Method for establishing virtual machine countermeasure technology based on hardware virtualization technology

A technology of hardware virtualization and establishment method, applied in computer security devices, instruments, electrical digital data processing and other directions, can solve the problem of inability to fight against anti-virtual machines

Inactive Publication Date: 2017-07-07
XINGHUA YONGHENG BEIJING TECH CO LTD
View PDF12 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most software security vendors at home and abroad cannot fight against anti-virtual machines during the sandbox analysis of samples.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for establishing virtual machine countermeasure technology based on hardware virtualization technology
  • Method for establishing virtual machine countermeasure technology based on hardware virtualization technology
  • Method for establishing virtual machine countermeasure technology based on hardware virtualization technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The present invention utilizes hardware virtualization technology to realize monitoring, hijacking and virtual execution of key instructions of a virtual host in a virtual machine-based manner, so as to monitor and deceive malicious codes, thereby gaining the initiative in virtual machine attack and defense confrontation.

[0038] see figure 1 , is a schematic flow chart of the present invention. The present invention is a method for establishing a virtual machine confrontation technology based on hardware virtualization technology, and its specific process steps are as follows:

[0039] Step 101: Enable CPU hardware virtualization feature support in the virtual machine software. Depending on the manufacturer of the CPU, enable Intel VT-x or AMD-V. This patent takes the CPU generated by Intel as an example, and the protection right is not limited to the CPU.

[0040] Step 102: Load the driver for starting hardware virtualization, and then enter the host mode (Host mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for establishing a virtual machine countermeasure technology based on a hardware virtualization technology. The method comprises the following steps of 1, enabling CPU hardware virtualization characteristic support in a virtual machine; 2, loading a driver program to enter a Host mode; 3, taking over all input output operations and MSR (Model Specific Register) operations, and intercepting all instructions capable of generating VM Exit; 4, performing environment setting for the instructions; 5, running a monitored program; 6, when a VM Exit generation event occurs, in combination with environment information analysis, judging whether an anti-virtual machine behavior exists or not; 7, continuing to monitor a behavior of a sample until the end; and 8, outputting a final analysis result. Through the steps, monitoring of a privileged instruction is finished, an anti-virtual machine technology countermeasure method for malicious codes, which cannot be realized in a conventional method, is realized, the integrity of the sample is not destroyed, and detection is not bypassed by the malicious codes, so that the actual problem of anti-virtual machine technology countermeasure of the malicious codes is solved.

Description

[0001] 1. Technical field [0002] The invention provides a method for establishing a virtual machine countermeasure technology based on hardware virtualization technology, which relates to the virtual machine countermeasure technology in computer security, and belongs to the technical field of information security. [0003] 2. Background technology [0004] With the popularization of electronic equipment and the continuous development of computer technology, the entire society's dependence on the Internet and computers continues to grow. At this time, information security has become an issue that cannot be ignored. However, the mainstream automatic virus vulnerability analysis programs now run on virtual machines. or in the sandbox. In order to avoid the detection of the virtual machine, the malicious program uses its own dormancy technology, virtual machine detection technology, calling garbage instructions and other technologies to interfere with the detection engine. Once ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52G06F21/56
CPCG06F21/52G06F21/561G06F21/566
Inventor 何永强蒋浩天李骏杰闫永军
Owner XINGHUA YONGHENG BEIJING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap