Honey pot mechanism and method used for collecting and intercepting internal storage behaviors of computer

A computer and honeypot technology, applied in computer security devices, calculations, instruments, etc.

Inactive Publication Date: 2014-09-03
NANJING UNIV
View PDF2 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the deficiencies of the prior art in the field of computer monitoring, the present invention provides a honeypot mechanism and method for collecting and intercepting computer memory behaviors, adopting the basic idea of ​​honeypots to deploy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Honey pot mechanism and method used for collecting and intercepting internal storage behaviors of computer
  • Honey pot mechanism and method used for collecting and intercepting internal storage behaviors of computer
  • Honey pot mechanism and method used for collecting and intercepting internal storage behaviors of computer

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] figure 1 Shown is a schematic structural diagram of the present invention, including a honeypot module, a honeypot recording module, an introspection module, a control module and a memory virtualization module.

[0063] This embodiment adopts the hardware virtualization technology, wherein the memory virtualization module uses the EPT technology in Intel VT to control the conversion from the client physical memory space to the real physical memory space. In order to independently control the write permissions in each CPU during the running phase, the memory virtualization module establishes a secondary conversion page table equal to the number of CPUs, and configures the EPTP pointer in each CPU as the PML4 page address of each page table. The memory virtualization module maps guest physical addresses to the same real physical addresses. So that after the memory virtualization module is turned off, the guest virtual machine can still run normally. The memory virtualiz...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a honey pot mechanism and method used for collecting and intercepting internal storage behaviors of a computer. The mechanism comprises an internal storage virtualization module, a honey pot module, an introspection module, a control module and a honey pot recording module; the mechanism is based on the internal storage virtualization technology, supports the SMP structure, can deploy a lightweight virtual machine when an operating system operates, and monitors the internal storage behaviors in a honey pot; the mechanism can also serve as a submodule of other virtual machines to achieve the same functions; the honey pot monitors the accurate amendment situations of each course of multiple kernels on the key area of an internal storage when the operating system operates, the amendment situations are represented by a bitmap, at the same time, the introspection module collects related detailed course information and the state when the course completely operates at that time, and all records are centralized in the honey pot recording module. On the basis of the event-driven mode, any codes of the operating system of an object are not amended, and compared with existing instruction-level monitoring, the performance losses are low, the flexibility is high, and the method is applicable to real-time evidence obtaining and dynamic analysis.

Description

technical field [0001] The invention relates to a mechanism in the field of computer behavior monitoring, in particular to a honeypot mechanism and method for collecting and intercepting computer memory behavior. Background technique [0002] Honeypot technology is divided into high-interaction honeypots and low-interaction honeypots according to the degree of interaction. Low-interaction honeypots deploy honeypots by simulating operating systems and network services. Although the deployment is simple, due to the limited degree of simulation, the information obtained is insufficient and easy Be seen through. The high-interaction honeypot provides a completely real operating system and network services, and can obtain very rich attack information, but the potential risks and the difficulty of deployment are very high. At present, high-interaction honeypots can be implemented through virtualization technology to observe the state changes in the honeypot. This involves the dy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/53G06F21/552
Inventor 伏晓程盈心骆斌杨瑞阮豪
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap