CN104504339B - Virtualize safety detection method and system - Google Patents
Virtualize safety detection method and system Download PDFInfo
- Publication number
- CN104504339B CN104504339B CN201410818266.7A CN201410818266A CN104504339B CN 104504339 B CN104504339 B CN 104504339B CN 201410818266 A CN201410818266 A CN 201410818266A CN 104504339 B CN104504339 B CN 104504339B
- Authority
- CN
- China
- Prior art keywords
- checked
- measurement information
- killing
- server
- light
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 178
- 238000005259 measurement Methods 0.000 claims abstract description 217
- 238000000034 method Methods 0.000 claims abstract description 23
- 239000003795 chemical substances by application Substances 0.000 claims description 130
- 238000007689 inspection Methods 0.000 claims description 8
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000008901 benefit Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 239000011800 void material Substances 0.000 description 4
- 239000000306 component Substances 0.000 description 3
- 238000009825 accumulation Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003806 hair structure Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Investigating Or Analysing Materials By Optical Means (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides one kind virtualization safety detection method and system, wherein, methods described includes:The whole measurement information to be checked in LAN where the light agent client of light agent client acquisition, by light killing engine of acting on behalf of therein to all measurement informations progress safety detections to be checked;If not obtaining whole testing results, the publicly-owned Cloud Server that the measurement information to be checked that testing result is not obtained is sent to LAN carries out safety detection;The level of security of the measurement information to be checked of testing result is not obtained according to the determination of the testing result of publicly-owned Cloud Server;When getting all whole testing results of measurement information to be checked, all measurement information to be checked and corresponding whole testing results are sent to caching server and/or killing server, so that caching server and/or killing server carry out the safety detection of the measurement information to be checked in LAN;Wherein, light agent client is located in virtual machine.Present invention saves the resource occupation in LAN.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of virtualization safety detection method and system.
Background technology
Virtualization, refers to that by virtualization technology be many logical computers by a computer virtual.In a calculating
Multiple logical computers are run simultaneously on machine, each logical computer can run different operating systems, and application program is all
It can run and be independent of each other in separate space, so as to significantly improve the operating efficiency of computer.
In existing virtualization safety detection scheme, if the information in local area network carries out safety detection, it is necessary in local
One or more killing server is set in the virtual machine of net, the full detail in LAN is sent to one or more killing
Server carries out safety detection.
Because the information in LAN is relatively fixed, continually examined using the information in killing server local area network
Survey, the waste of the Internet resources of LAN and the configuration resource of virtual machine can be caused.
The content of the invention
In view of above-mentioned existing virtualization safety detection method is pacified by the information in killing server local area network
Full inspection is surveyed, the problem of easily causing the wasting of resources, it is proposed that the present invention overcomes above mentioned problem or at least portion to provide one kind
The virtualization safety detection method and system solved the above problems with dividing.
Safety detection method is virtualized there is provided one kind according to one aspect of the present invention, including:
The whole measurement information to be checked in LAN where the light agent client acquisition light agent client, passes through institute
The light killing engine of acting on behalf of stated in light agent client carries out safety detection to whole measurement information to be checked;
If the light killing engine of acting on behalf of does not obtain all detection knots to whole measurement information to be checked progress safety detection
Really, then the light agent client sends the measurement information to be checked for not obtaining testing result to the public cloud outside the LAN
Server carries out safety detection;The to be checked of testing result is not obtained according to being determined the testing result of the publicly-owned Cloud Server
The level of security of measurement information;
When it is described it is light act on behalf of killing engine and get whole testing results of whole measurement information to be checked when, will it is described entirely
Portion's measurement information to be checked and corresponding whole testing results are sent to caching server and/or killing server, so that the caching
Server and/or killing server carry out the safety detection of the measurement information to be checked in the LAN;
Wherein, the light agent client is located in virtual machine.
Safety detecting system is virtualized there is provided one kind according to another aspect of the present invention, including:Light agent client,
Caching server and/or killing server;Wherein, the light agent client includes:
Acquisition of information and detection module to be detected, for obtaining the whole in the LAN where the light agent client
Measurement information to be checked, by the light killing engine of acting on behalf of in the light agent client to whole measurement information to be checked progress safety
Detection;
Measurement information to be checked is sent and detection module, if gently acting on behalf of killing engine to whole measurement information to be checked for described
Carry out safety detection and do not obtain whole testing results, then send the measurement information to be checked for not obtaining testing result to the LAN
Outside publicly-owned Cloud Server carries out safety detection;Do not examined according to being determined the testing result of the publicly-owned Cloud Server
Survey the level of security of the measurement information to be checked of result;
Testing result sending module, for light acting on behalf of killing engine when described and getting the complete of whole measurement information to be checked
During portion's testing result, whole measurement information to be checked and corresponding whole testing results are sent to caching server and/or looked into
Server is killed, so that the caching server and/or killing server carry out the safety of the measurement information to be checked in the LAN
Detection;
Wherein, the light agent client is located in virtual machine.
It is existing virtualization safety detection scheme in, when in local area network full detail carry out safety detection when, it is necessary to
One or more killing server is set in the virtual machine of LAN, safe inspection is carried out to full detail by killing server
Survey.Because the full detail in LAN is relatively fixed, the content for increasing or updating is seldom, if using killing server continually
Relatively-stationary full detail in LAN is scanned, the waste of resource certainly will be caused.And examined according to the secure virtual machine of the present invention
Survey scheme, sets light agent client in virtual machine, as the LAN where light agent client obtains light agent client
In whole measurement information to be checked, killing engine is acted on behalf of by light in light agent client safety is carried out to all measurement informations to be checked
Detection;If not obtaining whole testing results, the measurement information to be checked that testing result is not obtained is sent to the public affairs to LAN
There is Cloud Server to carry out safety detection;Testing result further according to publicly-owned Cloud Server determines not obtaining the to be detected of testing result
The level of security of information;If obtaining whole testing results, all measurement information to be checked and corresponding whole testing results it will send
To caching server and/or killing server so that caching server and/or killing server carry out it is to be detected in LAN
The safety detection of information.
Light killing engine of acting on behalf of in by light agent client carries out safety detection to all measurement informations to be checked, and obtains
During to whole testing results, it is the information for gently being acted on behalf of the identification of killing engine to determine the full detail in LAN, now not
Need the full detail in local area network to carry out safety detection again, save the void in the Internet resources and LAN in LAN
The resource occupation of plan machine.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is a kind of step flow chart of according to embodiments of the present invention one virtualization safety detection method;
Fig. 2 is a kind of step flow chart of according to embodiments of the present invention two virtualization safety detection method;
Fig. 3 is a kind of structured flowchart of according to embodiments of the present invention three virtualization safety detecting system;
Fig. 4 is a kind of structured flowchart of according to embodiments of the present invention four virtualization safety detecting system.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Embodiment one
A kind of virtualization safety detection method provided in an embodiment of the present invention is discussed in detail.
Reference picture 1, shows a kind of step flow chart of virtualization safety detection method in the embodiment of the present invention.
Virtualization safety detection method in the embodiment of the present invention can apply to include light agent client, buffer service
In system including device and/or killing server.
Wherein, the light agent client can be arranged in virtual machine, the caching server and/or killing clothes
Business device can be arranged in virtual machine or physical machine.For example, the light agent client can be arranged in many virtual machines
In one virtual machine, the caching server and/or the killing server can be only arranged in a physical machine, or,
It can also be arranged in a virtual machine, alternatively, the light agent client, the caching server and/or the killing
Server can be arranged in same virtual machine in many virtual machines, and then without setting in other virtual machines.
The virtualization safety detection method of the present embodiment comprises the following steps:
Step 100, the whole letter to be detected in the LAN where the light agent client acquisition light agent client
Breath, by the light killing engine of acting on behalf of in the light agent client to whole measurement information to be checked progress safety detection;If
The light killing engine of acting on behalf of does not obtain whole testing results to whole measurement information to be checked progress safety detection, then performs step
Rapid 102;If described gently act on behalf of whole testing results that killing engine gets whole measurement information to be checked, step is performed
104。
The measurement information to be checked can be in same virtual machine, can also be in many virtual machines, can be with
, can also be in many physical machines, that is to say, that can be obtained by light agent client in a physical machine
The measurement information to be checked of task location in LAN.
Moreover, light agent client can be by the whole measurement information to be checked of Network Capture, with passing through bottom physical layer transmission
Measurement information to be checked is compared, because of the limitation of bottom physical layer in itself, is only capable of transmitting fileinfo, and passes through the to be detected of network transmission
Information, in addition to it can be fileinfo, can also include but is not limited to website information, access path information, registration table read-write
Information etc..
Light agent client be internally provided with it is light act on behalf of killing engine, it is described it is light act on behalf of killing engine can be directed to it is specific
The information of type, specific environment or specific resources etc. carries out quickly safety detection, and it is relative to traditional killing server, tool
Have the advantages that resources occupation rate is low, killing efficiency high.
Step 102, the light agent client sends the measurement information to be checked for not obtaining testing result to the LAN
Outside publicly-owned Cloud Server carries out safety detection;Do not examined according to being determined the testing result of the publicly-owned Cloud Server
Survey the level of security of the measurement information to be checked of result.
For example, light agent client, which treats detection information A, carries out safety detection, not to the detection knot to measurement information A to be checked
Really, represent that light agent client can not treat detection information A and be identified, then light agent client sends measurement information A to be checked
Cloud Server outside to LAN carries out safety detection, further determines measurement information to be checked according to the testing result of Cloud Server
A level of security.
Step 104, the light agent client sends whole measurement information to be checked and corresponding whole testing results
To caching server and/or killing server, so that the caching server and/or killing server are carried out in the LAN
Measurement information to be checked safety detection.
The light agent client carries out safety detection to all measurement informations to be checked, obtains whole testing results, expression office
Full detail in the net of domain can be recognized that then the killing engine in light agent client can be closed by light agent client,
Safety detection need not be carried out to the information in current LAN again.
Now, light agent client can be by the corresponding all inspections of the full detail and full detail in current local area network
Survey result and send caching server and/or killing server into LAN, utilize caching server and/or killing server
Information in local area network carries out safety detection.
Caching server and/or killing server can pass through the full detail in accumulation, study LAN and whole
The corresponding whole testing results of information, increase the cache database of caching server and/or the killing database of killing server,
Improve the safety detection ability of caching server and/or killing server.
It should be noted that described gently act on behalf of whole detection knots that killing engine gets whole measurement information to be checked
Really, it can include gently acting on behalf of killing engine by itself treating the testing result that detection information progress safety detection is obtained, may be used also
With including carrying out the testing result that safety detection is obtained by publicly-owned Cloud Server.
In summary, the embodiment of the present invention sets light agent client in virtual machine, obtains light by light agent client
The measurement information to be checked of the whole in LAN where agent client, by gently acting on behalf of killing engine pair in light agent client
All measurement information to be checked carries out safety detection;If not obtaining whole testing results, the letter to be detected of testing result will not be obtained
Breath sends to the publicly-owned Cloud Server outside LAN and carries out safety detection;Testing result further according to publicly-owned Cloud Server is determined
The level of security of the measurement information to be checked of testing result is not obtained;If obtaining whole testing results, will all measurement informations to be checked and
Corresponding whole testing results are sent to caching server and/or killing server, so that caching server and/or killing service
Device carries out the safety detection of the measurement information to be checked in LAN.
Light killing engine of acting on behalf of in by light agent client carries out safety detection to all measurement informations to be checked, and obtains
During to whole testing results, it is the information for gently being acted on behalf of the identification of killing engine to determine the full detail in LAN, now not
Need the full detail in local area network to carry out safety detection again, save the void in the Internet resources and LAN in LAN
The resource occupation of plan machine.
Embodiment two
A kind of virtualization safety detection method provided in an embodiment of the present invention is discussed in detail.
Reference picture 2, shows a kind of step flow chart of virtualization safety detection method in the embodiment of the present invention.
Virtualization safety detection method in the embodiment of the present invention can apply to include light agent client, buffer service
In system including device and/or killing server.
Wherein, the light agent client can be arranged in virtual machine, the caching server and/or killing clothes
Business device can be arranged in virtual machine or in physical machine.For example, the light agent client can be arranged in many virtual machines
A virtual machine in, the caching server and/or the killing server can be only arranged in a physical machine, or
Person, can also be arranged in a virtual machine, alternatively, the light agent client, the caching server and/or described look into
Kill in the same virtual machine that server can be arranged in many virtual machines, and then without setting in other virtual machines.
The virtualization safety detection method of the present embodiment comprises the following steps:
Step 200, the whole letter to be detected in the LAN where the light agent client acquisition light agent client
Breath, by the light killing engine of acting on behalf of in the light agent client to whole measurement information to be checked progress safety detection.
The measurement information to be checked can be in same virtual machine, can also be in many virtual machines, can be with
, can also be in many physical machines, that is to say, that can be obtained by light agent client in a physical machine
The measurement information to be checked of task location in LAN.
Moreover, light agent client can be by the whole measurement information to be checked of Network Capture, with passing through bottom physical layer transmission
Measurement information to be checked is compared, because of the limitation of bottom physical layer in itself, is only capable of transmitting fileinfo, and passes through the to be detected of network transmission
Information, in addition to it can be fileinfo, can also include but is not limited to website information, access path information, registration table read-write
Information etc..
Light agent client be internally provided with it is light act on behalf of killing engine, it is described it is light act on behalf of killing engine can be directed to it is specific
The information of type, specific environment or specific resources etc. carries out quickly safety detection, and it is relative to traditional killing server, tool
Have the advantages that resources occupation rate is low, killing efficiency high.
Preferably, in the LAN in the step 200 where the light agent client acquisition light agent client
All the process of measurement information to be checked can be:
The light agent client is obtained from least one virtual machine of at least one physical machine in the LAN
Whole measurement informations to be checked.
Wherein, the LAN includes at least one physical machine, and every physical machine includes at least one virtual machine.
For example, the LAN J1 where light agent client Q1 includes physical machine W1 and physical machine W2, physical machine W1 bags
Virtual machine X1 and X2 is included, physical machine W2 includes virtual machine X3 and X4, then light agent client Q1 can be from virtual machine X1, X2, X3
With the whole measurement informations to be checked of acquisition in X4, all measurement informations to be checked both can be individually obtained from virtual machine X1, again can be independent
All measurement informations to be checked are obtained from virtual machine X2, all measurement informations to be checked can also be individually obtained from virtual machine X3, meanwhile,
All measurement informations to be checked can also be individually obtained from virtual machine X4.It should be noted that when light agent client from some
Or when whole in LAN measurement information to be checked is got in several virtual machines or physical machine, represent in LAN other are virtual
Without measurement information to be checked in machine or physical machine.
Preferably, the measurement information to be checked can include fileinfo, website information, access path information, registration table reading
At least one of write information, the particular content that the embodiment of the present invention treats detection information is not restricted.
Preferably, light in light agent client described in the step 200 to act on behalf of killing engine to be checked to the whole
Measurement information carry out safety detection the step of, can include:
Sub-step 2001, the light agent client obtains the All Eigenvalues of the whole measurement information to be checked.
The characteristic value of the measurement information to be checked is has the attribute information of uniqueness for identifying measurement information to be checked, light agency
Client can treat detection information carry out calculate etc. operation obtain characteristic value, the embodiment of the present invention is obtained to light agent client
The technological means of the characteristic value of measurement information to be checked is not restricted.
Sub-step 2002, the light killing engine scanning All Eigenvalues of acting on behalf of enter to whole measurement information to be checked
Row safety detection.
The light core component for acting on behalf of killing engine for light agent client, can be to spy using gently killing engine is acted on behalf of
Value indicative is scanned and recognized, realizes the safety detection for treating detection information.
Step 202, the light killing engine of acting on behalf of judges whether to get whole detections of whole measurement information to be checked
As a result;If it is not, then performing step 204;If so, then performing step 206.
Preferably, the step 202 can be:
The light killing engine of acting on behalf of judges whether needed the letter to be detected in the LAN in setting time section
Breath sends to the publicly-owned Cloud Server outside the LAN and carries out safety detection;If it is not, then described, light to act on behalf of killing engine true
Surely whole testing results of the whole measurement information to be checked in the LAN are got;If so, then described gently act on behalf of killing engine
It is determined that not getting whole testing results of the whole measurement information to be checked in the LAN.
Wherein, the setting time section can be some months, can specifically be set according to the actual conditions of LAN,
The embodiment of the present invention is not restricted to setting time section.
Step 204, the light agent client sends the measurement information to be checked for not obtaining testing result to the LAN
Outside publicly-owned Cloud Server carries out safety detection;Do not examined according to being determined the testing result of the publicly-owned Cloud Server
Survey the level of security of the measurement information to be checked of result.
For example, light agent client, which treats detection information A, carries out safety detection, not to the detection knot to measurement information A to be checked
Really, represent that light agent client can not treat detection information A and be identified, then light agent client sends measurement information A to be checked
Cloud Server outside to LAN carries out safety detection, further determines measurement information to be checked according to the testing result of Cloud Server
A level of security.
Preferably, light agent client described in the step 204 sends the measurement information to be checked for not obtaining testing result
The process for carrying out safety detection to the publicly-owned Cloud Server outside the LAN can be:
The light agent client sends out the measurement information to be checked for not obtaining testing result according to default scanning sequency
The publicly-owned Cloud Server delivered to outside the LAN carries out safety detection.
If there are multiple measurement informations to be checked for needing transmission to carry out safety detection to publicly-owned Cloud Server, light proxy client
End can send multiple measurement informations to be checked to publicly-owned Cloud Server and carry out safety detection according to default scanning sequency.
Step 206, the light agent client sends whole measurement information to be checked and corresponding whole testing results
To caching server and/or killing server, so that the caching server and/or killing server are carried out in the LAN
Measurement information to be checked safety detection;Also, close in the light agent client and gently act on behalf of killing engine.
The light agent client carries out safety detection to all measurement informations to be checked, obtains whole testing results, expression office
Full detail in the net of domain can be recognized that then the killing engine in light agent client can be closed by light agent client,
Safety detection need not be carried out to the information in current LAN again.
Now, light agent client can be by the corresponding all inspections of the full detail and full detail in current local area network
Survey result and send caching server and/or killing server into LAN, utilize caching server and/or killing server
Information in local area network carries out safety detection.
Preferably, the testing result of the publicly-owned Cloud Server can be returned to the caching by the light agent client
Server and/or killing server.
Caching server and/or killing server can pass through the full detail in accumulation, study LAN and whole
The corresponding whole testing results of information, increase the cache database of caching server and/or the killing database of killing server,
Improve the safety detection ability of caching server and/or killing server.
Preferably, caching server described in the step 206 carries out the safety of the measurement information to be checked in the LAN
The process of detection can be:
Step 61, the caching server judges whether to be cached with the measurement information to be checked corresponding with the measurement information to be checked
Level of security corresponding relation;If being not present, step 62 is performed;If in the presence of execution step 63.
The corresponding relation of the corresponding level of security of measurement information to be checked can be cached in caching server.For example, slow
Deposit the corresponding relation that the corresponding level of securitys " danger " of measurement information A to be checked are cached with server;Delay in caching server
There is the corresponding relation of the corresponding level of securitys " safety " of measurement information B to be checked.
Step 62, the measurement information to be checked is sent to killing server and carries out the letter to be detected by the caching server
The safety detection of breath;The level of security of the measurement information to be checked is determined according to the testing result of the killing server.
For example, the corresponding relation of the corresponding level of securitys of measurement information C to be checked is not present in caching server, then delay
Deposit server and measurement information C to be checked is sent to killing server to the safety detection for carrying out measurement information C to be checked, obtained by killing server
To measurement information C to be checked testing result, caching server can determine measurement information C to be checked level of security according to testing result.
That is, the corresponding relation of the corresponding level of security of certain measurement information to be checked is not present in caching server
When, the measurement information to be checked is sent to killing server and carries out safety detection, the inspection obtained by killing server by caching server
Survey the level of security that result judges the measurement information to be checked.
Step 63, the level of security of the measurement information to be checked is determined according to the corresponding relation.
If there is the corresponding relation of the corresponding level of security of certain measurement information to be checked in caching server, directly determine
Go out the corresponding level of security of the measurement information to be checked.
Preferably, killing server described in the step 206 carries out the safety of the measurement information to be checked in the LAN
The process of detection can be:
Step 64, the killing server obtains the characteristic value of the measurement information to be checked.
Step 65, the killing server scans the characteristic value to described by the killing engine of the killing server
Measurement information to be checked carries out safety detection.
It should be noted that the process that implements of above-mentioned steps 64 and step 65 is referred to the above-mentioned He of sub-step 2001
The implementation process of sub-step 2002, will not be repeated here.
It should be noted that described gently act on behalf of whole detection knots that killing engine gets whole measurement information to be checked
Really, it can include gently acting on behalf of killing engine by itself treating the testing result that detection information progress safety detection is obtained, may be used also
With including carrying out the testing result that safety detection is obtained by publicly-owned Cloud Server.
In summary, the embodiment of the present invention sets light agent client in virtual machine, obtains light by light agent client
The measurement information to be checked of the whole in LAN where agent client, by gently acting on behalf of killing engine pair in light agent client
All measurement information to be checked carries out safety detection;If not obtaining whole testing results, the letter to be detected of testing result will not be obtained
Breath sends to the publicly-owned Cloud Server outside LAN and carries out safety detection;Testing result further according to publicly-owned Cloud Server is determined
The level of security of the measurement information to be checked of testing result is not obtained;If obtaining whole testing results, close in light agent client
It is light act on behalf of killing engine, and all measurement informations to be checked and corresponding whole testing results sent to caching server and/or
Killing server, so that caching server and/or killing server carry out the safety detection of the measurement information to be checked in LAN.
Light killing engine of acting on behalf of in by light agent client carries out safety detection to all measurement informations to be checked, and obtains
During to whole testing results, it is the information for gently being acted on behalf of the identification of killing engine to determine the full detail in LAN, is now closed
Close in light agent client and gently act on behalf of killing engine, it is no longer necessary to which the full detail in local area network carries out safety detection, section
The resource occupation of the virtual machine in the Internet resources and LAN in LAN is saved.
Embodiment three
A kind of virtualization safety detecting system provided in an embodiment of the present invention is discussed in detail.
Reference picture 3, shows a kind of structured flowchart of virtualization safety detecting system in the embodiment of the present invention.
The system can include:Be arranged at the light agent client 300 in virtual machine, and caching server and/or
Killing server;
Wherein, caching server and/or killing server can be arranged in physical machine or virtual machine.For example, described light
Agent client 300 can be arranged in a virtual machine in many virtual machines, the caching server and/or the killing
Server can be only arranged in a physical machine, or, it can also be arranged in a virtual machine, alternatively, the light generation
Reason client 300, the caching server and/or the killing server can be arranged at same void in many virtual machines
In plan machine, and then without setting in other virtual machines.
Wherein, the light agent client 300, can include:Acquisition of information and detection module 3001 to be detected, it is to be detected
Information is sent and detection module 3002, testing result sending module 3003.
Acquisition of information and detection module 3001 to be detected, the LAN for obtaining the place of light agent client 300
In whole measurement information to be checked, killing engine is acted on behalf of by light in the light agent client 300 to be detected to the whole
Information carries out safety detection.
Measurement information to be checked is sent and detection module 3002, if light to act on behalf of killing engine to be detected to the whole for described
Information carries out safety detection and does not obtain whole testing results, then sends the measurement information to be checked for not obtaining testing result to the office
Publicly-owned Cloud Server outside the net of domain carries out safety detection;Do not obtained according to being determined the testing result of the publicly-owned Cloud Server
To the level of security of the measurement information to be checked of testing result.
Testing result sending module 3003, for light acting on behalf of killing engine when described and getting whole measurement information to be checked
Whole testing results when, by whole measurement information to be checked and corresponding whole testing results send to caching server and/
Or killing server, so that the caching server and/or killing server carry out the measurement information to be checked in the LAN
Safety detection.
In summary, the embodiment of the present invention sets light agent client in virtual machine, obtains light by light agent client
The measurement information to be checked of the whole in LAN where agent client, by gently acting on behalf of killing engine pair in light agent client
All measurement information to be checked carries out safety detection;If not obtaining whole testing results, the letter to be detected of testing result will not be obtained
Breath sends to the publicly-owned Cloud Server outside LAN and carries out safety detection;Testing result further according to publicly-owned Cloud Server is determined
The level of security of the measurement information to be checked of testing result is not obtained;If obtaining whole testing results, will all measurement informations to be checked and
Corresponding whole testing results are sent to caching server and/or killing server, so that caching server and/or killing service
Device carries out the safety detection of the measurement information to be checked in LAN.
Light killing engine of acting on behalf of in by light agent client carries out safety detection to all measurement informations to be checked, and obtains
During to whole testing results, it is the information for gently being acted on behalf of the identification of killing engine to determine the full detail in LAN, now not
Need the full detail in local area network to carry out safety detection again, save the void in the Internet resources and LAN in LAN
The resource occupation of plan machine.
Example IV
A kind of virtualization safety detecting system provided in an embodiment of the present invention is discussed in detail.
Reference picture 4, shows a kind of structured flowchart of virtualization safety detecting system in the embodiment of the present invention.
The system can include:Be arranged at the light agent client 400 in virtual machine, and caching server 402 and/
Or killing server 404.
Wherein, caching server 402 and/or killing server 404 can be arranged in physical machine or virtual machine.For example,
The light agent client 400 can be arranged in a virtual machine in many virtual machines, the caching server 402 and/
Or the killing server 404 can be only arranged in a physical machine, or, it can also be arranged in a virtual machine, can
Selection of land, the light agent client 400, the caching server 402 and/or the killing server 404 can be arranged at many
In same virtual machine in platform virtual machine, and then without setting in other virtual machines.
Wherein, the light agent client 400 can include:Acquisition of information and detection module 4001 to be detected, it is to be detected
Information is sent and detection module 4002, testing result sending module 4003, gently acts on behalf of killing engine closedown module 4004, and first is special
Value indicative acquisition module 4005, the second safety detection module 4006, testing result returns to module 4007, and measurement information to be checked, which is sent, to be judged
Module 4008, whole testing result determining modules 4009.
The caching server 402 can include:Relation judge module 4021, information sending module 4022 to be detected, peace
Full rank determination module 4023.
The killing server 404 can include:Second Eigenvalue acquisition module 4041, the second safety detection module
4042。
The light agent client 400 can include:
Acquisition of information and detection module 4001 to be detected, the LAN for obtaining the place of light agent client 400
In whole measurement information to be checked, killing engine is acted on behalf of by light in the light agent client 400 to be detected to the whole
Information carries out safety detection.
Preferably, the acquisition of information to be detected and detection module 4001 are from least one physical machine in the LAN
At least one virtual machine in obtain all measurement informations to be checked.
Wherein, the LAN includes at least one physical machine, and every physical machine includes at least one virtual machine.
Preferably, the information to be detected includes fileinfo, website information, access path information, registration table read-write letter
At least one of breath.
Measurement information to be checked is sent and detection module 4002, if light to act on behalf of killing engine to be detected to the whole for described
Information carries out safety detection and does not obtain whole testing results, then sends the measurement information to be checked for not obtaining testing result to the office
Publicly-owned Cloud Server outside the net of domain carries out safety detection;Do not obtained according to being determined the testing result of the publicly-owned Cloud Server
To the level of security of the measurement information to be checked of testing result.
Preferably, the measurement information to be checked is sent and detection module 4002 is according to default scanning sequency, is not obtained by described in
The publicly-owned Cloud Server sent to the measurement information to be checked of testing result to the LAN carries out safety detection.
Testing result sending module 4003, for light acting on behalf of killing engine when described and getting whole measurement information to be checked
Whole testing results when, whole measurement information to be checked and corresponding whole testing results are sent to caching server 402
And/or killing server 404, so that the caching server 402 and/or killing server 404 are carried out in the LAN
The safety detection of measurement information to be checked.
Killing engine closedown module 4004 gently is acted on behalf of, for light acting on behalf of killing engine when described to get the whole to be checked
During whole testing results of measurement information, close in the light agent client 400 and gently act on behalf of killing engine.
The First Eigenvalue acquisition module 4005, the All Eigenvalues for obtaining whole measurement information to be checked.
Second safety detection module 4006, for scanning the All Eigenvalues to institute by the light killing engine of acting on behalf of
State all measurement informations to be checked and carry out safety detection.
Testing result returns to module 4007, is taken for the testing result of the publicly-owned Cloud Server to be returned into the caching
Business device 402 and/or killing server 404.
Measurement information to be checked sends judge module 4008, for being judged by the light killing engine of acting on behalf of in setting time section
Inside whether need to be pacified the publicly-owned Cloud Server that the measurement information to be checked in the LAN is sent to the LAN
Full inspection is surveyed.
Whole testing result determining modules 4009, if with need not will be to be checked in the LAN in setting time section
The publicly-owned Cloud Server that measurement information is sent to the LAN carries out safety detection, then gently acts on behalf of killing engine by described
It is determined that getting whole testing results of the whole measurement information to be checked in the LAN.
The caching server 402, can include
Relation judge module 4021, it is corresponding with the measurement information to be checked for judging whether to be cached with the measurement information to be checked
Level of security corresponding relation.
Information sending module 4022 to be detected, if for the measurement information to be checked to be not present in the caching server 402
The corresponding relation of level of security corresponding with the measurement information to be checked, then be sent to the killing service by the measurement information to be checked
Device 404 carries out the safety detection of the measurement information to be checked.
Level of security determining module 4023, if for there is the measurement information to be checked and institute in the caching server 402
The corresponding relation of the corresponding level of security of measurement information to be checked is stated, then the peace of the measurement information to be checked is determined according to the corresponding relation
Full rank, or determine according to the testing result of the killing server 404 level of security of the measurement information to be checked.
The killing server 404, can include:
Second Eigenvalue acquisition module 4041, the characteristic value for obtaining the measurement information to be checked.
Second safety detection module 4042, for scanning the feature by the killing engine of the killing server 404
Value carries out safety detection to the measurement information to be checked.
In summary, the embodiment of the present invention sets light agent client in virtual machine, obtains light by light agent client
The measurement information to be checked of the whole in LAN where agent client, by gently acting on behalf of killing engine pair in light agent client
All measurement information to be checked carries out safety detection;If not obtaining whole testing results, the letter to be detected of testing result will not be obtained
Breath sends to the publicly-owned Cloud Server outside LAN and carries out safety detection;Testing result further according to publicly-owned Cloud Server is determined
The level of security of the measurement information to be checked of testing result is not obtained;If obtaining whole testing results, close in light agent client
It is light act on behalf of killing engine, and all measurement informations to be checked and corresponding whole testing results sent to caching server and/or
Killing server, so that caching server and/or killing server carry out the safety detection of the measurement information to be checked in LAN.
Light killing engine of acting on behalf of in by light agent client carries out safety detection to all measurement informations to be checked, and obtains
During to whole testing results, it is the information for gently being acted on behalf of the identification of killing engine to determine the full detail in LAN, is now closed
Close in light agent client and gently act on behalf of killing engine, it is no longer necessary to which the full detail in local area network carries out safety detection, section
The resource occupation of the virtual machine in the Internet resources and LAN in LAN is saved.
Virtualization safety detection scheme is not solid with any certain computer, virtual system or miscellaneous equipment provided herein
There is correlation.Various general-purpose systems can also be used together with based on teaching in this.As described above, construction has this hair
Structure required by the system of bright scheme is obvious.In addition, the present invention is not also directed to any certain programmed language.Should
Understand, it is possible to use various programming languages realize the content of invention described herein, and language-specific is done above
Description be in order to disclose the present invention preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as right
As claim reflects, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows tool
Thus claims of body embodiment are expressly incorporated in the embodiment, wherein the conduct of each claim in itself
The separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation
Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Mode it can use in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) are realized in virtualization safety detection scheme according to embodiments of the present invention
The some or all functions of some or all parts.The present invention is also implemented as being used to perform method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).Such reality
The program of the existing present invention can be stored on a computer-readable medium, or can have the form of one or more signal.
Such signal can be downloaded from internet website and obtained, and either be provided or in any other form on carrier signal
There is provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (18)
1. one kind virtualization safety detection method, including:
The whole measurement information to be checked in LAN where the light agent client acquisition light agent client, by described light
Light killing engine of acting on behalf of in agent client carries out safety detection to whole measurement information to be checked;The light agent client
It is internally provided with and gently acts on behalf of killing engine, the light killing engine of acting on behalf of is for particular type, specific environment or specific resources
Information carries out quickly safety detection;
If the light killing engine of acting on behalf of does not obtain whole testing results to whole measurement information to be checked progress safety detection,
The light agent client sends the measurement information to be checked for not obtaining testing result the publicly-owned cloud service to the LAN
Device carries out safety detection;The letter to be detected of testing result is not obtained according to being determined the testing result of the publicly-owned Cloud Server
The level of security of breath;
When it is described it is light act on behalf of killing engine and get whole testing results of whole measurement information to be checked when, the whole is treated
Detection information and corresponding whole testing results are sent to caching server and/or killing server, so that the buffer service
Device and/or killing server carry out the safety detection of the measurement information to be checked in the LAN;Also, close the light agency visitor
Gently killing engine is acted on behalf of in the end of family;
Wherein, the light agent client is located in virtual machine.
2. according to the method described in claim 1, wherein, the light agent client is obtained where the light agent client
Whole measurement information to be checked in LAN, including:
The light agent client is obtained all from least one virtual machine of at least one physical machine in the LAN
Measurement information to be checked;
Wherein, the LAN includes at least one physical machine, and every physical machine includes at least one virtual machine.
3. method according to claim 1 or 2, wherein, the information to be detected includes fileinfo, website information, visit
Ask at least one of routing information, registration table reading writing information.
4. according to the method described in claim 1, wherein, the light killing engine of acting on behalf of in the light agent client is to described complete
Portion's measurement information to be checked carry out safety detection the step of, including:
The light agent client obtains the All Eigenvalues of the whole measurement information to be checked;
The light killing engine of acting on behalf of scans the All Eigenvalues to whole measurement information to be checked progress safety detection.
5. according to the method described in claim 1, wherein, the light agent client will not obtain the letter to be detected of testing result
Breath sends to the publicly-owned Cloud Server outside the LAN and carries out safety detection, including:
The light agent client according to default scanning sequency, by the measurement information to be checked for not obtaining testing result send to
Publicly-owned Cloud Server outside the LAN carries out safety detection.
6. according to the method described in claim 1, wherein, methods described also includes:
The testing result of the publicly-owned Cloud Server is returned to the caching server and/or killing by the light agent client
Server.
7. according to the method described in claim 1, wherein, the caching server and/or killing server carry out the local
The safety detection of measurement information to be checked in net, including:
The caching server judges whether to be cached with the measurement information to be checked level of security corresponding with the measurement information to be checked
Corresponding relation;
If being not present, it is described to be checked that the measurement information to be checked is sent to the killing server progress by the caching server
The safety detection of measurement information;The level of security of the measurement information to be checked is determined according to the testing result of the killing server;
If in the presence of determining the level of security of the measurement information to be checked according to the corresponding relation;
And/or,
The killing server obtains the characteristic value of the measurement information to be checked;
The killing server scans the characteristic value to the measurement information to be checked by the killing engine of the killing server
Carry out safety detection.
8. according to the method described in claim 1, wherein, the light killing engine of acting on behalf of judges whether acquisition in the following manner
To whole testing results of whole measurement information to be checked:
The light killing engine of acting on behalf of judges the measurement information to be checked hair by the LAN whether is needed in setting time section
The publicly-owned Cloud Server delivered to outside the LAN carries out safety detection;
If it is not, then described gently act on behalf of whole detections that killing engine determines to get the whole measurement information to be checked in the LAN
As a result.
9. according to the method described in claim 1, wherein, the light agent client, the caching server and the killing
Server is arranged in a virtual machine in many virtual machines.
10. one kind virtualization safety detecting system, including:Light agent client, caching server and/or killing server;Its
In, the light agent client includes:
Acquisition of information and detection module to be detected, it is to be checked for obtaining the whole in the LAN where the light agent client
Measurement information, by the light killing engine of acting on behalf of in the light agent client to the safe inspection of whole measurement information to be checked progress
Survey;The light agent client is internally provided with and gently acts on behalf of killing engine, and the light killing engine of acting on behalf of is for particular type, spy
The information for determining environment or specific resources carries out quickly safety detection;
Measurement information to be checked is sent and detection module, if being carried out for the light killing engine of acting on behalf of to whole measurement information to be checked
Safety detection does not obtain whole testing results, then sends the measurement information to be checked for not obtaining testing result to the LAN
Publicly-owned Cloud Server carry out safety detection;Do not obtain detection knot according to being determined the testing result of the publicly-owned Cloud Server
The level of security of the measurement information to be checked of fruit;
Testing result sending module, for gently acting on behalf of whole inspections that killing engine gets whole measurement information to be checked when described
When surveying result, whole measurement information to be checked and corresponding whole testing results are sent to caching server and/or killing clothes
Business device, so that the caching server and/or killing server carry out the safety detection of the measurement information to be checked in the LAN;
Killing engine closedown module gently is acted on behalf of, for gently acting on behalf of the whole that killing engine gets whole measurement information to be checked when described
During testing result, close in the light agent client and gently act on behalf of killing engine;
Wherein, the light agent client is located in virtual machine.
11. system according to claim 10, wherein, the acquisition of information and detection module to be detected are from the LAN
In at least one physical machine at least one virtual machine in obtain all measurement informations to be checked;
Wherein, the LAN includes at least one physical machine, and every physical machine includes at least one virtual machine.
12. the system according to claim 10 or 11, wherein, the information to be detected include fileinfo, website information,
At least one of access path information, registration table reading writing information.
13. system according to claim 10, wherein, the light agent client, in addition to:
The First Eigenvalue acquisition module, the All Eigenvalues for obtaining whole measurement information to be checked;
Second safety detection module, for being treated by the light killing engine scanning All Eigenvalues of acting on behalf of to the whole
Detection information carries out safety detection.
14. system according to claim 10, wherein, the measurement information to be checked is sent and detection module is swept according to default
Order is retouched, the publicly-owned Cloud Server that the measurement information to be checked that testing result is not obtained is sent to the LAN is carried out
Safety detection.
15. system according to claim 10, wherein, the light agent client, in addition to:
Testing result return module, for by the testing result of the publicly-owned Cloud Server return to the caching server and/
Or killing server.
16. system according to claim 10, wherein, the caching server, including
Relation judge module, for judging whether to be cached with the measurement information to be checked safe level corresponding with the measurement information to be checked
Other corresponding relation;
Information sending module to be detected, if in the caching server be not present the measurement information to be checked with it is described to be detected
The measurement information to be checked, then be sent to described in the killing server progress and treat by the corresponding relation of the corresponding level of security of information
The safety detection of detection information;
Level of security determining module, if for there is the measurement information to be checked and the measurement information to be checked in the caching server
The corresponding relation of corresponding level of security, then determine the level of security of the measurement information to be checked, or root according to the corresponding relation
The level of security of the measurement information to be checked is determined according to the testing result of the killing server;
And/or,
The killing server, including:
Second Eigenvalue acquisition module, the characteristic value for obtaining the measurement information to be checked;
Second safety detection module, the characteristic value is scanned to described to be checked for the killing engine by the killing server
Measurement information carries out safety detection.
17. system according to claim 10, wherein, the light agent client, in addition to:
Measurement information to be checked sends judge module, for judging whether needed in setting time section by the light killing engine of acting on behalf of
The publicly-owned Cloud Server that measurement information to be checked in the LAN is sent to the LAN carries out safety detection;
Whole testing result determining modules, if need not be sent out the measurement information to be checked in the LAN with setting time section
The publicly-owned Cloud Server delivered to outside the LAN carries out safety detection, then determines acquisition by the light killing engine of acting on behalf of
To whole testing results of the whole measurement information to be checked in the LAN.
18. system according to claim 10, wherein, the light agent client, the caching server and described look into
Kill in the virtual machine that server is arranged in many virtual machines.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7A CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7A CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104504339A CN104504339A (en) | 2015-04-08 |
| CN104504339B true CN104504339B (en) | 2017-11-07 |
Family
ID=52945735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410818266.7A Active CN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104504339B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487775B (en) * | 2015-09-01 | 2020-01-21 | 阿里巴巴集团控股有限公司 | Service data processing method and device based on cloud platform |
| CN105893849B (en) * | 2016-03-30 | 2019-06-21 | 北京北信源软件股份有限公司 | Method for distributing patch under a kind of virtual platform |
| CN106383735A (en) * | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| CN114615035B (en) * | 2022-02-28 | 2023-12-08 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104680A1 (en) * | 2006-10-02 | 2008-05-01 | Gibson Gregg K | Local Blade Server Security |
| CN107608755A (en) * | 2010-07-01 | 2018-01-19 | 纽戴纳公司 | Split process between cluster by process type to optimize the use of cluster particular configuration |
-
2014
- 2014-12-24 CN CN201410818266.7A patent/CN104504339B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104504339A (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9223977B2 (en) | Detection of DOM-based cross-site scripting vulnerabilities | |
| US10339485B2 (en) | Efficiently generating test cases | |
| CN106022123B (en) | Multifile malware analysis apparatus and method for | |
| CN104504339B (en) | Virtualize safety detection method and system | |
| CN103577756B (en) | The method for detecting virus judged based on script type and device | |
| CN107918733A (en) | The system and method for detecting the malicious element of webpage | |
| Fry et al. | A dataset and an approach for identity resolution of 38 million author ids extracted from 2b git commits | |
| CN103678692B (en) | A kind of security sweep method and device for downloading file | |
| US20160357965A1 (en) | Automatic clustering of malware variants based on structured control flow | |
| CN104504331B (en) | Virtualize safety detection method and system | |
| US10637881B2 (en) | Javascript security testing | |
| KR101625338B1 (en) | System and method for detecting malicious landing sites | |
| Fahrig | Just a hypothesis: a reply to Hanski | |
| US9323649B2 (en) | Detecting error states when interacting with web applications | |
| US20160034690A1 (en) | Unused Parameters of Application Under Test | |
| CN104504330B (en) | Virtualize safety detection method and system | |
| CN107688743A (en) | The determination method and system of a kind of rogue program | |
| CN103853654B (en) | The system of selection of webpage test path and device | |
| CN109347882A (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
| US20150333985A1 (en) | Identifying an analysis reporting message in network traffic | |
| CN104008038B (en) | The evaluating method and device of software | |
| CN113158197A (en) | SQL injection vulnerability detection method and system based on active IAST | |
| CN104579819B (en) | network security detection method and device | |
| CN104333558B (en) | A kind of network address detection method and network address detection means | |
| KR102292844B1 (en) | Apparatus and method for detecting malicious code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161207 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |