Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades.To defeat this attack,many protection methods are proposed in recent years.However,most of these existing methods focus on user-level heap overflow detection.Only a few methods are proposed for kel heap protection.Moreover,all these kel protection methods need modifying the existing OS kel so that they may not be adopted in practice.To address this problem,we propose a lightweight virtualization-based solution that can protect the kel heap buffers allocated for the target kel modules.The key idea of our approach is to combine the static binary analysis and virtualization technology to trap a memory allocation operation of the target kel module,and then add one secure canary word to the end of the allocated buffer.After that,a monitor process is launched to check the integrity of the canaries.The evaluations show that our system can detect kel heap overflow attacks effectively with minimal performance cost.