Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Computer and abnormal progress detection method

A computer and process technology, applied in computer security devices, computing, multiprogramming devices, etc., can solve problems such as undetectable and discoverable security risks in virtual machine systems, and achieve the effect of avoiding security risks and improving security.

Active Publication Date: 2010-07-21
LENOVO (BEIJING) LTD
View PDF0 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The current computer system cannot detect and discover abnormal processes running in the Guest OS kernel, such as the above-mentioned rootkit program, which poses a great security risk to the computer system, especially the virtual machine system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Computer and abnormal progress detection method
  • Computer and abnormal progress detection method
  • Computer and abnormal progress detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] In order to make the technical problems, technical solutions and advantages to be solved by the embodiments of the present invention clearer, the following will describe in detail with reference to the drawings and specific embodiments.

[0068] Embodiments of the present invention aim at the problem that existing computer systems cannot detect and find abnormal processes running in the Guest OS kernel, such as the above-mentioned rootkit program, so that the computer system, especially the virtual machine system, has a great security risk, and provides a A method for detecting a computer and an abnormal process, wherein,

[0069] Such as image 3 As shown, the computer includes: a hardware platform, with CPU, memory, etc.;

[0070] A virtual machine management module, configured to install a virtual machine manager VMM;

[0071] The first operating module is installed with a first operating system, such as Domain 0 in the virtual machine system. For the virtual machi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an abnormal progress detection device and a method thereof, comprising a hardware platform, a virtual machine management module, a first operation module and a second operation module, wherein the virtual machine management module is used for installing a virtual machine manager, the first operation module is provided with a first operation system, and the second operation module is provided with a second operation system which operates on the virtual machine manager; the virtual machine management module comprises a first acquisition module and a second acquisition module, wherein the first acquisition module is used for obtaining the value of the identifier of a currently operating progress in the second operation system, and the second acquisition module is used for obtaining the doubly linked list of the currently operating progress in the second operation system. The device also comprises a detection module which is used for traversing the value of the identifier in the doubly linked list; and if the doubly linked list does not have the value of the identifier, the currently operating progress is determined to be an abnormal progress. The invention avoids the potential safety hazard of the operation system in a virtual machine system and improves the system safety.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a computer and a method for detecting abnormal processes. Background technique [0002] At present, in the computer field, operating system kernel-level rootkits are relatively popular, and many Trojan horse viruses have adopted the kernel-level rootkit's hidden technology, which has caused a great threat to system security. At the same time, with the continuous maturity of virtualization technology, the industry has begun to study how to use virtualization technology to detect kernel-level rootkits. Such as figure 1 As shown, the common virtual machine system includes: a hardware platform, a virtual machine manager VMM installed on the hardware platform, a main operating system (Domain 0) and a guest operating system (Guest OS) running on the VMM, for virtual machine management As far as the VMM is concerned, it can know the address distribution of the physical memory of the G...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/22G06F9/455G06F9/46G06F12/10G06F12/1009G06F21/52
Inventor 李俊
Owner LENOVO (BEIJING) LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com