Method and device for detecting parasitic process in virtual machine

A virtual machine and process technology, applied in the computer field, can solve problems such as lack of versatility and inability to detect real-time performance, and achieve high real-time performance

Active Publication Date: 2015-06-17
BEIJING QIHOO TECH CO LTD
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Malicious code injection will lead to some abnormal behaviors of the process. However, the way, content, and location of code injection will continue to change with the development of technology. And its variants appear in large numbers every day to meet the needs of real-time detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting parasitic process in virtual machine
  • Method and device for detecting parasitic process in virtual machine
  • Method and device for detecting parasitic process in virtual machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0065] figure 1 A method for detecting parasitic processes in a virtual machine according to an embodiment of the present invention is shown. Such as figure 1 As shown, the method includes:

[0066] Step S110, determining one or more processes in the specified virtual machine as target processes.

[0067] Step S120, for each target process, reconstruct the process management structure of the target process inside the specified v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for detecting a parasitic process in a virtual machine. The method for detecting the parasitic process in the virtual machine comprises the following steps: determining one or multiple processes in a designated virtual machine as target processes; for each target process, reconstructing a process management structure of the target process, inside the designated virtual machine, of the target process outside the designated virtual machine; by analyzing the reconstructed process management structure, determining whether the target process is a parasitic process in which a malicious code or a malicious dynamic link library DLL is injected. According to the technical scheme provided by the invention, the process management structure of the target process inside the designated virtual machine is reconstructed according to behavioural characteristics of malicious software parasitic in a process, and whether the process operating in the virtual machine becomes the parasitic process of the malicious software is comprehensively judged by analyzing the reconstructed process management structure. Compared with the prior art, the detection scheme has high instantaneity, flexibility, universality and accuracy, and the joint demand of a cloud service supplier and a user is met.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for detecting parasitic processes in a virtual machine. Background technique [0002] Virtualization technology realizes the virtualization of computing, storage, network and other IT resources, and is the basis for the rapid development of the cloud computing industry. Virtual Machine (Virtual Machine) is the most basic form of service provided by the cloud environment. Cloud service providers provide individual and organizational users with a single virtual machine or a virtual network composed of multiple virtual machines to meet the needs of users for easy maintenance, Requirements for highly available elastic cloud services. In a virtualized environment, services are provided to users in the form of virtual machines, and cloud service providers can only use interfaces such as Libvirt to obtain resource allocation and usage information such as CPU, memo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455
Inventor 罗凯
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap