Threat intelligence response and disposal method and system based on virtual machine introspection

A processing method and virtual machine technology, applied in the information field, can solve problems such as security software attacks, poor protection efficiency, and high maintenance costs, and achieve fine-grained detection, easy maintenance, and high efficiency
CN107608752AActive Publication Date: 2018-01-19INST OF INFORMATION ENG CAS
5 Cites 4 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
INST OF INFORMATION ENG CAS
Publication Date
2018-01-19

Smart Images

  • Figure 1
    Figure 1
Patent Text Reader

Abstract

The invention relates to a threat intelligence response and disposal method and system based on virtual machine introspection. A threat detection and response module is deployed on a privilege virtualmachine except a detected virtual machine; a virtual machine introspection technology is used for obtaining a port number-transmission layer network protocol-process corresponding relationship in thedetected virtual machine which carries out network communication; the network data package of virtual machine communication is captured and analyzed; a network threat intelligence database is used for judging whether the data package has threats or not; and if the data package has threats, a thread alarm is given, and the obtained corresponding relationship is used for positioning and threateningthe virtual machine process of thread source communication so as to block the process or the port and the like. By use of the method and the system, the threat detection and response module is deployed on the outer part of the detected virtual machine, the detection and response module is effectively protected, meanwhile, process-level network threat detection and response can be finished, existing cloud architecture does not need to be changed, and the method and the system can be conveniently applied to a server of a cloud service provider.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of information technology, in particular to a threat intelligence response and processing method and system based on virtual machine introspection. Background technique

[0002] With the rapid development of cloud computing, there are more and more network attacks against enterprise server virtual machines, which have brought huge losses to cloud computing service providers and users. In order to detect and respond to network threats and reduce the harm caused by network attacks, there are two commonly used methods at this stage: installing security protection software in virtual machines; deploying security protection software on LANs. These methods maintain the security of the virtual machine system to a certain extent, but they are not perfect, mainly in the following aspects:

[0003] (1) Install the security protection software in the virtual machine, and install the software and configure the security policy fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More