CN105204973A - Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform - Google Patents
Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform Download PDFInfo
- Publication number
- CN105204973A CN105204973A CN201510619509.9A CN201510619509A CN105204973A CN 105204973 A CN105204973 A CN 105204973A CN 201510619509 A CN201510619509 A CN 201510619509A CN 105204973 A CN105204973 A CN 105204973A
- Authority
- CN
- China
- Prior art keywords
- abnormal behaviour
- module
- file
- analysis
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an abnormal behavior monitoring and analysis system and method based on the virtual machine technology under a cloud platform and belongs to the field of file monitoring and analysis. The system comprises a file image module, an abnormal behavior monitoring module, a logging module, an abnormal behavior analysis module, a warning feedback module and a system recovery module. Targeted to cloud computing virtualization features, the system and method are mainly used for solving the problem of independence of monitoring and analysis of abnormal behaviors under the multi-user environment, the reliability of monitoring and analysis is improved, meanwhile normal operation of service of a server terminal is guaranteed, and the situations of data losses of users and invasion of privacy are prevented.
Description
Technical field
Based on the abnormal behaviour monitoring analysis system of virtual machine technique and method under the open cloud platform of the present invention, belong to file monitoring analysis field.
Background technology
Cloud computing is distributed treatment (DistributedComputing), the continuity of parallel processing (ParallelComputillg) and grid computing (GridComputillg) and development, or perhaps the business of these computer science concepts realizes.It is not exclusively calculate, and is not also store purely, but collection calculates and is stored in all over the body, by various to server, network, application program and database resource by internet for user provides a kind of theory of integrated service.Along with the fast development of cloud computing technology and application thereof, cloud platform continues to bring out, and its medium cloud platform allows developers or the program finished writing is placed on " cloud " inner operations, or use " cloud " inner service provided, or the two is all.Along with the continuous expansion of cloud platform application, the problem be faced with also gets more and more, and wherein on high in the clouds, user data gets more and more, and we are stored in high in the clouds by a large amount of user data.The subscriber data of our Email, document and social networks is not always the case, and thousands of emerging small enterprise is all in dependence cloud service, to enhance productivity, to reduce costs.Need to ensure its security for these mass datas, but turn to high in the clouds along with increasing data, each company and user thereof more easily meet with assault, cause the problem of loss of data and invasion of privacy.The invention provides under cloud platform based on the abnormal behaviour monitoring analysis system of virtual machine technique and method, for cloud computing virtualization feature, be mainly used to the independence solving abnormal behaviour monitoring analysis under multi-user environment, improve the reliability of monitoring analysis, ensure the normal operation of server service simultaneously, prevent the situation of user data loss and invasion of privacy from occurring.
Summary of the invention
The present invention is directed to problems of the prior art, there is provided under cloud platform based on the abnormal behaviour monitoring analysis system of virtual machine technique and method, the independence of abnormal behaviour monitoring analysis under solution multi-user environment, improve the reliability of monitoring analysis, ensure the normal operation of server service simultaneously, prevent the situation of user data loss and invasion of privacy from occurring.
The concrete scheme that the present invention proposes is:
Based on the abnormal behaviour monitoring analysis system of virtual machine technique under cloud platform, comprise file mirrors module, abnormal behaviour monitoring module, logger module, abnormal behaviour analysis module, early warning feedback module, System recover module;
File mirrors module in charge, for the abnormal behaviour performed, provides file mirrors, the vital document in protection system;
Abnormal behaviour monitoring module is responsible for performing sequence to the real-time monitoring of abnormal behaviour implementation and abnormal behaviour and is obtained;
Logger module is responsible for the process that recording exceptional behavior performs, as the foundation of follow-up behaviortrace;
The information that abnormal behaviour analysis module obtains according to abnormal behaviour monitoring module, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour;
Early warning feedback module is according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system;
System recover module in charge, according to journal file, by oppositely performing user behavior, recovers the operation of abnormal behaviour.Wherein perform sequence and refer to that abnormal behaviour implementation exists the execution sequence of the various system calls of hidden danger to security of system.
In system, abnormal behaviour in the process of implementation, only there is read right to the file in system, file mirrors module is the image file that the abnormal behaviour performed creates respective file by system, abnormal behaviour has write permission on the image file of correspondence, be finished when abnormal behaviour and be credible by system validation time, image file covers source file.
Described abnormal behaviour monitoring module utilizes process monitoring and the system call of System-call Monitoring to one or more process to monitor.
Registry Modifications, file system destruction, region of memory attack, system virtualization environment measuring, process hiding are comprised to the analysis of abnormal behaviour.
Described Registry Modifications in the analysis of abnormal behaviour is referred to that file association amendment and IE configure relevant registration table key assignments and to revise and self-starting item is revised.
The illegal modifications of copy and journal file is repeated under the described analysis file system destruction to abnormal behaviour refers to the illegal read-write of system file, multiple catalogue.
The operation of System recover module to abnormal behaviour recovers, cover with the source file of system the image file that is modified or lose image file and complete recovery to file system, from external storage medium, re invocation corresponding document performs rewrite operation to region of memory simultaneously.
Based on the abnormal behaviour method for monitoring and analyzing of virtual machine technique under cloud platform, the system described in utilization, to abnormal behaviour monitoring analysis, uses file mirrors module to the abnormal behaviour performed, provides file mirrors, the vital document in protection system;
Call abnormal behaviour monitoring module to obtain the real-time monitoring of abnormal behaviour implementation and abnormal behaviour execution sequence;
The process that logger module recording exceptional behavior simultaneously performs, as the foundation of follow-up behaviortrace;
Abnormal behaviour analysis module is utilized to call the information of abnormal behaviour monitoring module acquisition, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour;
Use early warning feedback module according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system;
Using System recover module according to journal file, by oppositely performing user behavior, the operation of abnormal behaviour being recovered.
In system, abnormal behaviour in the process of implementation, only there is read right to the file in system, file mirrors module is the image file that the abnormal behaviour performed creates respective file by system, abnormal behaviour has write permission on the image file of correspondence, be finished when abnormal behaviour and be credible by system validation time, image file covers source file.
Revert to cover with the source file of system the image file that is modified or lose image file to the operation of abnormal behaviour and complete recovery to file system, from external storage medium, re invocation corresponding document performs rewrite operation to region of memory simultaneously.
Usefulness of the present invention is: present system comprises file mirrors module, abnormal behaviour monitoring module, logger module, abnormal behaviour analysis module, early warning feedback module, System recover module; File mirrors module in charge, for the abnormal behaviour performed, provides file mirrors, the vital document in protection system; Abnormal behaviour monitoring module is responsible for performing sequence to the real-time monitoring of abnormal behaviour implementation and abnormal behaviour and is obtained; Logger module is responsible for the process that recording exceptional behavior performs, as the foundation of follow-up behaviortrace; The information that abnormal behaviour analysis module obtains according to abnormal behaviour monitoring module, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour; Early warning feedback module is according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system; System recover module in charge is according to journal file, by oppositely performing user behavior, the operation of abnormal behaviour is recovered, utilize present system, for cloud computing virtualization feature, independence analysis is carried out to abnormal behaviour monitoring under multi-user environment, improves the reliability of monitoring analysis, ensure the normal operation of server service simultaneously, prevent the situation of user data loss and invasion of privacy from occurring.
Accompanying drawing explanation
Fig. 1 configuration diagram of the present invention.
Embodiment
Based on the abnormal behaviour monitoring analysis system of virtual machine technique under cloud platform, comprise file mirrors module, abnormal behaviour monitoring module, logger module, abnormal behaviour analysis module, early warning feedback module, System recover module;
File mirrors module in charge, for the abnormal behaviour performed, provides file mirrors, the vital document in protection system;
Abnormal behaviour monitoring module is responsible for performing sequence to the real-time monitoring of abnormal behaviour implementation and abnormal behaviour and is obtained;
Logger module is responsible for the process that recording exceptional behavior performs, as the foundation of follow-up behaviortrace;
The information that abnormal behaviour analysis module obtains according to abnormal behaviour monitoring module, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour;
Early warning feedback module is according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system;
System recover module in charge, according to journal file, by oppositely performing user behavior, recovers the operation of abnormal behaviour.Wherein perform sequence and refer to that abnormal behaviour implementation exists the execution sequence of the various system calls of hidden danger to security of system.
Utilize said system, by reference to the accompanying drawings the inventive method is described further.
As shown in drawings, virtual machine is directly installed on hardware resource layer, is in the bottom of operating system.Meanwhile, in order to realize monitoring to abnormal behaviour implementation and analysis, in virtual machine, above-mentioned abnormal behaviour monitoring analysis system is loaded with.Abnormal behaviour monitoring analysis system comprises file mirrors module, abnormal behaviour monitoring module, logger module, abnormal behaviour analysis module, early warning feedback module, System recover module.Under this framework, abnormal behaviour monitoring analysis process is as follows:
(1) abnormal behaviour monitoring analysis system is once receive the abnormal behaviour of cloud server system transmission, by predetermined online migration strategy, abnormal behaviour is moved to abnormal behaviour monitoring analysis end, starts abnormal behaviour analysis module simultaneously, monitoring analysis is carried out to the operational process of abnormal behaviour.If abnormal behaviour, in implementation, there is the behavior of file in amendment system, then call the image file that Virtual File System generates respective file; In system, abnormal behaviour in the process of implementation, only there is read right to the file in system, file mirrors module is the image file that the abnormal behaviour performed creates respective file by system, abnormal behaviour has write permission on the image file of correspondence, be finished when abnormal behaviour and be credible by system validation time, image file covers source file.
(2) the abnormal behaviour monitoring module in abnormal behaviour monitoring system, the implementation of monitoring abnormal behaviour, and the execution sequence obtained is submitted to abnormal behaviour analytic system and log system simultaneously; Abnormal behaviour monitoring module can utilize process monitoring and the system call of System-call Monitoring to one or more process to monitor;
Wherein Registry Modifications, file system destruction, region of memory attack, system virtualization environment measuring, process hiding are comprised to the analysis of abnormal behaviour;
Registry Modifications refers to file association amendment, to configure relevant registration table key assignments to IE revises and self-starting item is revised;
File system repeats the illegal modifications of copy and journal file under destroying and referring to the illegal read-write of system file, multiple catalogue.
(3) logger module the execution sequence of abnormal behaviour stored in journal file, and to journal file realize remote synchronization backup;
(4) abnormal behaviour analysis module performs sequence according to predetermined behavioural analysis detection method to the abnormal behaviour that receives, analytical behavior sequence malicious, and the malicious information obtained is sent to early warning feedback module;
(5) early warning feedback module is passed judgment on malicious information according to predetermined judgment rule, and finally determines the malicious of abnormal behaviour, if think credible behavior, then returns execution result to cloud server system, and points out behavior credible; Otherwise, return the malicious operation sequence in early warning information and abnormal behaviour execution sequence to cloud server system simultaneously, and simultaneously to the relevant information that System recover system transmitting system is recovered.
(6) according to the information that analysis result and the early warning feedback module of abnormal behaviour analysis module send, System recover module is recovered system according to journal file.Cover with the source file of system the image file that is modified or lose image file and complete recovery to file system, simultaneously, abnormal behaviour can be modified to the information of internal storage location, and from external storage medium, re invocation corresponding document performs rewrite operation to region of memory.
Claims (10)
1. under cloud platform based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that comprising file mirrors module, abnormal behaviour monitoring module, logger module, abnormal behaviour analysis module, early warning feedback module, System recover module;
File mirrors module in charge, for the abnormal behaviour performed, provides file mirrors, the vital document in protection system;
Abnormal behaviour monitoring module is responsible for performing sequence to the real-time monitoring of abnormal behaviour implementation and abnormal behaviour and is obtained;
Logger module is responsible for the process that recording exceptional behavior performs, as the foundation of follow-up behaviortrace;
The information that abnormal behaviour analysis module obtains according to abnormal behaviour monitoring module, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour;
Early warning feedback module is according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system;
System recover module in charge, according to journal file, by oppositely performing user behavior, recovers the operation of abnormal behaviour.
2. under cloud platform according to claim 1 based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that in system, abnormal behaviour in the process of implementation, only there is read right to the file in system, file mirrors module is the image file that the abnormal behaviour performed creates respective file by system, abnormal behaviour has write permission on the image file of correspondence, be finished when abnormal behaviour and be credible by system validation time, image file covers source file.
3. under cloud platform according to claim 1 and 2 based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that described abnormal behaviour monitoring module utilizes process monitoring and the system call of System-call Monitoring to one or more process to monitor.
4. under cloud platform according to claim 3 based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that comprising Registry Modifications, file system destruction, region of memory attack, system virtualization environment measuring, process hiding to the analysis of abnormal behaviour.
5. under cloud platform according to claim 4 based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that describedly referring to that file association amendment and IE configure relevant registration table key assignments and to revise and self-starting item is revised to Registry Modifications in the analysis of abnormal behaviour.
6. under cloud platform according to claim 4 based on the abnormal behaviour monitoring analysis system of virtual machine technique, it is characterized in that repeating under the described analysis file system destruction to abnormal behaviour refers to the illegal read-write of system file, multiple catalogue copying and the illegal modifications of journal file.
7. based on the abnormal behaviour monitoring analysis system of virtual machine technique under the cloud platform according to claim 1 or 4, it is characterized in that the operation of System recover module to abnormal behaviour recovers, cover with the source file of system the image file that is modified or lose image file and complete recovery to file system, from external storage medium, re invocation corresponding document performs rewrite operation to region of memory simultaneously.
8. under cloud platform based on the abnormal behaviour method for monitoring and analyzing of virtual machine technique, it is characterized in that utilizing system described in any one of claim 1-7 to abnormal behaviour monitoring analysis, use file mirrors module to the abnormal behaviour performed, provide file mirrors, the vital document in protection system;
Call abnormal behaviour monitoring module to obtain the real-time monitoring of abnormal behaviour implementation and abnormal behaviour execution sequence;
The process that logger module recording exceptional behavior simultaneously performs, as the foundation of follow-up behaviortrace;
Abnormal behaviour analysis module is utilized to call the information of abnormal behaviour monitoring module acquisition, to various in abnormal behaviour implementation, the behavior of calling that system exists potential safety hazard is extracted and analyzed, and according to predetermined behavioural analysis detection method, analyze the fallacious message of abnormal behaviour;
Use early warning feedback module according to the analysis result of abnormal behaviour analysis module, the result of predetermined method to behavioural analysis is utilized to adjudicate, if it is determined that performed behavior is credible behavior, then to the result that cloud service system homing behavior performs, and point out behavior credible, otherwise, then early warning is made to cloud service system;
Using System recover module according to journal file, by oppositely performing user behavior, the operation of abnormal behaviour being recovered.
9. under cloud platform according to claim 8 based on the abnormal behaviour method for monitoring and analyzing of virtual machine technique, it is characterized in that in system, abnormal behaviour in the process of implementation, only there is read right to the file in system, file mirrors module is the image file that the abnormal behaviour performed creates respective file by system, abnormal behaviour has write permission on the image file of correspondence, be finished when abnormal behaviour and be credible by system validation time, image file covers source file.
10. under cloud platform according to claim 8 based on the abnormal behaviour method for monitoring and analyzing of virtual machine technique, it is characterized in that reverting to cover with the source file of system the image file that is modified or lose image file to the operation of abnormal behaviour completing recovery to file system, from external storage medium, re invocation corresponding document performs rewrite operation to region of memory simultaneously.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510619509.9A CN105204973A (en) | 2015-09-25 | 2015-09-25 | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510619509.9A CN105204973A (en) | 2015-09-25 | 2015-09-25 | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105204973A true CN105204973A (en) | 2015-12-30 |
Family
ID=54952667
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510619509.9A Pending CN105204973A (en) | 2015-09-25 | 2015-09-25 | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105204973A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105677572A (en) * | 2016-02-04 | 2016-06-15 | 华中科技大学 | Self-organized mapping model based cloud software performance exception error diagnosis method and system |
CN108228308A (en) * | 2016-12-21 | 2018-06-29 | 中国电信股份有限公司 | The monitoring method and device of virtual machine |
CN108875367A (en) * | 2018-06-13 | 2018-11-23 | 苏州若依玫信息技术有限公司 | A kind of cloud computing intelligent security system based on timing |
CN110659147A (en) * | 2019-08-16 | 2020-01-07 | 苏州浪潮智能科技有限公司 | Self-repairing method and system based on module self-checking behavior |
CN110913019A (en) * | 2019-12-20 | 2020-03-24 | 中国人民解放军战略支援部队信息工程大学 | Security protection method and device for cloud service |
CN111508617A (en) * | 2020-07-01 | 2020-08-07 | 智博云信息科技(广州)有限公司 | Epidemic situation data maintenance method and device, computer equipment and readable storage medium |
CN112560026A (en) * | 2020-12-15 | 2021-03-26 | 国网四川省电力公司信息通信公司 | Method for realizing intelligent tracking analysis self-healing of information system alarm |
CN114257495A (en) * | 2021-11-16 | 2022-03-29 | 国家电网有限公司客户服务中心 | Automatic processing system for abnormity of cloud platform computing node |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101038048B1 (en) * | 2009-12-21 | 2011-06-01 | 한국인터넷진흥원 | Botnet malicious behavior real-time analyzing system |
CN103077352A (en) * | 2012-12-24 | 2013-05-01 | 重庆远衡科技发展有限公司 | Active defense method of program behavior analysis on basis of cloud platform |
CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
-
2015
- 2015-09-25 CN CN201510619509.9A patent/CN105204973A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101038048B1 (en) * | 2009-12-21 | 2011-06-01 | 한국인터넷진흥원 | Botnet malicious behavior real-time analyzing system |
CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
CN103077352A (en) * | 2012-12-24 | 2013-05-01 | 重庆远衡科技发展有限公司 | Active defense method of program behavior analysis on basis of cloud platform |
Non-Patent Citations (1)
Title |
---|
许陆丹: "云平台下基于虚拟机技术的隔离运行模型研究", 《企业技术开发》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105677572A (en) * | 2016-02-04 | 2016-06-15 | 华中科技大学 | Self-organized mapping model based cloud software performance exception error diagnosis method and system |
CN105677572B (en) * | 2016-02-04 | 2018-09-04 | 华中科技大学 | Based on self organizing maps model cloud software performance exception error diagnostic method and system |
CN108228308A (en) * | 2016-12-21 | 2018-06-29 | 中国电信股份有限公司 | The monitoring method and device of virtual machine |
CN108875367A (en) * | 2018-06-13 | 2018-11-23 | 苏州若依玫信息技术有限公司 | A kind of cloud computing intelligent security system based on timing |
CN110659147A (en) * | 2019-08-16 | 2020-01-07 | 苏州浪潮智能科技有限公司 | Self-repairing method and system based on module self-checking behavior |
CN110913019A (en) * | 2019-12-20 | 2020-03-24 | 中国人民解放军战略支援部队信息工程大学 | Security protection method and device for cloud service |
CN111508617A (en) * | 2020-07-01 | 2020-08-07 | 智博云信息科技(广州)有限公司 | Epidemic situation data maintenance method and device, computer equipment and readable storage medium |
CN111508617B (en) * | 2020-07-01 | 2020-09-25 | 智博云信息科技(广州)有限公司 | Epidemic situation data maintenance method and device, computer equipment and readable storage medium |
CN112560026A (en) * | 2020-12-15 | 2021-03-26 | 国网四川省电力公司信息通信公司 | Method for realizing intelligent tracking analysis self-healing of information system alarm |
CN114257495A (en) * | 2021-11-16 | 2022-03-29 | 国家电网有限公司客户服务中心 | Automatic processing system for abnormity of cloud platform computing node |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105204973A (en) | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform | |
Khan et al. | Cloud log forensics: Foundations, state of the art, and future directions | |
Ab Rahman et al. | Forensic-by-design framework for cyber-physical cloud systems | |
Hemdan et al. | An efficient digital forensic model for cybercrimes investigation in cloud computing | |
US9652597B2 (en) | Systems and methods for detecting information leakage by an organizational insider | |
CN105874464B (en) | System and method for introducing variation in subsystem output signal to prevent device-fingerprint from analyzing | |
JP2019500679A (en) | System and method for anonymizing log entries | |
Duc et al. | Security challenges in IoT development: a software engineering perspective | |
US11750652B2 (en) | Generating false data for suspicious users | |
JP2016528841A (en) | System and method for identifying compromised private keys | |
CN104065651A (en) | Information flow dependability guarantee mechanism for cloud computation | |
AU2018391625B2 (en) | Re-encrypting data on a hash chain | |
US9800590B1 (en) | Systems and methods for threat detection using a software program update profile | |
CN105474225A (en) | Automating monitoring of computing resource in cloud-based data center | |
Zhu et al. | General, efficient, and real-time data compaction strategy for APT forensic analysis | |
Jeong et al. | A kernel-based monitoring approach for analyzing malicious behavior on android | |
CN105184152A (en) | Mobile terminal data processing method | |
CN105224358A (en) | Under a kind of cloud computing software automatically pack dispose system and method | |
CN104881483A (en) | Automatic detecting and evidence-taking method for Hadoop platform data leakage attack | |
Alam et al. | In-cloud malware analysis and detection: State of the art | |
CN105354485A (en) | Data processing method for portable device | |
Stirparo et al. | In-memory credentials robbery on android phones | |
CN108139868A (en) | For the system and method for image segment frequently used from cache supply | |
Alabi et al. | Toward a data spillage prevention process in Hadoop using data provenance | |
Odebade et al. | Mitigating anti-forensics in the cloud via resource-based privacy preserving activity attribution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151230 |
|
WD01 | Invention patent application deemed withdrawn after publication |