of which the guest security module is aware. The security module analyzes the network communications for the computer to identify a stealth network communication of which the guest security module is unaware. The security module alters the stealth network communication, thereby prevent the malware from communicating with its home base.