Hidden process detecting method and hidden process detecting device in virtual machine

A technology that hides processes and detection methods. It is applied in the direction of platform integrity maintenance, and can solve problems such as inability to detect kernel object attacks.

Active Publication Date: 2015-06-17
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the prior art, the kernel data structure of the Linux operating system is analyzed, the user view projection technology is adopted, and the trusted view of the client is obtained by traversing the semantically reconstructed process control block, and compared with the process list obtained by the internal agent program, Determine if there are hidden processes, this method has the problem of not being able to detect attacks against kernel objects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hidden process detecting method and hidden process detecting device in virtual machine
  • Hidden process detecting method and hidden process detecting device in virtual machine
  • Hidden process detecting method and hidden process detecting device in virtual machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0069] figure 1 A flowchart of a method for detecting hidden processes in a virtual machine according to an embodiment of the present invention is shown. like figure 1 As shown, the method includes:

[0070] Step S110, intercepting the process exit event in the specified virtual machine, and intercepting the process creation event in the specified virtual machine.

[0071] Step S120, according to the intercepted process exit and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a hidden process detecting method in a virtual machine, wherein the method comprises the following steps: capturing a process exit event in a determined virtual machine and capturing a process establishing event in the determined virtual machine; according to the process exit event and the process establishing event in the determined virtual machine, maintaining a trusted process list for determining a true operation process in the virtual machine; traversing an associated data structure which is recorded with process information in the determined virtual machine to obtain one or more un-trusted progress lists for recording the process in the determined virtual machine; and comparing the trusted process list with the un-trusted progress list to judge the hidden process in the determined virtual machine. Compared with the prior art, the technical scheme provided by the invention is relatively comprehensive and effective in detection, and can especially detect a kernel object attack problem, and meets the common needs of a cloud service provider and a user.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for detecting hidden processes in a virtual machine. Background technique [0002] Virtualization technology realizes the virtualization of computing, storage, network and other IT resources, and is the basis for the rapid development of the cloud computing industry. Virtual Machine (Virtual Machine) is the most basic form of service provided by the cloud environment. Cloud service providers provide individual and organizational users with a single virtual machine or a virtual network composed of multiple virtual machines to meet the needs of users for easy maintenance, Requirements for highly available elastic cloud services. In a virtualized environment, services are provided to users in the form of virtual machines, and cloud service providers can only use interfaces such as Libvirt to obtain resource allocation and usage information such as CPU, memory,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 罗凯
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap