Introspect Virtual Machines Like It Is the Linux Kernel!

Virtual machine introspection (VMI) allows a monitoring application, usually running in a separate virtual machine on the same host, to peek into another guest virtual machine running on the same host, check and modify both registers and memory state of the guest. It has gained popularity in malware analysis, software reverse engineering, and intrusion detection systems. However, VMI comes with a huge overhead, which not only is a waste of resources but also can tip malware that VMI is being used.