Method and system for detecting Windows malicious programs on KVM virtualization platform

A virtualization platform and malicious program technology, applied in the field of computer virtualization and operating system security, can solve the problems of poor detection accuracy and weak confrontation of malicious programs, and achieve strong confrontation, improved security, and guaranteed stability Effect

Inactive Publication Date: 2019-10-22
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present application provides a method and system for detecting Windows malicious programs on a KVM virtualization platform, so as to solve the problems that detection methods in the prior art have weak resistance to malicious programs and poor detection accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting Windows malicious programs on KVM virtualization platform
  • Method and system for detecting Windows malicious programs on KVM virtualization platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] see figure 1 , figure 1 It is a schematic flowchart of a method for detecting Windows malicious programs on the KVM virtualization platform provided by the embodiment of the present application. Depend on figure 1 As can be seen, the method for detecting Windows malicious programs on the KVM virtualization platform in the present embodiment mainly includes the following steps:

[0062] S1: Use Libvmi technology to scan the process linked list and kernel module linked list in the memory of the Windows virtual machine to obtain any program in the Windows virtual machine process linked list and kernel module linked list, as well as the disk file path corresponding to the Windows virtual machine process. Wherein, the Windows virtual machine process matches any program, and the process is a program running in the system, and once the program is running, it is a process.

[0063] Libvmi technology is used by the KVM host to monitor the running underlying virtual machine. L...

Embodiment 2

[0105] exist figure 1 On the basis of the illustrated embodiment see figure 2 , figure 2 It is a schematic structural diagram of a system for detecting Windows malicious programs on a KVM virtualization platform provided by an embodiment of the present application. Depend on figure 2 It can be seen that the system for detecting Windows malicious programs on the KVM virtualization platform in this embodiment mainly includes three parts: a scanning module, a digital signature verification module and a disk file comparison module. The system is set on the KVM host machine. Among them, the scanning module is used to scan the process linked list and kernel module linked list in the Windows virtual machine memory by using Libvmi technology, and obtain any program in the Windows virtual machine process linked list and the kernel module linked list, as well as the disk file path corresponding to the Windows virtual machine process , where the Windows virtual machine process mat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for detecting a Windows malicious program on a KVM virtualization platform. The method comprises: adopting a Libvmi technology to scan a process linked listand a kernel module linked list in a Windows virtual machine memory, and obtaining any program in the Windows virtual machine process linked list and the kernel module linked list and a disk file path corresponding to a Windows virtual machine process; performing digital signature verification on any program on the KVM host machine; when the digital signature of any program is qualified, judgingwhether the memory image of the Windows virtual machine process is consistent with the disk file content corresponding to the Windows virtual machine process or not on the KVM host machine; and if so,determining that any program is a legal program, otherwise, determining that the program is a malicious program. The system comprises a scanning module, a digital signature verification module and adisk file comparison module. According to the method and the device, the resistance to the malicious programs and the accuracy of malicious program detection can be greatly improved, so that the safety and stability of a virtual machine system are improved.

Description

technical field [0001] The present application relates to the technical field of computer virtualization and operating system security, in particular to a method and system for detecting Windows malicious programs on a KVM virtualization platform. Background technique [0002] With the development of technologies such as cloud computing and big data, the requirements for the stability and security of cloud hosts and servers are also getting higher and higher. Once malicious programs such as viruses, Trojan horses, and worms invade the host operating system, they will cause serious damage to the operating system itself and the services and data running on the operating system. Especially for the KVM virtualization platform commonly used in data centers at present, there are a large number of Windows virtual machines on the KVM virtualization platform. In order to prevent the Windows system from being attacked by malicious programs, it is very important to detect whether there...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F9/455
CPCG06F9/45558G06F21/564G06F21/565G06F2009/45587G06F2221/033
Inventor 邢希双
Owner INSPUR SUZHOU INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap