Method and device for detecting hidden processes in a virtual machine

A technology of hiding processes and detection methods, applied in the direction of platform integrity maintenance, etc., can solve problems such as undetectable kernel object attacks

Active Publication Date: 2018-06-12
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the prior art, the kernel data structure of the Linux operating system is analyzed, the user view projection technology is adopted, and the trusted view of the client is obtained by traversing the semantically reconstructed process control block, and compared with the process list obtained by the internal agent program, Determine if there are hidden processes, this method has the problem of not being able to detect attacks against kernel objects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting hidden processes in a virtual machine
  • Method and device for detecting hidden processes in a virtual machine
  • Method and device for detecting hidden processes in a virtual machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0069] figure 1 A flowchart of a method for detecting hidden processes in a virtual machine according to an embodiment of the present invention is shown. Such as figure 1 As shown, the method includes:

[0070] Step S110, intercepting the process exit event in the specified virtual machine, and intercepting the process creation event in the specified virtual machine.

[0071] Step S120, according to the intercepted process exit ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a hidden process in a virtual machine, wherein the method includes: intercepting a process exit event in a specified virtual machine, and intercepting a process creation event in the specified virtual machine; according to the intercepted specified Process exit and process creation events in the virtual machine, maintaining a trusted process list that records the real running process in the specified virtual machine; by traversing the relevant data structures that record the process information in the specified virtual machine, obtain the recorded One or more untrusted process lists of the processes in the specified virtual machine; by comparing the trusted process list and the untrusted process list, the hidden process in the specified virtual machine is determined. Compared with the prior art, the technical solution provided by the present invention is more comprehensive and effective in detection, especially capable of detecting attacks on kernel objects, and meets the common needs of cloud service providers and users.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for detecting hidden processes in a virtual machine. Background technique [0002] Virtualization technology realizes the virtualization of computing, storage, network and other IT resources, and is the basis for the rapid development of the cloud computing industry. Virtual Machine (Virtual Machine) is the most basic form of service provided by the cloud environment. Cloud service providers provide individual and organizational users with a single virtual machine or a virtual network composed of multiple virtual machines to meet the needs of users for easy maintenance, Requirements for highly available elastic cloud services. In a virtualized environment, services are provided to users in the form of virtual machines, and cloud service providers can only use interfaces such as Libvirt to obtain resource allocation and usage information such as CPU, memory,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 罗凯
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap