CN105117645B - 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 - Google Patents
基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 Download PDFInfo
- Publication number
- CN105117645B CN105117645B CN201510455976.2A CN201510455976A CN105117645B CN 105117645 B CN105117645 B CN 105117645B CN 201510455976 A CN201510455976 A CN 201510455976A CN 105117645 B CN105117645 B CN 105117645B
- Authority
- CN
- China
- Prior art keywords
- file
- suspicious
- virtual machine
- files
- sandbox virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 128
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 71
- 238000012544 monitoring process Methods 0.000 claims abstract description 58
- 238000001514 detection method Methods 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims description 99
- 238000004088 simulation Methods 0.000 claims description 13
- 238000002955 isolation Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims 3
- 230000002452 interceptive effect Effects 0.000 abstract description 4
- 230000006399 behavior Effects 0.000 description 36
- 238000005516 engineering process Methods 0.000 description 9
- 230000008859 change Effects 0.000 description 4
- 238000005094 computer simulation Methods 0.000 description 4
- 230000003542 behavioural effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510455976.2A CN105117645B (zh) | 2015-07-29 | 2015-07-29 | 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510455976.2A CN105117645B (zh) | 2015-07-29 | 2015-07-29 | 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105117645A CN105117645A (zh) | 2015-12-02 |
CN105117645B true CN105117645B (zh) | 2018-03-06 |
Family
ID=54665630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510455976.2A Active CN105117645B (zh) | 2015-07-29 | 2015-07-29 | 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105117645B (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023196076A1 (en) * | 2022-04-08 | 2023-10-12 | Vmware, Inc. | Containerized execution of unknown files in a distributed malware detection system |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104215003B (zh) * | 2013-06-05 | 2018-07-06 | 浙江盾安机电科技有限公司 | 储液器和空调设备 |
CN106682500A (zh) * | 2016-11-28 | 2017-05-17 | 北京奇虎科技有限公司 | 一种目标样本文件的检测方法和装置 |
CN106650424A (zh) * | 2016-11-28 | 2017-05-10 | 北京奇虎科技有限公司 | 一种目标样本文件的检测方法和装置 |
CN106650423A (zh) * | 2016-11-28 | 2017-05-10 | 北京奇虎科技有限公司 | 一种目标样本文件的检测方法和装置 |
CN109472133B (zh) * | 2017-12-01 | 2021-09-28 | 北京安天网络安全技术有限公司 | 一种沙箱监控方法和装置 |
CN108255542B (zh) * | 2018-01-05 | 2021-08-10 | 北京北信源信息安全技术有限公司 | 一种虚拟机的串口并口管控方法与装置 |
CN108762826B (zh) * | 2018-04-23 | 2021-09-28 | 厦门市美亚柏科信息股份有限公司 | 进程隐藏方法及计算机可读存储介质 |
CN108985086B (zh) * | 2018-07-18 | 2022-04-19 | 中软信息系统工程有限公司 | 应用程序权限控制方法、装置及电子设备 |
CN109800577B (zh) * | 2018-12-29 | 2020-10-16 | 360企业安全技术(珠海)有限公司 | 一种识别逃逸安全监控行为的方法及装置 |
CN110210213B (zh) * | 2019-04-26 | 2021-04-27 | 奇安信科技集团股份有限公司 | 过滤恶意样本的方法及装置、存储介质、电子装置 |
CN110414233A (zh) * | 2019-06-28 | 2019-11-05 | 奇安信科技集团股份有限公司 | 恶意代码检测方法及装置 |
CN111460439B (zh) * | 2020-03-27 | 2023-03-21 | 中南大学 | 基于多环境的逃避行为检测方法 |
CN111783094A (zh) * | 2020-07-21 | 2020-10-16 | 腾讯科技(深圳)有限公司 | 一种数据分析方法、装置、服务器及可读存储介质 |
CN112084491A (zh) * | 2020-08-26 | 2020-12-15 | 天津七一二通信广播股份有限公司 | 一种基于沙箱机制的集群虚拟用户系统实现方法 |
CN112434285B (zh) * | 2020-12-03 | 2023-12-29 | 深信服科技股份有限公司 | 文件管理方法、装置、电子设备及存储介质 |
CN112506451B (zh) * | 2020-12-08 | 2023-04-07 | 西安雷风电子科技有限公司 | 一种打印机信息管理工具包及管理方法 |
CN112906062A (zh) * | 2021-02-20 | 2021-06-04 | 方圆标志认证集团浙江有限公司 | 一种基于信息安全管理体系认证的便携式信息设备 |
CN113900716B (zh) * | 2021-09-29 | 2023-05-30 | 武汉噢易云计算股份有限公司 | 桌面启动的管理方法及装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090241194A1 (en) * | 2008-03-21 | 2009-09-24 | Andrew James Thomas | Virtual machine configuration sharing between host and virtual machines and between virtual machines |
CN101436966B (zh) * | 2008-12-23 | 2011-06-01 | 北京航空航天大学 | 虚拟机环境下的网络监控与分析系统 |
CN104200161B (zh) * | 2014-08-05 | 2017-01-25 | 杭州安恒信息技术有限公司 | 一种实现沙箱智能检测文件的方法及其沙箱智能检测系统 |
CN104766007B (zh) * | 2015-03-27 | 2017-07-21 | 杭州安恒信息技术有限公司 | 一种基于文件系统过滤驱动实现沙箱快速恢复的方法 |
-
2015
- 2015-07-29 CN CN201510455976.2A patent/CN105117645B/zh active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023196076A1 (en) * | 2022-04-08 | 2023-10-12 | Vmware, Inc. | Containerized execution of unknown files in a distributed malware detection system |
Also Published As
Publication number | Publication date |
---|---|
CN105117645A (zh) | 2015-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105117645B (zh) | 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 | |
US10996947B2 (en) | Diagnosing production applications | |
CN104200161B (zh) | 一种实现沙箱智能检测文件的方法及其沙箱智能检测系统 | |
Ma et al. | Protracer: Towards practical provenance tracing by alternating between logging and tainting | |
US7487543B2 (en) | Method and apparatus for the automatic determination of potentially worm-like behavior of a program | |
CN104766007B (zh) | 一种基于文件系统过滤驱动实现沙箱快速恢复的方法 | |
Robbins et al. | UNIX systems programming: communication, concurrency, and threads | |
CN113260993B (zh) | 虚拟平台系统的安全部署和操作 | |
CN102521543B (zh) | 一种基于动态污点分析进行消息语义解析的方法 | |
CN107679399A (zh) | 一种基于容器的恶意代码检测沙盒系统及检测方法 | |
JP2021022400A (ja) | 分析システム、方法、及び、プログラム | |
CN1573713A (zh) | 可插元件上的断点调试 | |
US20240289208A1 (en) | Data processing method and apparatus, device, storage medium, and program product | |
CN114547594A (zh) | 一种智能物联终端容器的渗透攻击检测方法 | |
JP2016529592A (ja) | 仮想システムの受動的監視のための方法、システム、コンピュータ・プログラム、およびアプリケーション展開方法 | |
CN105247533A (zh) | 信息处理装置和确定方法 | |
CN102779030A (zh) | 一种注册表操作的执行方法及装置 | |
CN106126419A (zh) | 一种应用程序的调试方法及装置 | |
CN107395456A (zh) | 分布式文件系统流直存测试方法及平台 | |
CN108228319A (zh) | 一种基于多桥的语义重构方法 | |
CN116414722B (zh) | 模糊测试处理方法、装置、模糊测试系统及存储介质 | |
CN110414220B (zh) | 沙箱内程序动态执行过程中的操作文件提取方法及装置 | |
CN111143839A (zh) | 一种基于虚拟化行为分析技术的恶意代码检测方法及装置 | |
US9652260B2 (en) | Scriptable hierarchical emulation engine | |
CN108733566A (zh) | 一种基于python的虚拟化系统自动化测试系统及方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310051 and 15 layer Patentee after: Dbappsecurity Co.,Ltd. Address before: Hangzhou City, Zhejiang province 310051 Binjiang District and Zhejiang road in the 15 storey building Patentee before: Dbappsecurity Co.,ltd. |
|
CP03 | Change of name, title or address | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20151202 Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd. Assignor: Dbappsecurity Co.,Ltd. Contract record no.: X2024980043370 Denomination of invention: Method for implementing multi sample operation of sandbox virtual machine based on file system filtering driver Granted publication date: 20180306 License type: Common License Record date: 20241231 |
|
EE01 | Entry into force of recordation of patent licensing contract |