Container-based malicious code detection sandbox system and detection method

A malicious code detection and container technology, which is applied in the field of information security, can solve the problems of slow startup speed of virtual machines, large system resource consumption, and insufficient practicability, achieving both security and operating efficiency, low system resource consumption, and improved practicality. sexual effect

Inactive Publication Date: 2018-02-09
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF6 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The sandbox based on virtualization technology relies on a complete virtual machine, resulting in large

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container-based malicious code detection sandbox system and detection method
  • Container-based malicious code detection sandbox system and detection method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0041] The present invention will be described in detail below with reference to the drawings and through specific embodiments. The following embodiments are for explaining the present invention, and the present invention is not limited to the following embodiments.

[0042] Such as figure 1 As shown, a container-based malicious code detection sandbox system provided by an embodiment of the present invention includes a host system, a malicious behavior analysis engine, a container management system, and several containers;

[0043] The host system is used to manage and run the container, intercept and filter system calls during the running of the container, and send system call operation information to the malicious behavior analysis engine;

[0044] Malicious behavior analysis engine, used to receive the container system call information intercepted by the host system, and perform malicious behavior analysis to generate an analysis report;

[0045] The container management system runs...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a container-based malicious code detection sandbox system and detection method. The method is characterized by comprising the following steps that malicious code detection forsuspicious programs is initiated; a container management system selects container mirror images to configure containers; the container management system starts the containers and triggers starting orexecutive operations of the suspicious programs in the containers; the system calls a Hook kernel module to intercept system call of the containers and sends system call information to a malicious behavior analysis engine; the malicious behavior analysis engine performs modeling and analysis on the suspicious programs through the system call information of the containers to generate an analysis report, judges whether the programs contain malicious codes or not, updates a malicious code sample database and notifies a host system; and the host system determines whether running of the containersis stopped or not according to an analysis result of the malicious behavior analysis engine, and clears running data.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a container-based malicious code detection sandbox system and detection method. Background technique [0002] In recent years, malicious software has used a large number of code protection mechanisms such as multiple encryption shells, driver-associated shells, and deformation shells, as well as new technologies such as polymorphism and deformation, which have seriously challenged traditional malicious code static analysis techniques. The dynamic behavior analysis technology based on sandbox technology has become an effective method to identify unknown malicious code and fight against advanced persistent threats (APT). [0003] Existing sandbox technologies are generally divided into two types: [0004] One is a sandbox based on Hook technology. Hook the kernel filter driver and DLL injection to intercept the operations of suspicious programs on system ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/53G06F21/56G06F9/455
CPCG06F9/45558G06F21/53G06F21/566G06F2009/45587G06F2221/034
Inventor 陈煜文
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap