Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method and device for hidden process based on virtual machine monitor

A virtual machine monitor and hidden process technology, applied in program control devices, computer security devices, instruments, etc., can solve problems such as coarse-grained detection, increased costs, and incomplete functions, and achieve high security effects

Inactive Publication Date: 2012-06-27
BEIHANG UNIV
View PDF2 Cites 133 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The hidden object detection mechanism based on the system level has the danger of tampering, disabling, and bypassing, while the one based on auxiliary hardware requires the support of special hardware, which increases the cost and realizes incomplete functions
VMM-based security technology has been greatly developed, and the security is increasing, but there are also some shortcomings: some are coarse-grained detection; some use the kernel data structure for semantic conversion, in the absence of verification , some information will be missed; some have sacrificed some complete semantic information in order to achieve higher security; more research has been placed on the research process, and there are fewer studies on files and network connections. If there is, only terminate The hidden process ignores the legacy hidden files, or does not pay attention to hidden network connections, these connections are likely to be created by non-hidden processes, etc. In some cases, the scope of detection is limited
In addition, some commercial systems that do not support open source also have certain restrictions on the scope of research and use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for hidden process based on virtual machine monitor
  • Detection method and device for hidden process based on virtual machine monitor
  • Detection method and device for hidden process based on virtual machine monitor

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0059] In one embodiment, the second module 702 includes a processing unit, configured to obtain a socket structure according to the socket file pointed to by the file pointer of the process, and the inet_sock data structure of the socket structure contains port to obtain the mapping information between the process and the port.

[0060] Those of ordinary skill in the art can understand that all or part of the steps for implementing the above method embodiments can be completed by program instructions and related hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it executes the steps of the above-mentioned method embodiments; and the aforementioned storage medium includes: read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other various media that can store program codes.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a detection method and a device for a hidden process based on a virtual machine monitor, wherein the method comprises the steps of obtaining a user mode, a kernel mode and progress information in the virtual machine monitor; comparing the process information in the user mode with the process information in the kernel mode to obtain the hidden process in the user mode; comparing the process information in the kernel mode with the process information in the virtual machine monitor to obtain the hidden process in the kernel mode. The device comprises an acquision module, a first comparison module and a second comparison module. The scheme provided by the invention achieves multi-view hidden process detection and identification technology and provides good security for the virtual machine.

Description

technical field [0001] The present invention relates to virtual machine technology, in particular to a hidden process detection method and device based on a virtual machine monitor (Virtual Machine Monitor, VMM for short), and belongs to the field of computer technology. Background technique [0002] The development of virtualization technology has promoted the emergence of virtual machine technology. A virtual machine is realized through virtual hardware, and a physical computer system is virtualized into one or more virtual computer systems, and each virtual computer system has its own virtual hardware (such as CPU, memory, and equipment, etc.). Various advantages of virtual machines have prompted the development of virtual computing environments. Of course, as the core of the computing environment, the security of the virtual machine must be better guaranteed, which has become an important issue to be studied in the current virtual computing environment. In addition, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F9/455G06F21/55
Inventor 李建欣王颖李博沃天宇
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com