Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Virtual machine hidden process detection method and system

A technology of hidden process and detection method, which is applied in the field of virtual machine hidden process detection, can solve the problems of detection comprehensiveness and accuracy limitation, and achieve the effect of improving comprehensiveness and accuracy, and efficient hidden process detection

Inactive Publication Date: 2018-08-24
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (2) Limitation of testing comprehensiveness and accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine hidden process detection method and system
  • Virtual machine hidden process detection method and system
  • Virtual machine hidden process detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0050] Any feature disclosed in this specification (including the abstract and drawings), unless specifically stated, can be replaced by other equivalent or similar purpose alternative features. That is, unless expressly stated otherwise, each feature is one example only of a series of equivalent or similar features.

[0051] Such as figure 1 and figure 2 As shown, a virtual machine hidden process detection method, the specific method is: obtain the user state process view, the kernel view based on the process linked list and the trusted kernel state process view based on CPU scheduling Figure t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a virtual machine hidden process detection method and system. By obtaining three views including a user mode process view, a process link table-based kernel view and a CPU scheduling-based trusted kernel mode process view, cross comparison is performed to realize effective detection of a virtual machine hidden process. By implementing the method and the system, a Hypervisordoes not need to be re-compiled and loaded, own businesses of a cloud platform tenant are not influenced, behaviors of performing direct modification for a kernel object to hide an own process and thelike can be effectively detected, and the comprehensiveness, accuracy and high efficiency of virtual machine hidden process detection are further improved.

Description

technical field [0001] The invention relates to a virtual machine hidden process detection method, which is suitable for the field of network security. Background technique [0002] Now the virus and Trojan horses are no longer purely for the purpose of destroying the user's system, but more of stealthily collecting user data in the system and stealing user privacy information to make money. In order to hide in the system for a long time without being discovered by users and anti-virus software, malware often hides its own behavior to evade the detection of security monitoring programs, among which hiding its own process is one of the most basic functions. For this type of malware, the primary requirement is to hide itself and ensure its survival. It allows itself to lurk in the target host for a long time, stealing information without being noticed, thus causing greater harm. With the rapid development of cloud computing, how to effectively detect hidden processes in virtu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/455G06F21/53
CPCG06F9/45558G06F21/53G06F2009/45591G06F2221/034
Inventor 马晓旭张玲饶志宏牛长喜陈佳昕金鑫
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com