CN104504339A - Virtualization security detection method and system - Google Patents
Virtualization security detection method and system Download PDFInfo
- Publication number
- CN104504339A CN104504339A CN201410818266.7A CN201410818266A CN104504339A CN 104504339 A CN104504339 A CN 104504339A CN 201410818266 A CN201410818266 A CN 201410818266A CN 104504339 A CN104504339 A CN 104504339A
- Authority
- CN
- China
- Prior art keywords
- information
- detected
- killing
- server
- whole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Investigating Or Analysing Materials By Optical Means (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a virtualization security detection method and a virtualization security detection system. The virtualization security detection method comprises the following steps: acquiring all information to be detected in a local area network with a light agent client through the light agent client, and implementing security detection on all information to be detected through a light agent searching and killing engine in the light agent client; if all detection result is not acquired, transmitting the information to be detected without the detection result to a public cloud server outside the local area network for security detection; determining the security grade of the information to be detected without the detection result according to the detection result of the public cloud server; when all detection result of all information to be detected is acquired, transmitting all information to be detected and corresponding all detection result to a cache server and/or searching and killing server, thereby enabling the cache server and/or searching and killing server to implement security detection on the information to be detected in the local area network, wherein the light agent client is in a virtual machine. By the adoption of the virtualization security detection method and the virtualization security detection system, the resource occupation in the local area network is reduced.
Description
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of virtual safety detection method and system.
Background technology
Virtual, to refer to a computer virtual by Intel Virtualization Technology to be multiple stage logical machine.Run multiple logical machine on one computer, each logical machine can run different operating system simultaneously, and application program can be run and be independent of each other in separate space, thus significantly improves the work efficiency of computing machine.
In existing virtual safety detection scheme, if the information in local area network carries out safety detection, need in the virtual machine of LAN (Local Area Network), arrange one or more killing server, the full detail in LAN (Local Area Network) is sent to one or more killing server and carries out safety detection.
Because the information in LAN (Local Area Network) is relatively fixing, utilize the information in killing server local area network to detect continually, the waste of the Internet resources of LAN (Local Area Network) and the resource allocation of virtual machine can be caused.
Summary of the invention
In view of above-mentioned existing virtual safety detection method carries out safety detection by the information in killing server local area network, easily cause the problem of the wasting of resources, propose the present invention to provide a kind of overcoming the problems referred to above or the virtual safety detection method solved the problem at least in part and system.
According to one aspect of the present invention, provide a kind of virtual safety detection method, comprising:
Light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carries out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
If gently act on behalf of killing engine to carry out safety detection to described whole information to be detected do not obtain whole testing result described, then the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
When described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
According to a further aspect in the invention, provide a kind of virtual safety detecting system, comprising: light agent client, caching server and/or killing server; Wherein, described light agent client comprises:
Acquisition of information to be detected and detection module, for obtaining the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carry out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
Information to be detected sends and detection module, if carry out safety detection to described whole information to be detected do not obtain whole testing result for described killing engine of gently acting on behalf of, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to described LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
Testing result sending module, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
In existing virtual safety detection scheme, when the full detail in local area network carries out safety detection, need in the virtual machine of LAN (Local Area Network), arrange one or more killing server, by killing server, safety detection is carried out to full detail.Because the full detail in LAN (Local Area Network) is relatively fixing, the content of increase or renewal is little, if utilize killing server to scan relatively-stationary full detail in LAN (Local Area Network) continually, certainly will cause the waste of resource.And according to secure virtual machine detection scheme of the present invention, light agent client is set in virtual machine, obtained the information whole to be detected in the LAN (Local Area Network) at light agent client place by light agent client, by the killing engine of gently acting on behalf of in light agent client, safety detection is carried out to whole information to be detected; If do not obtain whole testing result, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected not obtaining testing result is determined again according to the testing result of publicly-owned Cloud Server; If obtain whole testing result, then whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making caching server and/or killing server carry out the information to be detected in LAN (Local Area Network).
By the killing engine of gently acting on behalf of in light agent client, safety detection is being carried out to whole information to be detected, and when obtaining whole testing result, determine that the full detail in LAN (Local Area Network) is by the information gently acting on behalf of the identification of killing engine, now no longer need the full detail in local area network to carry out safety detection, save the resource occupation of the Internet resources in LAN (Local Area Network) and the virtual machine in LAN (Local Area Network).
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 is the flow chart of steps of a kind of virtual safety detection method according to the embodiment of the present invention one;
Fig. 2 is the flow chart of steps of a kind of virtual safety detection method according to the embodiment of the present invention two;
Fig. 3 is the structured flowchart of a kind of virtual safety detecting system according to the embodiment of the present invention three;
Fig. 4 is the structured flowchart of a kind of virtual safety detecting system according to the embodiment of the present invention four.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Embodiment one
Introduce the virtual safety detection method of one that the embodiment of the present invention provides in detail.
With reference to Fig. 1, show the flow chart of steps of a kind of virtual safety detection method in the embodiment of the present invention.
Virtual safety detection method in the embodiment of the present invention can be applied in the system comprising light agent client, caching server and/or killing server.
Wherein, described light agent client can be arranged in virtual machine, and described caching server and/or described killing server can be arranged in virtual machine or physical machine.Such as, described light agent client can be arranged in a virtual machine in multiple stage virtual machine, described caching server and/or described killing server can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client, described caching server and/or described killing server can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.
The virtual safety detection method of the present embodiment comprises the following steps:
Step 100, light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carries out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected; Gently act on behalf of killing engine to carry out safety detection to described whole information to be detected do not obtain whole testing result if described, then perform step 102; Gently act on behalf of whole testing results that killing engine gets described whole information to be detected if described, then perform step 104.
Described information to be detected can derive from same virtual machine, also can derive from multiple stage virtual machine, can derive from a physical machine, also can derive from multiple stage physical machine, that is, the information to be detected of task location in LAN (Local Area Network) can be obtained by light agent client.
And, light agent client can pass through the whole information to be detected of Network Capture, with compared with bottom physical layer transmission information to be detected, because of the limitation of bottom Physical layer itself, only can transfer files information, and pass through the information to be detected of Internet Transmission, except being except fileinfo, website information, access path information, registration table reading writing information etc. can also be included but not limited to.
Be provided with in light agent client inside and gently act on behalf of killing engine, described killing engine of gently acting on behalf of can carry out safety detection quickly for the information of particular type, specific environment or specific resources etc., it is relative to traditional killing server, has that resources occupation rate is low, killing efficiency advantages of higher.
Step 102, the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server.
Such as, light agent client is treated Detection Information A and is carried out safety detection, not to the testing result of information A to be detected, represent that light agent client cannot be treated Detection Information A and identify, the Cloud Server that then information A to be detected is sent to LAN (Local Area Network) outside by light agent client carries out safety detection, determines the level of security of information A to be detected further according to the testing result of Cloud Server.
Step 104, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network) by described light agent client.
Described light agent client carries out safety detection to whole information to be detected, obtain whole testing result, represent that the full detail in LAN (Local Area Network) all can by light agent client identification, killing engine then in light agent client can cut out, and does not need to carry out safety detection to the information in current LAN (Local Area Network) again.
Now, full detail in current local area network and whole testing results corresponding to full detail can be sent to caching server in LAN (Local Area Network) and/or killing server by light agent client, utilize the information in caching server and/or killing server local area network to carry out safety detection.
Caching server and/or killing server can by the full detail in accumulation, study LAN (Local Area Network) and whole testing results corresponding to full detail, increase the cache database of caching server and/or the killing database of killing server, improve the safety detection ability of caching server and/or killing server.
It should be noted that, describedly gently act on behalf of whole testing results that killing engine gets described whole information to be detected, can comprise and gently act on behalf of killing engine and carry out through self treating Detection Information the testing result that safety detection obtains, can also comprise and carry out through publicly-owned Cloud Server the testing result that safety detection obtains.
In sum, the embodiment of the present invention arranges light agent client in virtual machine, obtained the information whole to be detected in the LAN (Local Area Network) at light agent client place by light agent client, by the killing engine of gently acting on behalf of in light agent client, safety detection is carried out to whole information to be detected; If do not obtain whole testing result, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected not obtaining testing result is determined again according to the testing result of publicly-owned Cloud Server; If obtain whole testing result, then whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making caching server and/or killing server carry out the information to be detected in LAN (Local Area Network).
By the killing engine of gently acting on behalf of in light agent client, safety detection is being carried out to whole information to be detected, and when obtaining whole testing result, determine that the full detail in LAN (Local Area Network) is by the information gently acting on behalf of the identification of killing engine, now no longer need the full detail in local area network to carry out safety detection, save the resource occupation of the Internet resources in LAN (Local Area Network) and the virtual machine in LAN (Local Area Network).
Embodiment two
Introduce the virtual safety detection method of one that the embodiment of the present invention provides in detail.
With reference to Fig. 2, show the flow chart of steps of a kind of virtual safety detection method in the embodiment of the present invention.
Virtual safety detection method in the embodiment of the present invention can be applied in the system comprising light agent client, caching server and/or killing server.
Wherein, described light agent client can be arranged in virtual machine, and described caching server and/or described killing server can be arranged in virtual machine or in physical machine.Such as, described light agent client can be arranged in a virtual machine in multiple stage virtual machine, described caching server and/or described killing server can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client, described caching server and/or described killing server can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.
The virtual safety detection method of the present embodiment comprises the following steps:
Step 200, light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carries out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected.
Described information to be detected can derive from same virtual machine, also can derive from multiple stage virtual machine, can derive from a physical machine, also can derive from multiple stage physical machine, that is, the information to be detected of task location in LAN (Local Area Network) can be obtained by light agent client.
And, light agent client can pass through the whole information to be detected of Network Capture, with compared with bottom physical layer transmission information to be detected, because of the limitation of bottom Physical layer itself, only can transfer files information, and pass through the information to be detected of Internet Transmission, except being except fileinfo, website information, access path information, registration table reading writing information etc. can also be included but not limited to.
Be provided with in light agent client inside and gently act on behalf of killing engine, described killing engine of gently acting on behalf of can carry out safety detection quickly for the information of particular type, specific environment or specific resources etc., it is relative to traditional killing server, has that resources occupation rate is low, killing efficiency advantages of higher.
Preferably, in described step 200, the process of the information whole to be detected that light agent client obtains in the LAN (Local Area Network) at described light agent client place can be:
Described light agent client obtains whole information to be detected from least one virtual machine of at least one physical machine described LAN (Local Area Network).
Wherein, described LAN (Local Area Network) comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
Such as, the LAN (Local Area Network) J1 at light agent client Q1 place comprises physical machine W1 and physical machine W2, physical machine W1 comprises virtual machine X1 and X2, physical machine W2 comprises virtual machine X3 and X4, then light agent client Q1 can from virtual machine X1, X2, whole information to be detected is obtained in X3 and X4, both whole information to be detected can be obtained separately from virtual machine X1, whole information to be detected can be obtained separately again from virtual machine X2, whole information to be detected can also be obtained separately from virtual machine X3, simultaneously, also whole information to be detected can be obtained separately from virtual machine X4.It should be noted that, when getting the whole information to be detected in LAN (Local Area Network) from some or several virtual machine or physical machine when light agent client, represent in other virtual machines in LAN (Local Area Network) or physical machine without information to be detected.
Preferably, described information to be detected can comprise at least one in fileinfo, website information, access path information, registration table reading writing information, and the particular content that the embodiment of the present invention treats Detection Information is not restricted.
Preferably, in light agent client described in described step 200 gently act on behalf of killing engine to described whole information to be detected carry out safety detection step, can comprise:
Sub-step 2001, described light agent client obtains the All Eigenvalues of described whole information to be detected.
The eigenwert of described information to be detected is the attribute information for identifying information to be detected with uniqueness, light agent client can be treated Detection Information and carry out the operations such as calculating and obtain eigenwert, and the embodiment of the present invention obtains the eigenwert of information to be detected technological means to light agent client is not restricted.
Sub-step 2002, described killing engine of gently acting on behalf of scans described All Eigenvalues and carries out safety detection to described whole information to be detected.
Describedly gently act on behalf of the core component that killing engine is light agent client, utilize and gently act on behalf of killing engine and can scan eigenwert and identify, realize the safety detection treating Detection Information.
Step 202, describedly gently acts on behalf of whole testing results that killing engine judges whether to get described whole information to be detected; If not, then step 204 is performed; If so, then step 206 is performed.
Preferably, described step 202 can be:
Described killing engine of gently acting on behalf of judges to carry out safety detection the need of the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside in setting-up time section; If not, then describedly whole testing results that the information whole to be detected got in described LAN (Local Area Network) determined by killing engine are gently acted on behalf of; If so, then describedly whole testing results that the information whole to be detected do not got in described LAN (Local Area Network) determined by killing engine are gently acted on behalf of.
Wherein, described setting-up time section can be some months, and specifically can set according to the actual conditions of LAN (Local Area Network), the embodiment of the present invention is not restricted setting-up time section.
Step 204, the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server.
Such as, light agent client is treated Detection Information A and is carried out safety detection, not to the testing result of information A to be detected, represent that light agent client cannot be treated Detection Information A and identify, the Cloud Server that then information A to be detected is sent to LAN (Local Area Network) outside by light agent client carries out safety detection, determines the level of security of information A to be detected further according to the testing result of Cloud Server.
Preferably, the process that the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside by light agent client described in described step 204 carries out safety detection can be:
The publicly-owned Cloud Server that the described information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside, according to the scanning sequency preset, is carried out safety detection by described light agent client.
If there is multiple needs to be sent to the information to be detected that publicly-owned Cloud Server carries out safety detection, then light agent client according to the scanning sequency preset, can send multiple information to be detected to publicly-owned Cloud Server and carries out safety detection.
Step 206, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network) by described light agent client; Further, close and gently act on behalf of killing engine in described light agent client.
Described light agent client carries out safety detection to whole information to be detected, obtain whole testing result, represent that the full detail in LAN (Local Area Network) all can by light agent client identification, killing engine then in light agent client can cut out, and does not need to carry out safety detection to the information in current LAN (Local Area Network) again.
Now, full detail in current local area network and whole testing results corresponding to full detail can be sent to caching server in LAN (Local Area Network) and/or killing server by light agent client, utilize the information in caching server and/or killing server local area network to carry out safety detection.
Preferably, the testing result of described publicly-owned Cloud Server can be returned to described caching server and/or killing server by described light agent client.
Caching server and/or killing server can by the full detail in accumulation, study LAN (Local Area Network) and whole testing results corresponding to full detail, increase the cache database of caching server and/or the killing database of killing server, improve the safety detection ability of caching server and/or killing server.
Preferably, caching server described in described step 206 carries out the process of the safety detection of the information to be detected in described LAN (Local Area Network) and can be:
Step 61, described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected; If do not exist, then perform step 62; If exist, then perform step 63.
Can the corresponding relation of the buffer memory information to be detected level of security corresponding with it in caching server.Such as, the corresponding relation of the information A to be detected level of security corresponding with it " danger " is cached with in caching server; The corresponding relation of the information B to be detected level of security corresponding with it " safety " is cached with in caching server.
Step 62, described information to be detected sends to killing server to carry out the safety detection of described information to be detected by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server.
Such as, the corresponding relation of the information C to be detected level of security corresponding with it is there is not in caching server, then information C to be detected is sent to the safety detection that killing server carries out information C to be detected by caching server, obtained the testing result of information C to be detected by killing server, caching server can determine the level of security of information C to be detected according to testing result.
That is, when there is not the corresponding relation of certain information to be detected level of security corresponding with it in caching server, this information to be detected is sent to killing server and carries out safety detection by caching server, and the testing result obtained by killing server judges the level of security of this information to be detected.
Step 63, determines the level of security of described information to be detected according to described corresponding relation.
If there is the corresponding relation of certain information to be detected level of security corresponding with it in caching server, then directly determine the level of security that this information to be detected is corresponding.
Preferably, killing server described in described step 206 carries out the process of the safety detection of the information to be detected in described LAN (Local Area Network) and can be:
Step 64, described killing server obtains the eigenwert of described information to be detected.
Step 65, described killing server scans described eigenwert by the killing engine of described killing server and carries out safety detection to described information to be detected.
It should be noted that, the specific implementation process of above-mentioned steps 64 and step 65 with reference to the implementation procedure of above-mentioned sub-step 2001 and sub-step 2002, can not repeat them here.
It should be noted that, describedly gently act on behalf of whole testing results that killing engine gets described whole information to be detected, can comprise and gently act on behalf of killing engine and carry out through self treating Detection Information the testing result that safety detection obtains, can also comprise and carry out through publicly-owned Cloud Server the testing result that safety detection obtains.
In sum, the embodiment of the present invention arranges light agent client in virtual machine, obtained the information whole to be detected in the LAN (Local Area Network) at light agent client place by light agent client, by the killing engine of gently acting on behalf of in light agent client, safety detection is carried out to whole information to be detected; If do not obtain whole testing result, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected not obtaining testing result is determined again according to the testing result of publicly-owned Cloud Server; If obtain whole testing result, then close and gently act on behalf of killing engine in light agent client, and whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making caching server and/or killing server carry out the information to be detected in LAN (Local Area Network).
By the killing engine of gently acting on behalf of in light agent client, safety detection is being carried out to whole information to be detected, and when obtaining whole testing result, determine that the full detail in LAN (Local Area Network) is by the information gently acting on behalf of the identification of killing engine, now close and gently act on behalf of killing engine in light agent client, no longer need the full detail in local area network to carry out safety detection, save the resource occupation of the Internet resources in LAN (Local Area Network) and the virtual machine in LAN (Local Area Network).
Embodiment three
Introduce the virtual safety detecting system of one that the embodiment of the present invention provides in detail.
With reference to Fig. 3, show the structured flowchart of a kind of virtual safety detecting system in the embodiment of the present invention.
Described system can comprise: be arranged at the light agent client 300 in virtual machine, and caching server and/or killing server;
Wherein, caching server and/or killing server can be arranged in physical machine or virtual machine.Such as, described light agent client 300 can be arranged in a virtual machine in multiple stage virtual machine, described caching server and/or described killing server can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client 300, described caching server and/or described killing server can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.
Wherein, described light agent client 300, can comprise: acquisition of information to be detected and detection module 3001, and information to be detected sends and detection module 3002, testing result sending module 3003.
Acquisition of information to be detected and detection module 3001, for obtaining the information whole to be detected in the LAN (Local Area Network) at described light agent client 300 place, by the killing engine of gently acting on behalf of in described light agent client 300, safety detection is carried out to described whole information to be detected.
Information to be detected sends and detection module 3002, if carry out safety detection to described whole information to be detected do not obtain whole testing result for described killing engine of gently acting on behalf of, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to described LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server.
Testing result sending module 3003, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network).
In sum, the embodiment of the present invention arranges light agent client in virtual machine, obtained the information whole to be detected in the LAN (Local Area Network) at light agent client place by light agent client, by the killing engine of gently acting on behalf of in light agent client, safety detection is carried out to whole information to be detected; If do not obtain whole testing result, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected not obtaining testing result is determined again according to the testing result of publicly-owned Cloud Server; If obtain whole testing result, then whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making caching server and/or killing server carry out the information to be detected in LAN (Local Area Network).
By the killing engine of gently acting on behalf of in light agent client, safety detection is being carried out to whole information to be detected, and when obtaining whole testing result, determine that the full detail in LAN (Local Area Network) is by the information gently acting on behalf of the identification of killing engine, now no longer need the full detail in local area network to carry out safety detection, save the resource occupation of the Internet resources in LAN (Local Area Network) and the virtual machine in LAN (Local Area Network).
Embodiment four
Introduce the virtual safety detecting system of one that the embodiment of the present invention provides in detail.
With reference to Fig. 4, show the structured flowchart of a kind of virtual safety detecting system in the embodiment of the present invention.
Described system can comprise: be arranged at the light agent client 400 in virtual machine, and caching server 402 and/or killing server 404.
Wherein, caching server 402 and/or killing server 404 can be arranged in physical machine or virtual machine.Such as, described light agent client 400 can be arranged in a virtual machine in multiple stage virtual machine, described caching server 402 and/or described killing server 404 can only be arranged in a physical machine, or, also can be arranged in a virtual machine, alternatively, described light agent client 400, described caching server 402 and/or described killing server 404 can be arranged in same virtual machine in multiple stage virtual machine, then without the need to arranging in other virtual machine.
Wherein, described light agent client 400 can comprise: acquisition of information to be detected and detection module 4001, information to be detected sends and detection module 4002, testing result sending module 4003, gently acts on behalf of killing engine-off module 4004, the First Eigenvalue acquisition module 4005, second safety detection module 4006, testing result returns module 4007, and information to be detected sends judge module 4008, whole testing result determination module 4009.
Described caching server 402 can comprise: relation judge module 4021, information sending module 4022 to be detected, level of security determination module 4023.
Described killing server 404 can comprise: Second Eigenvalue acquisition module 4041, second safety detection module 4042.
Described light agent client 400 can comprise:
Acquisition of information to be detected and detection module 4001, for obtaining the information whole to be detected in the LAN (Local Area Network) at described light agent client 400 place, by the killing engine of gently acting on behalf of in described light agent client 400, safety detection is carried out to described whole information to be detected.
Preferably, described acquisition of information to be detected and detection module 4001 obtain whole information to be detected from least one virtual machine of at least one physical machine described LAN (Local Area Network).
Wherein, described LAN (Local Area Network) comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
Preferably, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.
Information to be detected sends and detection module 4002, if carry out safety detection to described whole information to be detected do not obtain whole testing result for described killing engine of gently acting on behalf of, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to described LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server.
Preferably, the publicly-owned Cloud Server that the described information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside, according to the scanning sequency preset, is carried out safety detection by described information transmission to be detected and detection module 4002.
Testing result sending module 4003, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server 402 and/or killing server 404, with the safety detection making described caching server 402 and/or killing server 404 carry out the information to be detected in described LAN (Local Area Network).
Gently act on behalf of killing engine-off module 4004, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, close and gently act on behalf of killing engine in described light agent client 400.
The First Eigenvalue acquisition module 4005, for obtaining the All Eigenvalues of described whole information to be detected.
Second safety detection module 4006, for being scanned described All Eigenvalues and carried out safety detection by described killing engine of gently acting on behalf of to described whole information to be detected.
Testing result returns module 4007, for the testing result of described publicly-owned Cloud Server is returned to described caching server 402 and/or killing server 404.
Information to be detected sends judge module 4008, for judging to carry out safety detection the need of the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside in setting-up time section by described killing engine of gently acting on behalf of.
Whole testing result determination module 4009, if with not needing the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside to carry out safety detection in setting-up time section, then gently act on behalf of by described whole testing results that the information whole to be detected got in described LAN (Local Area Network) determined by killing engine.
Described caching server 402, can comprise
Relation judge module 4021, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected.
Information sending module 4022 to be detected, if for the corresponding relation that there is not the described information to be detected level of security corresponding with described information to be detected in described caching server 402, then described killing server 404 described information to be detected is sent to carry out the safety detection of described information to be detected.
Level of security determination module 4023, if for the corresponding relation that there is the described information to be detected level of security corresponding with described information to be detected in described caching server 402, then determine the level of security of described information to be detected according to described corresponding relation, or determine the level of security of described information to be detected according to the testing result of described killing server 404.
Described killing server 404, can comprise:
Second Eigenvalue acquisition module 4041, for obtaining the eigenwert of described information to be detected.
Second safety detection module 4042, carries out safety detection for scanning described eigenwert by the killing engine of described killing server 404 to described information to be detected.
In sum, the embodiment of the present invention arranges light agent client in virtual machine, obtained the information whole to be detected in the LAN (Local Area Network) at light agent client place by light agent client, by the killing engine of gently acting on behalf of in light agent client, safety detection is carried out to whole information to be detected; If do not obtain whole testing result, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected not obtaining testing result is determined again according to the testing result of publicly-owned Cloud Server; If obtain whole testing result, then close and gently act on behalf of killing engine in light agent client, and whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making caching server and/or killing server carry out the information to be detected in LAN (Local Area Network).
By the killing engine of gently acting on behalf of in light agent client, safety detection is being carried out to whole information to be detected, and when obtaining whole testing result, determine that the full detail in LAN (Local Area Network) is by the information gently acting on behalf of the identification of killing engine, now close and gently act on behalf of killing engine in light agent client, no longer need the full detail in local area network to carry out safety detection, save the resource occupation of the Internet resources in LAN (Local Area Network) and the virtual machine in LAN (Local Area Network).
The virtual safety detection scheme provided at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure required by system that there is the present invention program is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as the following claims reflect, all features of inventive aspect disclosed single embodiment before being to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in detail in the claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the virtual safety detection scheme of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The embodiment of the invention discloses A1, a kind of virtual safety detection method, comprising:
Light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carries out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
If gently act on behalf of killing engine to carry out safety detection to described whole information to be detected do not obtain whole testing result described, then the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
When described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
A2, method according to A1, wherein, described light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, comprising:
Described light agent client obtains whole information to be detected from least one virtual machine of at least one physical machine described LAN (Local Area Network);
Wherein, described LAN (Local Area Network) comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
A3, method according to A1 or A2, wherein, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.
A4, method according to A1, wherein, in described light agent client gently act on behalf of killing engine to described whole information to be detected carry out safety detection step, comprising:
Described light agent client obtains the All Eigenvalues of described whole information to be detected;
Described killing engine of gently acting on behalf of scans described All Eigenvalues and carries out safety detection to described whole information to be detected.
A5, method according to A1, wherein, the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client, comprising:
The publicly-owned Cloud Server that the described information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside, according to the scanning sequency preset, is carried out safety detection by described light agent client.
A6, method according to A1, wherein, described method also comprises:
The testing result of described publicly-owned Cloud Server is returned to described caching server and/or killing server by described light agent client.
A7, method according to A1, wherein, described caching server and/or killing server carry out the safety detection of the information to be detected in described LAN (Local Area Network), comprising:
Described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;
If do not exist, then described information to be detected sends to described killing server to carry out the safety detection of described information to be detected by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server;
If exist, then determine the level of security of described information to be detected according to described corresponding relation;
And/or,
Described killing server obtains the eigenwert of described information to be detected;
Described killing server scans described eigenwert by the killing engine of described killing server and carries out safety detection to described information to be detected.
A8, method according to A1, wherein, describedly gently act on behalf of whole testing results that killing engine judges whether to get described whole information to be detected in the following manner:
Described killing engine of gently acting on behalf of judges to carry out safety detection the need of the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside in setting-up time section;
If not, then describedly whole testing results that the information whole to be detected got in described LAN (Local Area Network) determined by killing engine are gently acted on behalf of.
A9, method according to A1, wherein, when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described method also comprises:
Close and gently act on behalf of killing engine in described light agent client.
A10, method according to A1, wherein, in described light agent client, a described caching server and described killing Servers installed virtual machine in multiple stage virtual machine.
The embodiment of the invention also discloses B11, a kind of virtual safety detecting system, comprising: light agent client, caching server and/or killing server; Wherein, described light agent client comprises:
Acquisition of information to be detected and detection module, for obtaining the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carry out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
Information to be detected sends and detection module, if carry out safety detection to described whole information to be detected do not obtain whole testing result for described killing engine of gently acting on behalf of, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to described LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
Testing result sending module, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
B12, system according to B11, wherein, described acquisition of information to be detected and detection module obtain whole information to be detected from least one virtual machine of at least one physical machine described LAN (Local Area Network);
Wherein, described LAN (Local Area Network) comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
B13, system according to B11 or B12, wherein, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.
B14, system according to B11, wherein, described light agent client, also comprises:
The First Eigenvalue acquisition module, for obtaining the All Eigenvalues of described whole information to be detected;
Second safety detection module, for being scanned described All Eigenvalues and carried out safety detection by described killing engine of gently acting on behalf of to described whole information to be detected.
B15, system according to B11, wherein, described information to be detected send and detection module according to the scanning sequency preset, the publicly-owned Cloud Server that the described information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection.
B16, system according to B11, wherein, described light agent client, also comprises:
Testing result returns module, for the testing result of described publicly-owned Cloud Server is returned to described caching server and/or killing server.
B17, system according to B11, wherein, described caching server, comprises
Relation judge module, for judging whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;
Information sending module to be detected, if for the corresponding relation that there is not the described information to be detected level of security corresponding with described information to be detected in described caching server, then described killing server is sent to carry out the safety detection of described information to be detected described information to be detected;
Level of security determination module, if for the corresponding relation that there is the described information to be detected level of security corresponding with described information to be detected in described caching server, then determine the level of security of described information to be detected according to described corresponding relation, or determine the level of security of described information to be detected according to the testing result of described killing server;
And/or,
Described killing server, comprising:
Second Eigenvalue acquisition module, for obtaining the eigenwert of described information to be detected;
Second safety detection module, carries out safety detection for scanning described eigenwert by the killing engine of described killing server to described information to be detected.
B18, system according to B11, wherein, described light agent client, also comprises:
Information to be detected sends judge module, for judging to carry out safety detection the need of the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside in setting-up time section by described killing engine of gently acting on behalf of;
Whole testing result determination module, if with not needing the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside to carry out safety detection in setting-up time section, then gently act on behalf of by described whole testing results that the information whole to be detected got in described LAN (Local Area Network) determined by killing engine.
B19, system according to B11, wherein, described system also comprises:
Gently act on behalf of killing engine-off module, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, close and gently act on behalf of killing engine in described light agent client.
B20, system according to B11, wherein, in described light agent client, a described caching server and described killing Servers installed virtual machine in multiple stage virtual machine.
Claims (10)
1. a virtual safety detection method, comprising:
Light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carries out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
If gently act on behalf of killing engine to carry out safety detection to described whole information to be detected do not obtain whole testing result described, then the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
When described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
2. method according to claim 1, wherein, described light agent client obtains the information whole to be detected in the LAN (Local Area Network) at described light agent client place, comprising:
Described light agent client obtains whole information to be detected from least one virtual machine of at least one physical machine described LAN (Local Area Network);
Wherein, described LAN (Local Area Network) comprises at least one physical machine, and described in every platform, physical machine comprises at least one virtual machine.
3. method according to claim 1 and 2, wherein, described information to be detected comprises at least one in fileinfo, website information, access path information, registration table reading writing information.
4. method according to claim 1, wherein, in described light agent client gently act on behalf of killing engine to described whole information to be detected carry out safety detection step, comprising:
Described light agent client obtains the All Eigenvalues of described whole information to be detected;
Described killing engine of gently acting on behalf of scans described All Eigenvalues and carries out safety detection to described whole information to be detected.
5. method according to claim 1, wherein, the publicly-owned Cloud Server that the information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside is carried out safety detection by described light agent client, comprising:
The publicly-owned Cloud Server that the described information to be detected not obtaining testing result is sent to described LAN (Local Area Network) outside, according to the scanning sequency preset, is carried out safety detection by described light agent client.
6. method according to claim 1, wherein, described method also comprises:
The testing result of described publicly-owned Cloud Server is returned to described caching server and/or killing server by described light agent client.
7. method according to claim 1, wherein, described caching server and/or killing server carry out the safety detection of the information to be detected in described LAN (Local Area Network), comprising:
Described caching server judges whether the corresponding relation being cached with the described information to be detected level of security corresponding with described information to be detected;
If do not exist, then described information to be detected sends to described killing server to carry out the safety detection of described information to be detected by described caching server; The level of security of described information to be detected is determined according to the testing result of described killing server;
If exist, then determine the level of security of described information to be detected according to described corresponding relation;
And/or,
Described killing server obtains the eigenwert of described information to be detected;
Described killing server scans described eigenwert by the killing engine of described killing server and carries out safety detection to described information to be detected.
8. method according to claim 1, wherein, describedly gently act on behalf of whole testing results that killing engine judges whether to get described whole information to be detected in the following manner:
Described killing engine of gently acting on behalf of judges to carry out safety detection the need of the publicly-owned Cloud Server information to be detected in described LAN (Local Area Network) being sent to described LAN (Local Area Network) outside in setting-up time section;
If not, then describedly whole testing results that the information whole to be detected got in described LAN (Local Area Network) determined by killing engine are gently acted on behalf of.
9. method according to claim 1, wherein, when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described method also comprises:
Close and gently act on behalf of killing engine in described light agent client.
10. a virtual safety detecting system, comprising: light agent client, caching server and/or killing server; Wherein, described light agent client comprises:
Acquisition of information to be detected and detection module, for obtaining the information whole to be detected in the LAN (Local Area Network) at described light agent client place, carry out safety detection by the killing engine of gently acting on behalf of in described light agent client to described whole information to be detected;
Information to be detected sends and detection module, if carry out safety detection to described whole information to be detected do not obtain whole testing result for described killing engine of gently acting on behalf of, then the publicly-owned Cloud Server information to be detected not obtaining testing result being sent to described LAN (Local Area Network) outside carries out safety detection; The level of security of the information to be detected of testing result is not obtained described in determining according to the testing result of described publicly-owned Cloud Server;
Testing result sending module, for when described gently act on behalf of killing engine get whole testing result of described whole information to be detected time, described whole information to be detected and corresponding whole testing results are sent to caching server and/or killing server, with the safety detection making described caching server and/or killing server carry out the information to be detected in described LAN (Local Area Network);
Wherein, described light agent client is arranged in virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7A CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7A CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104504339A true CN104504339A (en) | 2015-04-08 |
| CN104504339B CN104504339B (en) | 2017-11-07 |
Family
ID=52945735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410818266.7A Active CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104504339B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893849A (en) * | 2016-03-30 | 2016-08-24 | 北京北信源软件股份有限公司 | Method for distributing patches under virtualization platform |
| CN106383735A (en) * | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| WO2017036336A1 (en) * | 2015-09-01 | 2017-03-09 | 阿里巴巴集团控股有限公司 | Cloud platform-based service data processing method and device |
| CN114615035A (en) * | 2022-02-28 | 2022-06-10 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104680A1 (en) * | 2006-10-02 | 2008-05-01 | Gibson Gregg K | Local Blade Server Security |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| US20130145375A1 (en) * | 2010-07-01 | 2013-06-06 | Neodana, Inc. | Partitioning processes across clusters by process type to optimize use of cluster specific configurations |
-
2014
- 2014-12-24 CN CN201410818266.7A patent/CN104504339B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104680A1 (en) * | 2006-10-02 | 2008-05-01 | Gibson Gregg K | Local Blade Server Security |
| US20130145375A1 (en) * | 2010-07-01 | 2013-06-06 | Neodana, Inc. | Partitioning processes across clusters by process type to optimize use of cluster specific configurations |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017036336A1 (en) * | 2015-09-01 | 2017-03-09 | 阿里巴巴集团控股有限公司 | Cloud platform-based service data processing method and device |
| CN105893849A (en) * | 2016-03-30 | 2016-08-24 | 北京北信源软件股份有限公司 | Method for distributing patches under virtualization platform |
| CN105893849B (en) * | 2016-03-30 | 2019-06-21 | 北京北信源软件股份有限公司 | Method for distributing patch under a kind of virtual platform |
| CN106383735A (en) * | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| CN114615035A (en) * | 2022-02-28 | 2022-06-10 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
| CN114615035B (en) * | 2022-02-28 | 2023-12-08 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104504339B (en) | 2017-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107948314B (en) | Business processing method and device based on rule file and server | |
| US20160359875A1 (en) | Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and api flow-based dynamic analysis | |
| US8769673B2 (en) | Identifying potentially offending content using associations | |
| KR101781450B1 (en) | Method and Apparatus for Calculating Risk of Cyber Attack | |
| US10387236B2 (en) | Processing data errors for a data processing system | |
| EP1667062A1 (en) | Resource reconciliation | |
| CN103546590A (en) | Method and device for choosing DNS (domain name server) | |
| US20180082061A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| KR20160125960A (en) | Virus processing method, apparatus, system and device, and computer storage medium | |
| EP2531940A2 (en) | Url reputation system | |
| US10043012B2 (en) | Method of correlating static and dynamic application security testing results for a web application | |
| US11050777B2 (en) | Method and system for remediating cybersecurity vulnerabilities based on utilization | |
| CN104504339A (en) | Virtualization security detection method and system | |
| CN103559447B (en) | A kind of detection method, checkout gear and detection system based on Virus Sample feature | |
| CN104901975A (en) | Web log safety analyzing method, device and gateway | |
| US20180025154A1 (en) | Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application | |
| CN103957239A (en) | DNS cache information processing method, device and system | |
| CN104036019A (en) | Method and device for opening webpage links | |
| CN104504331A (en) | Virtualization security detection method and system | |
| CN109657434A (en) | Application access method and device | |
| CN106227769A (en) | Date storage method and device | |
| CN104504330A (en) | Virtual safety detecting method and system | |
| US11695793B2 (en) | Vulnerability scanning of attack surfaces | |
| CN103544271A (en) | Picture processing window loading method and device for browsers | |
| CN102917053B (en) | A kind of method, apparatus and system for judging webpage urlrewriting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161207 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihu Technology Co., Ltd. Applicant before: Qizhi Software (Beijing) Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: Qianxin Technology Group Co., Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |