CN104504330A - Virtual safety detecting method and system - Google Patents

Virtual safety detecting method and system Download PDF

Info

Publication number
CN104504330A
CN104504330A CN201410773774.8A CN201410773774A CN104504330A CN 104504330 A CN104504330 A CN 104504330A CN 201410773774 A CN201410773774 A CN 201410773774A CN 104504330 A CN104504330 A CN 104504330A
Authority
CN
China
Prior art keywords
information
detected
server
killing
safety detection
Prior art date
Application number
CN201410773774.8A
Other languages
Chinese (zh)
Other versions
CN104504330B (en
Inventor
汪圣平
杨晓东
徐锐波
王院生
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Priority to CN201410773774.8A priority Critical patent/CN104504330B/en
Publication of CN104504330A publication Critical patent/CN104504330A/en
Application granted granted Critical
Publication of CN104504330B publication Critical patent/CN104504330B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors

Abstract

The invention provides a virtual safety detecting method and a virtual safety detecting system. The method comprises the following steps that a light agent client acquires to-be-detected information and sends the to-be-detected information to a cache server through a network; the cache server judges whether corresponding relation between the to-be-detected information and a corresponding safety level of to-be-detected information exists or not; if the corresponding relation between the to-be-detected information and the corresponding safety level of to-be-detected information does not exist, the cache server sends the to-be-detected information to a checking server through the network to perform safety detection on the to-be-detected information; according to the detecting result of the checking server, the safety level of the to-be-detected information is determined; if the to-be-detected information and the corresponding safety level of to-be-detected information exists, according to the corresponding relation, the safety level of the to-be-detected information is determined, wherein the light agent client is installed in a virtual machine. The efficiency of safety detection is improved, and the resource occupation rate of a physical machine is reduced.

Description

Virtual safety detection method and system

Technical field

The present invention relates to field of computer technology, particularly relate to a kind of virtual safety detection method and system.

Background technology

Virtual, to refer to a computer virtual by Intel Virtualization Technology to be multiple stage logical machine.Run multiple logical machine on one computer, each logical machine can run different operating system simultaneously, and application program can be run and be independent of each other in separate space, thus significantly improves the work efficiency of computing machine.

In existing virtual safety detection scheme, if same physical machine exists the virtual logical machine of multiple stage (virtual machine), when safety detection is carried out to the information in multiple stage virtual machine, need to arrange killing server in every platform virtual machine, the information in every platform virtual machine is carried out safety detection in respective killing server.

Owing to including same or analogous information in every platform virtual machine, and killing server is also mutually the same, if multiple stage virtual machine carries out safety detection to identical information simultaneously, certainly will add the resource occupation of the physical machine at multiple stage virtual machine place.

Summary of the invention

In view of above-mentioned existing virtual safety detection method carries out safety to the information in multiple stage virtual machine, easily cause the problem that the resource occupation of physical machine is high, propose the present invention to provide a kind of overcoming the problems referred to above or the virtual safety detection method solved the problem at least in part and system.

According to one aspect of the present invention, provide a kind of virtual safety detection method, comprising:

Light agent client obtains information to be detected, and described information to be detected is sent to caching server by network;

Described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;

If do not exist, then described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described network by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server;

If exist, then determine the level of security of described information to be detected according to described corresponding relation;

Wherein, described light agent client is arranged in virtual machine.

Alternatively, described light agent client obtains information to be detected, comprising:

Described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine;

And/or,

At least one the virtual machine that described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

Alternatively, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.

Alternatively, described killing server carries out the step of the safety detection of described information to be detected, comprising:

Described killing server obtains the eigenwert of described information to be detected;

Described killing server scans described eigenwert by killing engine and carries out safety detection to described information to be detected.

Alternatively, described method also comprises:

Safety detection is carried out to described information to be detected do not obtain testing result if described killing server scans described eigenwert by killing engine, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, obtain testing result, and described testing result is returned to described killing server.

Alternatively, described method also comprises:

If described privately owned cloud server carries out safety detection to described information to be detected do not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.

Alternatively, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, comprising:

Described killing server is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.

Alternatively, in described acquisition testing result, and after described testing result is returned to described killing server, described method also comprises:

Described safety detection result is sent in described caching server and stores by described killing server.

Alternatively, described method also comprises:

Described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation;

Described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

According to a further aspect in the invention, provide a kind of virtual safety detecting system, comprising: caching server, killing server and be arranged in virtual machine light agent client; Wherein

Described light agent client, for obtaining information to be detected, is sent to described caching server by described information to be detected by network;

Described caching server, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then by described network, described information to be detected is sent to described killing server; If exist, then determine the level of security of described information to be detected according to described corresponding relation;

Described killing server, for receiving the information described to be detected that described caching server sends, carrying out safety detection to described information to be detected and obtaining testing result;

Described caching server, also for determining the level of security of described information to be detected according to the testing result of described killing server.

Alternatively, described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine;

And/or,

At least one the virtual machine that described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

Alternatively, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.

Alternatively, described killing server, comprising:

Characteristic value acquisition module, for obtaining the eigenwert of described information to be detected;

Safety detection module, carries out safety detection for being scanned described eigenwert by killing engine to described information to be detected.

Alternatively, described killing server, also comprises:

Privately owned high in the clouds detection module, if scan described eigenwert for described safety detection module by killing engine to carry out safety detection to described information to be detected and do not obtain testing result, the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection, obtain testing result, and described testing result is returned to described killing server.

Alternatively, described killing server, also comprises:

Publicly-owned high in the clouds detection module, if carry out safety detection for described privately owned cloud server to described information to be detected not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.

Alternatively, described privately owned high in the clouds detection module is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.

Alternatively, described killing server, also comprises:

Cache memory module, for obtaining testing result at described privately owned high in the clouds detection module, and after described testing result is returned to described killing server, is sent to described safety detection result in described caching server and stores.

Alternatively, described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation;

Described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

In existing virtual safety detection scheme, when carrying out safety detection to the information in multiple stage virtual machine simultaneously, the killing server in every platform virtual machine all starts and carries out safety detection to information, adds the resources occupation rate of physical machine.And according to secure virtual machine detection scheme of the present invention, light agent client is set in virtual machine, the information to be detected in virtual machine is obtained by light agent client, and be sent to the judgement that caching server carries out level of security, caching server judges whether the corresponding relation being cached with the information to be detected level of security corresponding with information to be detected, if exist, then determine the level of security of information to be detected according to corresponding relation; If do not exist, then information to be detected is sent to killing server and carries out safety detection, and according to safety detection result determination level of security.

By arranging the caching server being cached with the corresponding relation of information to be detected and its level of security, first utilizing caching server to judge, detecting without killing server security, improve the efficiency of safety detection.

Light agent client is arranged in a virtual machine in multiple stage virtual machine, only takies the system resource in a virtual machine, reduce the resources occupation rate of physical machine.

Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.

Accompanying drawing explanation

By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 is the flow chart of steps of a kind of virtual safety detection method according to the embodiment of the present invention one;

Fig. 2 is the flow chart of steps of a kind of virtual safety detection method according to the embodiment of the present invention two;

Fig. 3 is the structured flowchart of a kind of virtual safety detecting system according to the embodiment of the present invention three;

Fig. 4 is the structured flowchart of a kind of virtual safety detecting system according to the embodiment of the present invention four.

Embodiment

Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.

Embodiment one

Introduce the virtual safety detection method of one that the embodiment of the present invention provides in detail.

With reference to Fig. 1, show the flow chart of steps of a kind of virtual safety detection method in the embodiment of the present invention.

Virtual safety detection method in the embodiment of the present invention can be applied in the system comprising light agent client, caching server and killing server.

Wherein, described light agent client can be arranged in virtual machine, and described caching server and described killing server can be arranged in virtual machine or physical machine.Such as, described light agent client can be arranged in a virtual machine in multiple stage virtual machine, described caching server and described killing server can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client, described caching server and described killing server can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.

The virtual safety detection method of the present embodiment comprises the following steps:

Step 100, light agent client obtains information to be detected, and described information to be detected is sent to caching server by network.

Described information to be detected can derive from same virtual machine, also can derive from multiple stage virtual machine, that is, can be obtained the information to be detected in other virtual machines by the light agent client in a virtual machine.With compared with bottom physical layer transmission information to be detected, because of the limitation of bottom Physical layer itself, only can transfer files information, and pass through the information to be detected of Internet Transmission, except being except fileinfo, website information, access path information, registration table reading writing information etc. can also be included but not limited to.

Step 102, described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then perform step 104; If exist, then perform step 106.

Can the corresponding relation of the buffer memory information to be detected level of security corresponding with it in caching server.Such as, the corresponding relation of the information A to be detected level of security corresponding with it " danger " is cached with in caching server; The corresponding relation of the information B to be detected level of security corresponding with it " safety " is cached with in caching server.

Step 104, described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described network by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server.

Such as, caching server receives the information C to be detected from light agent client, the corresponding relation of the information C to be detected level of security corresponding with it is there is not in caching server, then information C to be detected is sent to the safety detection that killing server carries out information C to be detected by caching server, obtained the testing result of information C to be detected by killing server, caching server can determine the level of security of information C to be detected according to testing result.

That is, when there is not the corresponding relation of certain information to be detected level of security corresponding with it in caching server, this information to be detected is sent to killing server and carries out safety detection by caching server, and the testing result obtained by killing server judges the level of security of this information to be detected.

Step 106, determines the level of security of described information to be detected according to described corresponding relation.

If there is the corresponding relation of certain information to be detected level of security corresponding with it in caching server, then directly determine the level of security that this information to be detected is corresponding.

In sum, the embodiment of the present invention arranges light agent client in virtual machine, the information to be detected in virtual machine is obtained by light agent client, and be sent to the judgement that caching server carries out level of security, caching server judges whether the corresponding relation being cached with the information to be detected level of security corresponding with information to be detected, if exist, then determine the level of security of information to be detected according to corresponding relation; If do not exist, then information to be detected is sent to killing server and carries out safety detection, and according to safety detection result determination level of security.

By arranging the caching server being cached with the corresponding relation of information to be detected and its level of security, first utilizing caching server to judge, detecting without killing server security, improve the efficiency of safety detection.

Light agent client is arranged in a virtual machine in multiple stage virtual machine, only takies the system resource in a virtual machine, reduce the resources occupation rate of physical machine.

Embodiment two

Introduce the virtual safety detection method of one that the embodiment of the present invention provides in detail.

With reference to Fig. 2, show the flow chart of steps of a kind of virtual safety detection method in the embodiment of the present invention.

Virtual safety detection method in the embodiment of the present invention can be applied in the system comprising light agent client, caching server and killing server.

Wherein, described light agent client can be arranged in virtual machine, and described caching server and described killing server can be arranged in virtual machine or in physical machine.Such as, described light agent client can be arranged in a virtual machine in multiple stage virtual machine, described caching server and described killing server can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client, described caching server and described killing server can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.

The virtual safety detection method of the present embodiment comprises the following steps:

Step 200, light agent client obtains information to be detected, and described information to be detected is sent to caching server by network.

Described information to be detected can derive from same virtual machine, also can derive from multiple stage virtual machine, that is, can be obtained the information to be detected in other virtual machines by the light agent client in a virtual machine.

Preferably, according to the separate sources of information to be detected, in described step 200, light agent client obtains the process of information to be detected and can be:

1), described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine.

Such as, the physical machine W1 at light agent client Q1 place comprises virtual machine X1 and X2, then light agent client Q1 can obtain information to be detected from virtual machine X1 and X2, both can obtain information to be detected separately from virtual machine X1, and can obtain information to be detected separately again from virtual machine X2.

And/or,

2) at least one the virtual machine that, described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

Such as, the physical machine W1 at light agent client Q1 place is arranged in cluster J1, cluster J1 also comprises physical machine W2, physical machine W1 comprises virtual machine X1 and X2, physical machine W2 comprises virtual machine X3 and X4, then light agent client Q1 can obtain information to be detected from virtual machine X1, X2, X3 and X4, both information to be detected can be obtained separately from virtual machine X1, information to be detected can be obtained separately again from virtual machine X2, information to be detected can also be obtained separately from virtual machine X3, meanwhile, also information to be detected can be obtained separately from virtual machine X4.

Described light agent client obtains information to be detected can select separately above-mentioned 1) in mode, separately can also select above-mentioned 2) in mode, also can select above-mentioned 1 simultaneously) and 2) in mode.

Preferably, described information to be detected can comprise at least one in fileinfo, website information, access path information, registration table reading writing information, and the particular content that the embodiment of the present invention treats Detection Information is not restricted.

Step 202, described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then perform step 204; If exist, then perform step 206.

Can the corresponding relation of the buffer memory information to be detected level of security corresponding with it in caching server.Such as, the corresponding relation of the information A to be detected level of security corresponding with it " danger " is cached with in caching server; The corresponding relation of the information B to be detected level of security corresponding with it " safety " is cached with in caching server.

Step 204, described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described network by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server.

Such as, caching server receives the information C to be detected from light agent client, the corresponding relation of the information C to be detected level of security corresponding with it is there is not in caching server, then information C to be detected is sent to the safety detection that killing server carries out information C to be detected by caching server, obtained the testing result of information C to be detected by killing server, caching server can determine the level of security of information C to be detected according to testing result.

That is, when there is not the corresponding relation of certain information to be detected level of security corresponding with it in caching server, this information to be detected is sent to killing server and carries out safety detection by caching server, and the testing result obtained by killing server judges the level of security of this information to be detected.

Preferably, the step that in above-mentioned steps 204, killing server carries out the safety detection of described information to be detected can comprise:

Step 041, described killing server obtains the eigenwert of described information to be detected.

The eigenwert of described information to be detected is the attribute information for identifying information to be detected with uniqueness, killing server can be treated Detection Information and carry out the operations such as calculating and obtain eigenwert, and the embodiment of the present invention obtains the eigenwert of information to be detected technological means to killing server is not restricted.

Step 042, described killing server scans described eigenwert by killing engine and carries out safety detection to described information to be detected.

Described killing engine is the core component of killing server, utilizes killing engine to scan eigenwert and to identify, realizes the safety detection treating Detection Information.

Preferably, if in above-mentioned steps 042, described killing server scans described eigenwert by killing engine to carry out safety detection to described information to be detected and not to obtain testing result, then perform step 043.

Step 043, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, obtains testing result, and described testing result is returned to described killing server.

The cluster at described light agent client place is provided with privately owned cloud server, described privately owned cloud server is set to for the physical machine in described cluster and virtual machine connected reference usually, privately owned cloud server stores the relevant information of the information a large amount of to be detected in described cluster, comprises the eigenwert of information to be detected, corresponding level of security etc.

Preferably, in above-mentioned steps 043, the process that the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection can be:

Described killing server is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.

If there is multiple needs to be sent to the eigenwert that privately owned cloud server carries out safety detection, then killing server according to the scanning sequency preset, can send multiple eigenwert to privately owned cloud server and carries out safety detection.

Preferably, in above-mentioned steps 043, in described acquisition testing result, and after described testing result is returned to described killing server, described safety detection result can also be sent in described caching server and store by described killing server.

Safety detection result is sent to the object that caching server carries out storing by killing server, add the corresponding relation storehouse of the level of security that on caching server, information to be detected is corresponding with it, the efficiency that caching server judges in above-mentioned steps 202 can be improved.

Preferably, if in above-mentioned steps 043, described privately owned cloud server carries out safety detection to described information to be detected and does not obtain testing result, then perform step 044.

Step 044, the publicly-owned cloud server that described eigenwert is sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.

Usually, the safety detection ability of the more publicly-owned cloud server of safety detection ability of privately owned cloud server is weak, when privately owned cloud server does not obtain testing result, eigenwert is sent to publicly-owned cloud server and carries out safety detection, testing result can be obtained, testing result is returned to privately owned cloud server and killing server again, what can increase follow-up privately owned cloud server and killing server is detected as power.

Preferably, described privately owned cloud server can obtain lastest imformation according to setting rule from described publicly-owned cloud server, wherein, can include the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation.

Preferably, described privately owned cloud server can upgrade the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

Step 206, determines the level of security of described information to be detected according to described corresponding relation.

If there is the corresponding relation of certain information to be detected level of security corresponding with it in caching server, then directly determine the level of security that this information to be detected is corresponding.

In sum, in the virtual machine of the embodiment of the present invention in multiple stage virtual machine, light agent client, caching server and killing server are set, the information to be detected in virtual machine is obtained by light agent client, and be sent to the judgement that caching server carries out level of security, caching server judges whether the corresponding relation being cached with the information to be detected level of security corresponding with information to be detected, if exist, then determine the level of security of information to be detected according to corresponding relation; If do not exist, then information to be detected is sent to killing server and carries out safety detection, and according to safety detection result determination level of security.

By arranging the caching server being cached with the corresponding relation of information to be detected and its level of security, first utilizing caching server to judge, detecting without killing server security, improve the efficiency of safety detection.

By in a virtual machine in multiple stage virtual machine of light agent client, caching server and killing Servers installed, only take the system resource in a virtual machine, reduce the resources occupation rate of physical machine.

Embodiment three

Introduce the virtual safety detecting system of one that the embodiment of the present invention provides in detail.

With reference to Fig. 3, show the structured flowchart of a kind of virtual safety detecting system in the embodiment of the present invention.

Described system can comprise: be arranged at the light agent client 300 in virtual machine, and caching server 302 and killing server 304;

Wherein, caching server 302 and killing server 304 can be arranged in physical machine or virtual machine.Such as, described light agent client 300 can be arranged in a virtual machine in multiple stage virtual machine, described caching server 302 and described killing server 304 can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client 300, described caching server 302 and described killing server 304 can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.

Described light agent client 300, for obtaining information to be detected, is sent to described caching server 302 by described information to be detected by network.

Described caching server 302, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then by described network, described information to be detected is sent to described killing server 304; If exist, then determine the level of security of described information to be detected according to described corresponding relation.

Described killing server 304, for receiving the information described to be detected that described caching server 302 sends, carrying out safety detection to described information to be detected and obtaining testing result.

Described caching server 302, also for determining the level of security of described information to be detected according to the testing result of described killing server 304.

In sum, the embodiment of the present invention arranges light agent client in virtual machine, the information to be detected in virtual machine is obtained by light agent client, and be sent to the judgement that caching server carries out level of security, caching server judges whether the corresponding relation being cached with the information to be detected level of security corresponding with information to be detected, if exist, then determine the level of security of information to be detected according to corresponding relation; If do not exist, then information to be detected is sent to killing server and carries out safety detection, and according to safety detection result determination level of security.

By arranging the caching server being cached with the corresponding relation of information to be detected and its level of security, first utilizing caching server to judge, detecting without killing server security, improve the efficiency of safety detection.

Light agent client is arranged in a virtual machine in multiple stage virtual machine, only takies the system resource in a virtual machine, reduce the resources occupation rate of physical machine.

Embodiment four

Introduce the virtual safety detecting system of one that the embodiment of the present invention provides in detail.

With reference to Fig. 4, show the structured flowchart of a kind of virtual safety detecting system in the embodiment of the present invention.

Described system can comprise: be arranged at the light agent client 400 in virtual machine, and caching server 402 and killing server 404; Wherein, caching server 402 and killing server 404 can be arranged in physical machine or virtual machine.Such as, described light agent client 400 can be arranged in a virtual machine in multiple stage virtual machine, described caching server 402 and described killing server 404 can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client 400, described caching server 402 and described killing server 404 can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.

Wherein, described killing server 404 can comprise: characteristic value acquisition module 4041, safety detection module 4042, privately owned high in the clouds detection module 4043, publicly-owned high in the clouds detection module 4044, cache memory module 4045.

Described light agent client 400, for obtaining information to be detected, is sent to described caching server 402 by described information to be detected by network.

Wherein, described information to be detected can comprise at least one in fileinfo, website information, access path information, registration table reading writing information.

Preferably, described light agent client 400 obtains information to be detected from least one virtual machine the physical machine at described light agent client 400 place, wherein, is provided with multiple stage virtual machine in described physical machine.

And/or,

At least one the virtual machine that described light agent client 400 is arranged at least one physical machine of same cluster from the physical machine with described light agent client 400 place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

Described caching server 402, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then by described network, described information to be detected is sent to described killing server 404; If exist, then determine the level of security of described information to be detected according to described corresponding relation.

Described killing server 404, for receiving the information described to be detected that described caching server 402 sends, carrying out safety detection to described information to be detected and obtaining testing result.

Preferably, described killing server 404 can comprise:

Characteristic value acquisition module 4041, for obtaining the eigenwert of described information to be detected.

Safety detection module 4042, carries out safety detection for being scanned described eigenwert by killing engine to described information to be detected.

Privately owned high in the clouds detection module 4043, if scan described eigenwert for described safety detection module 4042 by killing engine to carry out safety detection to described information to be detected and do not obtain testing result, the privately owned cloud server described eigenwert being sent to described light agent client 400 place cluster carries out safety detection, obtain testing result, and described testing result is returned to described killing server 404.

Preferably, described privately owned high in the clouds detection module 4043 is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client 400 place cluster carries out safety detection.

Publicly-owned high in the clouds detection module 4044, if carry out safety detection for described privately owned cloud server to described information to be detected not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server 404.

Cache memory module 4045, for obtaining testing result at described privately owned high in the clouds detection module 4043, and after described testing result is returned to described killing server 404, is sent to described safety detection result in described caching server and stores.

Preferably, described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation.

Preferably, described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

Described caching server 402, also for determining the level of security of described information to be detected according to the testing result of described killing server 404.

In sum, the embodiment of the present invention arranges light agent client in virtual machine, the information to be detected in virtual machine is obtained by light agent client, and be sent to the judgement that caching server carries out level of security, caching server judges whether the corresponding relation being cached with the information to be detected level of security corresponding with information to be detected, if exist, then determine the level of security of information to be detected according to corresponding relation; If do not exist, then information to be detected is sent to killing server and carries out safety detection, and according to safety detection result determination level of security.

By arranging the caching server being cached with the corresponding relation of information to be detected and its level of security, first utilizing caching server to judge, detecting without killing server security, improve the efficiency of safety detection.

By in a virtual machine in multiple stage virtual machine of light agent client, caching server and killing Servers installed, only take the system resource in a virtual machine, reduce the resources occupation rate of physical machine.

The virtual safety detection scheme provided at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure required by system that there is the present invention program is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.

In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as the following claims reflect, all features of inventive aspect disclosed single embodiment before being to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.

In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in detail in the claims, the one of any of embodiment required for protection can use with arbitrary array mode.

All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the virtual safety detection scheme of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.

The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

The embodiment of the invention discloses A1, a kind of virtual safety detection method, comprising:

Light agent client obtains information to be detected, and described information to be detected is sent to caching server by network;

Described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;

If do not exist, then described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described network by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server;

If exist, then determine the level of security of described information to be detected according to described corresponding relation;

Wherein, described light agent client is arranged in virtual machine.

A2, method according to A1, wherein, described light agent client obtains information to be detected, comprising:

Described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine;

And/or,

At least one the virtual machine that described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

A3, method according to A1 or A2, wherein, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.

A4, method according to A3, wherein, described killing server carries out the step of the safety detection of described information to be detected, comprising:

Described killing server obtains the eigenwert of described information to be detected;

Described killing server scans described eigenwert by killing engine and carries out safety detection to described information to be detected.

A5, method according to A4, wherein, described method also comprises:

Safety detection is carried out to described information to be detected do not obtain testing result if described killing server scans described eigenwert by killing engine, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, obtain testing result, and described testing result is returned to described killing server.

A6, method according to A5, wherein, described method also comprises:

If described privately owned cloud server carries out safety detection to described information to be detected do not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.

A7, method according to A5, wherein, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, comprising:

Described killing server is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.

A8, method according to A5, wherein, in described acquisition testing result, and after described testing result is returned to described killing server, described method also comprises:

Described safety detection result is sent in described caching server and stores by described killing server.

A9, method according to A6, wherein, described method also comprises:

Described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation;

Described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

The embodiment of the invention also discloses B10, a kind of virtual safety detecting system, comprising: caching server, killing server and be arranged in virtual machine light agent client; Wherein

Described light agent client, for obtaining information to be detected, is sent to described caching server by described information to be detected by network;

Described caching server, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then by described network, described information to be detected is sent to described killing server; If exist, then determine the level of security of described information to be detected according to described corresponding relation;

Described killing server, for receiving the information described to be detected that described caching server sends, carrying out safety detection to described information to be detected and obtaining testing result;

Described caching server, also for determining the level of security of described information to be detected according to the testing result of described killing server.

B11, system according to B10, wherein, described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine;

And/or,

At least one the virtual machine that described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.

B12, system according to B10 or B11, wherein,

Described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.

B13, system according to B12, wherein, described killing server, comprising:

Characteristic value acquisition module, for obtaining the eigenwert of described information to be detected;

Safety detection module, carries out safety detection for being scanned described eigenwert by killing engine to described information to be detected.

B14, system according to B13, wherein, described killing server, also comprises:

Privately owned high in the clouds detection module, if scan described eigenwert for described safety detection module by killing engine to carry out safety detection to described information to be detected and do not obtain testing result, the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection, obtain testing result, and described testing result is returned to described killing server.

B15, system according to B14, wherein, described killing server, also comprises:

Publicly-owned high in the clouds detection module, if carry out safety detection for described privately owned cloud server to described information to be detected not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.

B16, system according to B14, wherein, described privately owned high in the clouds detection module is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.

B17, system according to B14, wherein, described killing server, also comprises:

Cache memory module, for obtaining testing result at described privately owned high in the clouds detection module, and after described testing result is returned to described killing server, is sent to described safety detection result in described caching server and stores.

B18, system according to B15, wherein,

Described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation;

Described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.

Claims (10)

1. a virtual safety detection method, comprising:
Light agent client obtains information to be detected, and described information to be detected is sent to caching server by network;
Described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;
If do not exist, then described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described network by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server;
If exist, then determine the level of security of described information to be detected according to described corresponding relation;
Wherein, described light agent client is arranged in virtual machine.
2. method according to claim 1, wherein, described light agent client obtains information to be detected, comprising:
Described light agent client obtains information to be detected from least one virtual machine the physical machine at described light agent client place, wherein, is provided with multiple stage virtual machine in described physical machine;
And/or,
At least one the virtual machine that described light agent client is arranged at least one physical machine of same cluster from the physical machine with described light agent client place obtains information to be detected, wherein, described cluster comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
3. method according to claim 1 and 2, wherein, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.
4. method according to claim 3, wherein, described killing server carries out the step of the safety detection of described information to be detected, comprising:
Described killing server obtains the eigenwert of described information to be detected;
Described killing server scans described eigenwert by killing engine and carries out safety detection to described information to be detected.
5. method according to claim 4, wherein, described method also comprises:
Safety detection is carried out to described information to be detected do not obtain testing result if described killing server scans described eigenwert by killing engine, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, obtain testing result, and described testing result is returned to described killing server.
6. method according to claim 5, wherein, described method also comprises:
If described privately owned cloud server carries out safety detection to described information to be detected do not obtain testing result, the publicly-owned cloud server then described eigenwert being sent to described cluster outside carries out safety detection, obtain testing result, and described testing result is returned to described privately owned cloud server, and by described privately owned cloud server, described testing result is returned to described killing server.
7. method according to claim 5, wherein, the privately owned cloud server that described eigenwert is sent to described light agent client place cluster by described killing server carries out safety detection, comprising:
Described killing server is according to the scanning sequency preset, and the privately owned cloud server described eigenwert being sent to described light agent client place cluster carries out safety detection.
8. method according to claim 5, wherein, in described acquisition testing result, and after described testing result is returned to described killing server, described method also comprises:
Described safety detection result is sent in described caching server and stores by described killing server.
9. method according to claim 6, wherein, described method also comprises:
Described privately owned cloud server obtains lastest imformation according to setting rule from described publicly-owned cloud server, wherein, includes the described publicly-owned eigenwert of cloud server regular update and the corresponding relation of level of security in described lastest imformation;
Described privately owned cloud server upgrades the corresponding relation of eigenwert and the level of security stored in described privately owned cloud server according to described lastest imformation.
10. a virtual safety detecting system, comprising: caching server, killing server and be arranged in virtual machine light agent client; Wherein
Described light agent client, for obtaining information to be detected, is sent to described caching server by described information to be detected by network;
Described caching server, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then by described network, described information to be detected is sent to described killing server; If exist, then determine the level of security of described information to be detected according to described corresponding relation;
Described killing server, for receiving the information described to be detected that described caching server sends, carrying out safety detection to described information to be detected and obtaining testing result;
Described caching server, also for determining the level of security of described information to be detected according to the testing result of described killing server.
CN201410773774.8A 2014-12-12 2014-12-12 Virtualize safety detection method and system CN104504330B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410773774.8A CN104504330B (en) 2014-12-12 2014-12-12 Virtualize safety detection method and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410773774.8A CN104504330B (en) 2014-12-12 2014-12-12 Virtualize safety detection method and system
PCT/CN2015/095821 WO2016091086A1 (en) 2014-12-12 2015-11-27 Virtualization security detection method and system

Publications (2)

Publication Number Publication Date
CN104504330A true CN104504330A (en) 2015-04-08
CN104504330B CN104504330B (en) 2017-12-08

Family

ID=52945726

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410773774.8A CN104504330B (en) 2014-12-12 2014-12-12 Virtualize safety detection method and system

Country Status (2)

Country Link
CN (1) CN104504330B (en)
WO (1) WO2016091086A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016091086A1 (en) * 2014-12-12 2016-06-16 北京奇虎科技有限公司 Virtualization security detection method and system
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090178131A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Globally distributed infrastructure for secure content management
US8176311B1 (en) * 2009-01-23 2012-05-08 Juniper Networks, Inc. Initializing platform-specific features of a platform during early stages of booting the kernel
WO2012175886A1 (en) * 2011-06-24 2012-12-27 France Telecom Method for detecting attacks and for protection
CN103761480A (en) * 2014-01-13 2014-04-30 北京奇虎科技有限公司 Method and device for detecting file security
CN103812894A (en) * 2012-11-12 2014-05-21 中国石油天然气集团公司 Web release file version management method in real-time monitoring system
CN103902910A (en) * 2013-12-30 2014-07-02 北京奇虎科技有限公司 Method and device for detecting malicious codes in intelligent terminal
CN104077532A (en) * 2014-06-20 2014-10-01 中标软件有限公司 Linux virtualization platform safety detection method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104504330B (en) * 2014-12-12 2017-12-08 北京奇安信科技有限公司 Virtualize safety detection method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090178131A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Globally distributed infrastructure for secure content management
US8176311B1 (en) * 2009-01-23 2012-05-08 Juniper Networks, Inc. Initializing platform-specific features of a platform during early stages of booting the kernel
WO2012175886A1 (en) * 2011-06-24 2012-12-27 France Telecom Method for detecting attacks and for protection
CN103812894A (en) * 2012-11-12 2014-05-21 中国石油天然气集团公司 Web release file version management method in real-time monitoring system
CN103902910A (en) * 2013-12-30 2014-07-02 北京奇虎科技有限公司 Method and device for detecting malicious codes in intelligent terminal
CN103761480A (en) * 2014-01-13 2014-04-30 北京奇虎科技有限公司 Method and device for detecting file security
CN104077532A (en) * 2014-06-20 2014-10-01 中标软件有限公司 Linux virtualization platform safety detection method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016091086A1 (en) * 2014-12-12 2016-06-16 北京奇虎科技有限公司 Virtualization security detection method and system
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment

Also Published As

Publication number Publication date
CN104504330B (en) 2017-12-08
WO2016091086A1 (en) 2016-06-16

Similar Documents

Publication Publication Date Title
US10133870B2 (en) Customizing a security report using static analysis
US9356937B2 (en) Disambiguating conflicting content filter rules
US9146715B1 (en) Suppression of table of contents save actions
US10540350B2 (en) Source code search engine
US20190303120A1 (en) Dynamic container deployment with parallel conditional layers
CN102930211B (en) A kind of multi-core browser intercepts method and the multi-core browser of malice network address
US20160070548A1 (en) Table of contents pointer value save and restore placeholder positioning
CN103632096B (en) A kind of method and apparatus that safety detection is carried out to equipment
RU2551820C2 (en) Method and apparatus for detecting viruses in file system
US20190324772A1 (en) Method and device for processing smart contracts
CN105117289B (en) Method for allocating tasks, apparatus and system based on cloud test platform
EP2447877A1 (en) System and method for detection of malware and management of malware-related information
US8627469B1 (en) Systems and methods for using acquisitional contexts to prevent false-positive malware classifications
RU2581560C2 (en) Method of scanning files, client computer and server
WO2016148865A1 (en) Methods and systems for improving analytics in distributed networks
US9038059B2 (en) Automatically targeting application modules to individual machines and application framework runtimes instances
CN104392181A (en) SO file protection method and device and android installation package reinforcement method and system
US20190034640A1 (en) Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems
US8307350B2 (en) Multi level virtual function tables
US8856764B2 (en) Distributed static analysis of computer software applications
CN104484585A (en) Application program installation package processing method and device, and mobile apparatus
US8572574B2 (en) Solving hybrid constraints to validate specification requirements of a software module
CN102982284B (en) For the scanning device of rogue program killing, cloud management equipment and method and system
CN103856343B (en) Configure the method and system of virtual machine network information
CN105574411B (en) A kind of dynamic hulling method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20161212

Address after: 100015 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihoo Technology Co., Ltd.

Applicant before: Qizhi Software (Beijing) Co., Ltd.

C41 Transfer of patent application or patent right or utility model
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee after: Qianxin Technology Group Co., Ltd.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

CP01 Change in the name or title of a patent holder