Xen-based active defense method

An active defense, front-end driven technology, applied in the field of computer security, can solve problems such as impracticality
CN102129531AInactive Publication Date: 2011-07-20BEIJING UNIV OF TECH
3 Cites 43 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
BEIJING UNIV OF TECH
Publication Date
2011-07-20
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a virtual machine Xen-based active defense method, which comprises the following steps of: generating a virtual machine for a user by using Xen, and making the user perform operation in the virtual machine; simultaneously removing conventional security programs required to be installed in the virtual machine and arranging the removed security programs outside the virtual machine of a system, so that kernel modules of the security programs are invisible for rogue programs; in addition, setting a front-end drive in the virtual machine of the user to make the security modules outside the virtual machine can scan and intervene in the operation in the virtual machine, and simultaneously protecting the front-end drive by using a memory protection module in a monitor layer of the virtual machine to prevent the front-end drive from being attacked by the rogue programs. In the method, the kernel modules are arranged outside the virtual machine, and are invisible for therogue programs, thereby achieving security higher than that of a conventional security program deployment method; in addition, a para-virtualization front / rear-end drive communication way is introduced to greatly reduce system overhead caused by virtualization and make the method highly practicable.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of computer security. Background technique

[0002] At present, as malicious programs such as viruses become more and more complex, it is becoming more and more difficult to protect computer systems. Sometimes it is very difficult to just detect these malicious programs. There is a system that cannot do it.

[0003] At present, mainstream commercial security software generally uses a combination of signature scanning and active defense to protect the user operating system. The signature scanning is mainly aimed at known malicious programs, scanning the system memory and files, and the information stored in the database. Malicious program signatures are compared to discover known malicious programs; and for unknown viruses, various heuristic algorithms are mainly used to judge whether a program has the characteristics of malicious programs. Due to the complexity of malicious programs and the lack of algorithms, this ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More