A virtual machine malicious software behavior detection method and system

A technology of malware and detection method, applied in the field of computer security, can solve the problems of high resource consumption, poor detection effect, time-consuming and labor-intensive, etc.

Active Publication Date: 2019-04-09
INST OF INFORMATION ENG CAS
View PDF13 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to overcome the problems of time-consuming, labor-intensive, large resource consumption and poor detection effect of the above-mentioned existing virtual machine malware behavior detection methods, or at least partially solve the above problems, embodiments of the present invention provide a virtual machine malware behavior detection method and system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A virtual machine malicious software behavior detection method and system
  • A virtual machine malicious software behavior detection method and system
  • A virtual machine malicious software behavior detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0027] In one embodiment of the present invention, a virtual machine malware behavior detection method is provided, figure 1 It is a schematic diagram of the overall flow of the virtual machine malware behavior detection method provided by the embodiment of the present invention, the method includes: S101, based on the virtual machine...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a virtual machine malicious software behavior detection method and system, and the method comprises the steps: carrying out the interaction with a target virtual machine based on a virtual machine monitor of a host machine where the target virtual machine is located, and obtaining the internal state information of the target virtual machine through a virtual machine self-provincial method; Reconstructing the internal state information according to a software basic structure knowledge base in a memory evidence obtaining framework, and obtaining a high-level data structure of the internal state information; And according to the advanced data structure, detecting malicious software behaviors in the target virtual machine. According to the embodiment ofthe invention, the detection of the malicious software behavior is more accurate and comprehensive, the abnormal behavior can be processed in a targeted manner, the security of the target virtual machine is ensured, the influence on the performance of the virtual machine is greatly reduced, and the detection of the malicious software behavior is realized on the premise of no perception.

Description

technical field [0001] Embodiments of the present invention belong to the technical field of computer security, and more specifically, relate to a virtual machine malware behavior detection method and system. Background technique [0002] With the development of virtualization technology, many physical resources including computing, network and storage have been fully utilized, and the subsequent security issues have attracted widespread attention. Among them, a very important security risk is that there may be malicious software on the virtual machine. A typical example of malware is a kernel rootkit. Kernel rootkits mostly exist in the memory and are concealed and destructive. They hide their traces in the system by hooking or modifying some data structures. They seldom leave traces on hardware resources such as disks, and then communicate to them through various network connections. An attacker outside the system provides private information about the victim machine. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/56
CPCG06F9/45558G06F21/566G06F2009/45587
Inventor 涂碧波谭曦张坤
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap