Method and device for monitoring operating system behaviors

An operating system and behavior technology, applied in the computer field, can solve the problem that third-party security software cannot monitor the operating system, and achieve the effect of defending against malicious program attacks.

Inactive Publication Date: 2017-06-30
BEIJING QIHOO TECH CO LTD +1
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present application provides a method for monitoring the behavior of the operating system to solve the problem that the third-party security software cannot monitor the behavior of the operating system because the computer operating system prohibits third-party software from modifying the operating system kernel
[0007] The embodiment of the present application also provides a device for monitoring the behavior of the operating system, which is used to solve the problem that the third-party security software cannot monitor the behavior of the operating system because the computer operating system prohibits third-party software from modifying the operating system kernel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for monitoring operating system behaviors
  • Method and device for monitoring operating system behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] Embodiment 1 of the present application provides a method for monitoring the behavior of the operating system to solve the problem that third-party security software cannot monitor the behavior of the operating system because the computer operating system prohibits third-party software from modifying the operating system kernel. question.

[0026] The execution subject of the method for intercepting a system call provided in the embodiment of the present application may be, but not limited to, at least one of terminal devices such as a tablet computer and a personal computer (Personal Computer, PC). In addition, the subject of execution of the method may also be an application program installed on the terminal device.

[0027] For the convenience of description, the implementation of the method will be introduced below by taking the execution subject of the method as the protection program as an example. It can be understood that the fact that the execution subject of ...

Embodiment 2

[0053] Embodiment 2 of the present application provides a device for monitoring the behavior of the operating system, which is used to solve the problem that the third-party security software cannot monitor the behavior of the operating system because the computer operating system prohibits third-party software from modifying the operating system kernel. question. The specific structural diagram of the device is shown in figure 2 As shown, it includes: a predetermined response monitoring unit 21 , a virtual machine monitor generating unit 22 and an operating system operation behavior monitoring unit 23 .

[0054] Wherein, the predetermined response monitoring unit 21 is used to modify the operating system kernel of the computer, and determine whether the computer performing the modification operation has a predetermined response;

[0055] The virtual machine monitor generation unit 22 is configured to generate a virtual machine monitor by performing a hardware virtualization...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for monitoring operating system behaviors. The method is used for solving the problem that a computer operating system forbids modification operation conducted by third-party software on an operating system kernel and accordingly the third-party software cannot monitor the operating system behaviors. The method comprises the steps that modification operation is conducted on the operating system kernel, and whether predetermined response is produced by a computer undergoing modification operation or not is determined; when the predetermined response is produced by the computer, hardware virtualization operation is conducted on the computer operating system, a virtual machine monitor is generated, a mode switching request is sent to a central processing unit of the computer to make the central processing unit respond to the request, the computer operating system is switched to be in a virtual machine mode, and the computer operating system behaviors running in the virtual machine mode are monitored through the virtual machine monitor; when no predetermined response is produced by the computer, the computer operating system behaviors are monitored. The invention further discloses a device for monitoring operating system behaviors.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method and device for monitoring the behavior of an operating system. Background technique [0002] With the continuous development of Internet technology, computers are becoming more and more important in users' daily life. But there are also more and more malicious programs (such as computer viruses, backdoor programs, Trojan horses, spyware, and adware, etc.) attacking the computers used by users, threatening users' personal information (such as account information, identity information, etc.) ) security, which has greatly affected the use of the Internet by users. [0003] At present, more and more users choose to install third-party security defense software on personal computers (Personal Computer, PC), monitor the behavior of the computer operating system through the third-party security software, and monitor the behavior of the malicious operating system de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F11/30G06F11/32
CPCG06F11/301G06F11/323G06F21/566G06F2221/034
Inventor 潘剑锋
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap