Virtual machine security monitoring method

A virtual machine monitor and security monitoring technology, which is applied in hardware monitoring, program control design, program control devices, etc., can solve problems such as user inability to perceive, system program stuck, and system resource occupation, so as to ensure safe and efficient operation, Improve efficiency and solve the effect of occupying too much memory

Inactive Publication Date: 2017-06-13
GUANGZHOU KAIYAO ASSET MANAGEMENT CO LTD
6 Cites 2 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0003] However, some existing services and applications usually do not automatically exit the process after execution, and these processes still occupy a large amount of system resources, and users often cannot perceive it until the system or program freezes or even crashes.
The ex...
View more

Method used

As a kind of implementation mode, the safety strategy in step S2 is specifically: the data of normal process in the system is set up limited automatic state machine, uses system call related function as state, then the data packet of detected process is monitored, Compare its system call-related functions with the state in the finite state machine, if they match, the current process is safe, otherwise the current process has been infected. The finite automatic state machine has a finite number of states, and each state can transition to zero or more states, and the input string determines which state transition to execute. By establishing a limited automatic state machine for the data of normal processes in the system, effective monitoring of data packets is realized.
[0026] Since the virtual machine network system is configured with a security policy, it overcomes the single monitoring method of the traditional virtual machine system and has higher security performance. Moreover, the security poli...
View more

Abstract

The invention relates to the technical field of server virtualization and virtual machine monitoring, in particular to a virtual machine security monitoring method. The method comprises the steps of S1, deploying operating parameters of a virtual machine network, wherein the virtual machine network comprises a virtual machine system and an external network, and the virtual machine system comprises a virtual machine monitor and at least one virtual machine; S2, deploying a safety monitoring strategy of the virtual machine monitor; S3, capturing a data package of communication among the virtual machine or between the virtual machine and the external network; S4, analyzing the data package, conducting safety control on the corresponding virtual machine according to the safety monitoring strategy, and displaying a monitoring process and result on a client-side page. According to the virtual machine security monitoring method, the problems of system jam caused by over-large occupy memory and the like of the virtual machine are solved; a method of combining internal monitoring and external monitoring is adopted, the monitoring efficiency of the virtual machine is improved, and safe and efficient operation of the virtual machine system is ensured.

Application Domain

Hardware monitoringSoftware simulation/interpretation/emulation

Technology Topic

VirtualizationClient-side +5

Image

  • Virtual machine security monitoring method

Examples

  • Experimental program(1)

Example Embodiment

[0019] Hereinafter, exemplary embodiments disclosed in the present invention will be described in more detail with reference to the accompanying drawings. Although the drawings show exemplary embodiments of the present disclosure, it should be understood that the present disclosure may be implemented in various forms and should not be limited by the embodiments set forth herein. On the contrary, these embodiments are provided to enable a thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
[0020] Such as figure 1 As shown, the system structure diagram corresponding to the virtual machine security monitoring method of the present invention is shown. The virtual machine network includes: external network, hardware layer, operating system layer, and virtual machine layer; the virtual machine system is composed of hardware layer, operating system layer, and virtual machine layer; the virtual machine system is connected to the external network; the operating system runs with virtual In the machine monitor, there are multiple virtual machines running in the virtual machine layer.
[0021] Corresponding to the virtual machine network system, a virtual machine security monitoring method is provided, which includes the following steps:
[0022] S1. Configure operating parameters of a virtual machine network, where the virtual machine network includes a virtual machine system and an external network; the virtual machine system includes a virtual machine monitor and at least one virtual machine;
[0023] S2, configure the security monitoring strategy of the virtual machine monitor;
[0024] S3, capture data packets communicated between virtual machines or between virtual machines and external networks;
[0025] S4: Parse the data packet, perform security control on the corresponding virtual machine according to the security monitoring policy, and display the monitoring process and results on the client page.
[0026] Because the virtual machine network system is configured with a security strategy, it overcomes the single monitoring method of the traditional virtual machine system and has higher security performance. And the security policy can be adjusted dynamically, which is more flexible. At the same time, artificial intelligence algorithms such as neural networks can also be used for training and optimization. It should be noted that the above-mentioned security policies all provide different kinds of optimization methods, and one or more of them can be used in the present invention.
[0027] As an implementation manner, the security policy in step S2 is specifically: establishing an intrusion detection domain, setting a policy module, and configuring multiple security policies in the policy module, the policy module is connected to the policy framework, and the policy framework is used for Respond to the request of the operating system interface. The strategy module contains a strategy library, strategy decision points and strategy execution points. The policy decision point is used to respond to policy events and lock the corresponding policy rules; complete the status and resource validity check; convert the policy rules stored in the policy library into a format executable by the device. The policy enforcement points are distributed on various network nodes, and are responsible for executing corresponding policy management operations according to the policies received from the policy decision points, and at the same time reporting the results of the policy execution to the policy decision points. Among them, the strategy is divided into two ways, outsourcing and supply.
[0028] As an implementation manner, step S3 specifically includes: using the network counter group to monitor the data packets of the virtual switch port; in the virtual switch stack, check and check the data packets communicated between virtual machines or between virtual machines and external networks. capture.
[0029] As an implementation manner, the monitoring is specifically a monitoring method that combines internal monitoring based on the security drive of the virtual machine kernel and external monitoring based on the monitoring points in the virtual machine manager. The internal and external monitoring method specifically includes: starting an external monitoring program, and the external monitoring program starts the automation program; the external monitoring program monitors the automation program; the automation program starts the internal monitoring program and executes Thread; the execution thread is monitored by the internal monitoring program.
[0030] As an implementation manner, a hook mechanism is used to capture the data packet; specifically: creating a global hook, adding the global hook to a global shared data variable, and creating a hook executable program to capture the data packet. The monitoring unit can grab the data packets in the monitor kernel network stack through the hook mechanism. For example, the open source virtualization software based on the Linux kernel open source virtualization platform has its own hook mechanism, such as Xen and KVM. Hook mechanism based on Netfilter. Therefore, the method can be applied to a variety of Kaiyuan virtualization software, and the process of capturing data packets can be performed in a loop.
[0031] As an implementation manner, the security control in step S4 is specifically one or more of memory protection, kernel code protection, and access control. In the above security control process, a shadow page can be established to confuse the attack code and direct malicious operations to the shadow page when the malicious code attacks the system, effectively avoiding malicious tampering and copying of the normal running code.
[0032] As an implementation mode, the security policy in step S2 is specifically as follows: establish a finite automatic state machine for the data of the normal process in the system, use the system to call the related function as the state, and then monitor the data packets of the detected process, and set the system Call the related function to compare with the state in the finite state machine, if it matches, the current process is safe, otherwise the current process has been infected. The finite automatic state machine has a limited number of states, and each state can be transitioned to zero or more states. The input string determines which state to perform the transition. By establishing a finite automatic state machine for the data of the normal process in the system, the effective monitoring of data packets is realized.
[0033] The present invention is used to manage the virtual machine by establishing a security strategy associated with the virtual machine system, which effectively solves the problems of the virtual machine occupying too much memory and causing the system to jam; and it is equipped with multiple security strategies and establishes a hook mechanism The data packets of the virtual machine are captured, and the monitoring method that combines internal monitoring and external monitoring is adopted, which greatly improves the efficiency of virtual machine monitoring and ensures the safe and efficient operation of the virtual machine system.
[0034] Although the embodiments of the present invention have been described above, it should be understood that they are presented by way of example only and not limitation. Therefore, the width and scope of the preferred embodiment should not be limited by any of the exemplary embodiments described above, but should only be defined according to the following claims and their equivalents.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Systems and methods for notifying multiple hosts from an industrial controller

ActiveUS8150959B1reusable block of code very difficultimprove efficiency
Owner:ROCKWELL AUTOMATION TECH

Hybrid OLED having improved efficiency

InactiveUS20080284317A1improve efficiency
Owner:GLOBAL OLED TECH

MIMO-OFDM transmitter

InactiveUS20070253504A1improve efficiencyreduce time
Owner:FUJITSU LTD

Classification and recommendation of technical efficacy words

  • Improve efficiency
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products