Tracking method and device for Linux application layer to monitor process generation and process behavior in real time

A real-time monitoring and application layer technology, applied in the computer field, can solve problems such as impossibility, low tolerance, system crash, etc., and achieve the effect of avoiding delay and inaccuracy, high fault tolerance rate, and easy security behavior analysis

Inactive Publication Date: 2022-01-21
罗强
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 2. Due to the involvement of the Linux kernel, as long as a little error occurs, the entire system will crash, and it is impossible to use
The Linux kernel's tolerance for errors is very low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Tracking method and device for Linux application layer to monitor process generation and process behavior in real time
  • Tracking method and device for Linux application layer to monitor process generation and process behavior in real time

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0030] The present invention provides a technical solution: a method for tracking process generation and process behavior of the Linux application layer real-time monitoring process, comprising the following steps:

[0031] S1. Based on the netlink socker technology of the Linux system, establish the connection between the application layer and the kernel layer;

[0032] S2. On the basis of netlink socker communication, use cn_proc to obtain process-related ev...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of computers, and discloses a tracking method for a Linux application layer to monitor process generation and process behaviors in real time. The method comprises the following steps: S1, establishing a relation between the application layer and a kernel layer based on a netlink socker technology of a Linux system; S2, on the basis of netlink socker communication, obtaining events related to the process in the whole Linux system a through cn_proc, wherein process generation time exists, and then a newly-generated process PID can be obtained; and S3, then by using a ptrace technology provided by the Linux system, tracking, monitoring and specifying the newly generated process PID. According to the application layer process monitoring method, the error-tolerant rate is very high, even if the program crashes due to the internal running error of the program, the whole system crashes, the application layer monitoring process uses a connector mechanism provided by a Linux kernel, and the generation of the Linux process can be obtained by driving ten pieces through cn_proc in real time, and then the conditions of delay and inaccuracy caused by acquiring the generation condition of the Linux process by reading a / proc / PID catalog are avoided.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and a device for tracking process generation and process behavior of a Linux application layer in real time. Background technique [0002] Linux has become the mainstream system under the current hardware server. With the widespread application of the Linux system, hackers exploit the vulnerabilities of the Linux system itself and various software under the system to obtain the highest authority of the server host, thereby occupying the host. [0003] In the Linux environment, regardless of hacking, or the operation of malicious viruses / trojan horses and other software, all behaviors rely on the program as a medium to run the behavioral logic. Then, as long as all programs under Linux are recorded from the perspective of an "observer", the recording sequence and corresponding call parameters of all system calls of the program, and the analysis is added to know the beh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/34
CPCG06F11/3466G06F11/3438
Inventor 罗强
Owner 罗强
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap