Unlock instant, AI-driven research and patent intelligence for your innovation.

Adversarial method and device for virtual machine detection and computer readable storage medium

A virtual machine and object technology, applied in the Internet field, can solve the problem of low detection accuracy of malicious samples, and achieve the effect of improving accuracy

Active Publication Date: 2020-05-22
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This application provides a countermeasure method, device and computer-readable storage medium for virtual machine detection, which can solve the problem of low detection accuracy of malicious samples

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial method and device for virtual machine detection and computer readable storage medium
  • Adversarial method and device for virtual machine detection and computer readable storage medium
  • Adversarial method and device for virtual machine detection and computer readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the purpose, technical solution and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.

[0045] figure 1 It is a schematic structural diagram of a terminal involved in the countermeasure method for virtual machine detection provided by the embodiment of the present application. The terminal 500 supports virtualization, so that an operating system (physical machine system) and at least one virtual machine run on the terminal. The at least Each virtual machine in a virtual machine corresponds to a virtual machine system.

[0046] Such as figure 1 As shown, the terminal 500 includes: a processor 501 and a memory 502 , and the processor 501 and the memory 502 are connected through a bus 517 .

[0047]The processor 501 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the lik...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an adversarial method and device for virtual machine detection and a computer readable storage medium, and belongs to the technical field of the Internet. The method comprisesthe following steps: receiving a remote procedure call (RPC) operation request for indicating to call a target function; performing hooking operation on the target function to obtain operation parameters carried by the RPC operation request; when the type of the RPC operation request indicated by the operation parameter is a query request, an interface called by the RPC operation request indicatedby the operation parameter is an interface required to be called when a query request is initiated through a Windows Management Specification (WMI) interface, and the connection target object requested by the RPC operation request indicated by the operation parameter is the object requested by the port with the direction, forbidding to execute the operation requested by the RPC operation request.According to the invention, the problem of relatively low detection accuracy of malicious samples is solved. The method is used for detecting the virtual machine system by the adversarial sample.

Description

technical field [0001] The present application relates to the technical field of the Internet, and in particular to a countermeasure method, device and computer-readable storage medium for virtual machine detection. Background technique [0002] With the development of Internet technology, various malicious samples emerge in endlessly. In order to ensure the stable operation of the operating system, it is of great significance to detect malicious samples. Wherein, a sample refers to a file or script that can be executed in the operating system, and a malicious sample refers to a sample that affects the normal operation of the operating system. [0003] In related technologies, samples are usually detected in a virtual machine system, and whether the sample is a malicious sample is judged by executing the sample in the virtual machine system and according to the behavior generated after the sample is executed. However, developers of malicious samples usually add virtual mach...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53G06F9/54
CPCG06F21/53G06F9/547
Inventor 曹有理许天胜谭昱杨耀荣沈江波
Owner TENCENT TECH (SHENZHEN) CO LTD