What is HVMI?

HVMI stands for Hypervisor-based Memory Introspection. The technology leverages Virtual Machine Introspection (VMI) APIs in the Xen and KVM hypervisors. By gaining introspection of the raw memory of
running guest virtual machines, HVMI can apply security logic to detect and prevent the use of common attack techniques, such as buffer overflows, heap spray, code injection, and so-on.

A research and development team at Bitdefender extended the VMI APIs by working with the Xen Project and KVM Project communities. Bitdefender initially released a commercial solution known as GravityZone Hypervisor Introspection (HVI). The core components of HVI were open-sourced in mid-2020, forming the basis of the HVMI project. Today, Bitdefender offers commercial support and services for HVI.

The primary goal of the HVMI project is to build a community to foster development of new features and use-cases.

Introduction to HVMI

Getting Started

There are two options for getting started with this technology. To access the source code, detailed documentation, and open-source distribution, head over to HVMI project page on GitHub. Alternatively, to download and deploy HVI, visit the Bitdefender HVI page.


HVMI is licensed under Apache 2.0.