CN105320884A - Security protection method and system for virtual machine - Google Patents
Security protection method and system for virtual machine Download PDFInfo
- Publication number
- CN105320884A CN105320884A CN201510732581.2A CN201510732581A CN105320884A CN 105320884 A CN105320884 A CN 105320884A CN 201510732581 A CN201510732581 A CN 201510732581A CN 105320884 A CN105320884 A CN 105320884A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- data
- main frame
- event
- file read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present invention provide a security protection method and system for a virtual machine and relates to the field of computer security protection. The method comprises: the virtual machine intercepts a file reading and writing event or a network event and places data to which the file reading and writing event or the network event points into a memory space; a host reads the data to which the file reading and writing event points from the memory space; and the host detects the read data to which the file reading and writing event points and a detection result is obtained. According to the method provided by the present invention, security protection of the virtual machine mainly occurs to the host, so that resource consumption of the virtual machine for security protection is reduced; and when a plurality of virtual machines are deployed for one host, the host can simultaneously protect the plurality of deployed virtual machines and superimposed resource consumption generated by installation of security software on each virtual machine is reduced.
Description
Technical field
The present invention relates to computer internet technology, particularly relate to the safety protection field of computing machine, be specifically related to a kind of safety protecting method and system of virtual machine.
Background technology
Virtual machine refer to by software simulation have complete hardware system function, the complete computer operated in a completely isolated environment.Virtual machine technique is a kind of Intel Virtualization Technology, and at present, the security protection problem under virtualized environment becomes a new focus.In prior art, the safety protecting method of virtual machine is at virtual machine internal deployment secure software, when a main frame deploy during multiple stage virtual machine, the resource consumption for security protection on same main frame can be superposed, the virtual machine quantity of main frame deploy is significantly reduced, adds the construction cost of Visualized data centre.
Summary of the invention
In view of this, the invention provides a kind of safety protecting method of virtual machine and system with to avoid at every platform deploying virtual machine fail-safe software cause the resource consumption of superposition.
A kind of safety protecting method of virtual machine, be applied to the security protection system of virtual machine, described system comprises main frame and virtual machine, the memory headroom corresponding to described virtual machine is provided with in described main frame, comprise: described virtual machine intercepts and captures file read-write event or network event, the data that described file read-write event or network event are pointed to are inserted described memory headroom; Described main frame reads the data of described file read-write event or network event sensing from described memory headroom; The described file read-write event that described Host Detection reads or the data that network event points to, and obtain testing result.
Preferably, in said method, if contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame is deleted described in described memory headroom by the data of virus infections; Described virtual machine reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine the data that corresponding former described file read-write event is pointed to.Main frame is deleted by after the data of virus infections, and virtual machine can obtain the secure data after deletion from memory headroom, directly covers former data corresponding in virtual machine just passable, reduces the resource consumption of virtual machine.
Preferably, in said method, if described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine deletes the data that former described file read-write event corresponding in virtual machine is pointed to.
Preferably, in said method, if described testing result is the data that described network event points to is network attack data, described main frame or described virtual machine interrupt described network event.
Preferably, in said method, described memory headroom is the shared drive of described main frame and described virtual machine.
Preferably, in said method, described system comprises multiple described virtual machine, and each described virtual machine and described main frame use different described shared drives jointly.Each virtual machine and main frame use different shared drives, make data isolation between virtual machine, can not produce data interaction, thus can prevent the attack between virtual machine.
Preferably, in said method, described memory headroom is host memory, and described virtual machine accesses described host memory by procotol.
A kind of security protection system of virtual machine, comprise main frame and virtual machine, the memory headroom corresponding to described virtual machine is provided with in described main frame, comprise: the data that described file read-write event or network event are pointed to, for intercepting and capturing file read-write event or network event, are inserted described memory headroom by described virtual machine; Described main frame is used for the data reading described file read-write event or network event sensing from described memory headroom; Described main frame also for detecting the data of described file read-write event or the network event sensing read, and obtains testing result.
Preferably, in said system, if contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame is deleted described in described memory headroom by the data of virus infections, described virtual machine reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine the data that corresponding former described file read-write event is pointed to; If described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine deletes the data that former described file read-write event corresponding in virtual machine is pointed to; If described testing result is the data that described network event points to is network attack data, described main frame or described virtual machine interrupt described network event.
Preferably, in said system, described memory headroom is the shared drive of described main frame and described virtual machine.
The safety protecting method of the virtual machine that the embodiment of the present invention provides and system, virtual machine intercepts and captures the file read-write event or network event that will occur, the data that described file read-write event or network event are pointed to are inserted the memory headroom in main frame, main frame reads this file read-write event or network event and detects it in memory headroom, according to the difference of testing result, main frame or virtual machine do different process to file read-write event or network event.Safety detection process and the virus sweep process of the security protection of this method and system mainly occur on main frame, only need at main frame deploy fail-safe software, just can carry out security protection to virtual machine.When a main frame deploy multiple stage virtual machine, this main frame can protect its all virtual machines disposed, and avoids and in every platform virtual machine, carries out security protection and the huge resource overhead that superposes generation.
For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.
Accompanying drawing explanation
Fig. 1 shows a kind of structured flowchart of the main frame that can be applicable in the embodiment of the present invention.
Fig. 2 shows a kind of safety protecting method process flow diagram that can be applicable to the virtual machine that first embodiment of the invention provides.
The structural representation of the security protection system of the virtual machine that Fig. 3 provides for second embodiment of the invention.
The principle of work Organization Chart of the system that Fig. 4 is the present invention the and secure virtual machine protection that embodiment provides.
Embodiment
Main frame in the embodiment of the present invention can comprise pocket computer on knee, desktop computer computing machine, server etc.
Fig. 1 shows a kind of structured flowchart of the main frame 100 that can be applicable in the embodiment of the present invention.As shown in Figure 1, main frame 100 comprises storer 102, memory controller 104, one or more (only illustrating one in figure) processor 106, Peripheral Interface 108, radio-frequency module 110 etc.These assemblies are by one or more communication bus/signal wire 116 communication mutually.
Storer 102 can be used for storing software program and module, and processor 106 by running the software program and module that are stored in storer 102, thus performs the application of various function and data processing.
Various input/output device is coupled to processor 106 and storer 102 by Peripheral Interface 108.In certain embodiments, Peripheral Interface 108, processor 106 and memory controller 104 can realize in one single chip.In some other example, they can respectively by independently chip realization.
Radio-frequency module 110, for receiving and sending electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus carries out communication with communication network or other equipment.
Be appreciated that the structure shown in Fig. 1 is only signal, main frame 100 also can comprise than assembly more or less shown in Fig. 1, or has the configuration different from shown in Fig. 1.Each assembly shown in Fig. 1 can adopt hardware, software or its combination to realize.
In the embodiment of the present invention, main frame can be deployed with one or more virtual machine.The safety protecting method of the virtual machine that the embodiment of the present invention provides, the file read-write event that will be occurred by virtual machine or network event are intercepted and captured and are placed in the memory headroom be arranged in main frame, make main frame can read this corresponding file read-write event from memory headroom or network event detects, again according to the difference of testing result, main frame or virtual machine do corresponding process to file read-write event or network event, the process of safety detection is made to betide main frame, fail-safe software need not be installed in virtual machine, solve, in virtual machine, the problem that fail-safe software produces resource consumption is installed, the problem of the resource consumption of fail-safe software issuable huge superposition is installed when particularly deploying multiple virtual machine in each virtual machine.
For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.
First embodiment
The process flow diagram of the safety protecting method of the virtual machine that Fig. 2 provides for first embodiment of the invention, the safety protecting method of this virtual machine is applied to the security protection system of virtual machine, this system comprises main frame and is deployed in the virtual machine on main frame, is provided with the memory headroom corresponding to virtual machine in this main frame.As shown in Figure 2, the safety protecting method of the virtual machine of the present embodiment comprises the following steps:
Step S100, described virtual machine intercepts and captures file read-write event or network event, and the data that described file read-write event or network event are pointed to are inserted described memory headroom;
In embodiments of the present invention, can installation file drive and network-driven in virtual machine, virtual machine intercepts and captures file read-write event the data pointed to by file driving and inserts and be arranged in the memory headroom of main frame, the data that this network event points to inserted in memory headroom by network-driven intercepting and capturing network event.
In a kind of embodiment of the present invention, memory headroom can be the shared drive that main frame and virtual machine use jointly, this shared drive is arranged on main frame, and main frame and virtual machine can directly conduct interviews to it, virtual machine can directly by data placement in this shared drive.
In addition, in another embodiment of the invention, memory headroom can be host memory, and main frame can directly access this host memory, and virtual machine passes through procotol, as TCP, IP or UDP etc. transfer data to this host memory.
In addition, in the present embodiment, virtual machine can comprise multiple virtual machine, the plurality of deploying virtual machine is at same main frame, when memory headroom is shared drive, each virtual machine is different from the shared drive that main frame uses, i.e. each virtual machine and corresponding exclusive shared drive each between main frame, each virtual machine can only access the shared drive between oneself and main frame, and the shared drive can not accessed between other virtual machine and main frames, completely isolated to ensure between each virtual machine, can not exchanges data be there is, prevent internaling attack between virtual machine.
When memory headroom is host memory, multiple virtual machine can use same host memory jointly, and virtual machine can exchange the data relevant with this virtual machine by procotol and main frame.
Step S110, described main frame reads the data of described file read-write event or network event sensing from described memory headroom;
In the present embodiment, main frame can installation file security procedure and network security process, after the data that file read-write event or network event are pointed to are put into memory headroom by virtual machine, the data that main frame is pointed to from memory headroom file reading read-write event by file security process, read the data of network event sensing from memory headroom by network security process.
Concrete, main frame can scan memory headroom, when scanning the related data that memory headroom has virtual machine to put into, reads these data.Certainly, main frame also can know the data that the needs whether putting into virtual machine in memory headroom detect by other means.
Step S120, the described file read-write event that described Host Detection reads or the data that network event points to, and obtain testing result.
In the present embodiment, in main frame, fail-safe software is installed, includes malicious code feature database, main frame reads the data of file read-write event or network event sensing, the malicious code feature database in main frame can be utilized, these data are compared detection, and processes according to testing result.Concrete testing result and processing mode can be:
If contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame is deleted described in described memory headroom by the data of virus infections, described virtual machine reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine the data that corresponding former described file read-write event is pointed to.
When after the data that the reservation data cover original read-write event after deleting viral data is pointed to, the data that this file read-write event is pointed to are secure data, and virtual machine can perform this file read-write event.
Certainly, testing result also directly can be notified virtual machine by main frame, by virtual machine delete original corresponding to virtual machine internal read and write in the data that event points to by the data of virus infections.
If described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine deletes the data that former described file read-write event corresponding in virtual machine is pointed to.
If testing result shows that detected data are wooden horse data, these wooden horse data in memory headroom can be deleted and this testing result be put into memory headroom to notify that virtual machine deletes this wooden horse data by main frame, and the data file read-write event of its correspondence pointed to after virtual machine reads this testing result are deleted.
If described testing result is the data that described network event points to is network attack data, described main frame or described virtual machine interrupt described network event;
Because network flow flows through main frame, so when the data detecting that this network event points to are network attack data, main frame can interrupt this network event, also testing result can be put into memory headroom, to notify that virtual machine interrupts this network event.
In addition, if testing result shows that the file read-write event carrying out detecting or network event are secure file, virtual machine continues to perform this file read-write event or network event.
In the present embodiment, the malicious code feature database of main frame can automatically upgrade after networking, or reminding user manually upgrades, to ensure as up-to-date malicious code feature database.
Further, the security protection system of the virtual machine of the method application provided at the present embodiment can also comprise central control terminal, this central control terminal is arranged on virtual machine or main frame or other independently on machine, different security strategies can be configured for every platform virtual machine, and the black and white lists that each virtual machine file configurable detects, the file being set to white list can detect when the event that generation file is corresponding and directly process.
In the present embodiment, can also in virtual machine embedded with network applied analysis module, this network application analysis module accurately can identify 1000 multiple network application protocols.User can understand the network application situation of each virtual machine, the service condition of bandwidth and the trend of flow at central control terminal, and the management that can become more meticulous to network traffics.
In the safety protecting method of the virtual machine that the embodiment of the present invention provides, main frame is occurred in the detection of the file read-write event in virtual machine and network event, therefore only a set of fail-safe software can be installed in order to detect data corresponding to various event at main frame, in virtual machine, fail-safe software need not be installed.Operation due to fail-safe software needs the system resource of at substantial, so when a host deployments multiple stage virtual machine, the security protection of this multiple stage virtual machine detects and all can occur in main frame, avoid the huge resource overhead that the superposition of every platform deploying virtual machine fail-safe software produces, thus significantly can save host resource, and then more effective resource on main frame can be managed and dispatched, and the quantity of the virtual machine that a main frame can be disposed can be improved, it can be even three times of the quantity of traditional virtual machine that main frame can be disposed when virtual machine installs fail-safe software.
Further, in the present embodiment, the data pointed to due to file read-write event and the network event of each virtual machine are all detect at main frame, main frame can judge that whether these data carrying out detecting are that data tested with some are the same, if, disposal route then with reference to the data be detected processes, no matter which virtual machine is these data be at, all no longer detect, the same file avoiding same file in different virtual machine or same virtual machine is detected repeatedly, decrease issuable resource consumption in testing process, improve protection efficiency.
In addition, main frame is utilized to carry out security protection to virtual machine, can be successfully managed some for virtualized novel attack pattern, as the attack etc. accusing each other, utilize virtual machine activation gap on same main frame between different virtual machine, and there is the problems such as common anti-virus storm when total system scanning and malicious code feature database can be avoided to upgrade.
It should be noted that, in the present embodiment, carry out the step order in no particular order processed according to testing result, as long as meet corresponding treatment conditions namely carry out respective handling to it.
Second embodiment
Refer to Fig. 3, the structural representation of the security protection system 10 of the virtual machine provided for second embodiment of the invention, system can comprise main frame 100 and be deployed in the virtual machine 400 of main frame 100, wherein:
The data that described file read-write event or network event are pointed to, for intercepting and capturing file read-write event or network event, are inserted described memory headroom by virtual machine 400;
Described main frame 100 is for reading the data of described file read-write event or network event sensing from described memory headroom;
Described main frame 100 also for detecting the data of described file read-write event or the network event sensing read, and obtains testing result.
As Fig. 4 shows the principle of work Organization Chart of the system that the present embodiment provides.
Further, if contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame 100 is deleted described in described memory headroom by the data of virus infections.
Described virtual machine 400 reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine 400 data that corresponding former described file read-write event is pointed to.
If described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine 400 deletes the data that former described file read-write event corresponding in virtual machine 400 is pointed to.
If described testing result is the data that described network event points to is network attack data, described main frame 100 or described virtual machine 400 interrupt described network event.
If described file read-write event or network event are secure file, described virtual machine 400 performs described file read-write event or network event.
Further, described memory headroom is the shared drive of described main frame 100 and described virtual machine 400, and when described system comprises multiple described virtual machine 400, each described virtual machine 400 uses different described shared drives jointly from described main frame 100.
In addition, described memory headroom also can be host memory, and described virtual machine 400 accesses described host memory by procotol.
Those skilled in the art are to understand all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as said method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.
The present embodiment, to the detailed process of the function of the security protection system of virtual machine, refers to the particular content of above-mentioned middle description embodiment illustrated in fig. 2, repeats no more herein.
The security protection system of the virtual machine that the embodiment of the present invention provides, the security protection of virtual machine mainly occurs in main frame, the data pointed to by the file read-write event in virtual machine and network event pass to main frame and carry out security detection, and testing result and corresponding processing mode are fed back to virtual machine by main frame again.Due to generally, a main frame can dispose multiple virtual machine, share the hardware resource of physical machine, and the operation can carrying out the protection capacity of safety protection software of security protection needs to consume a large amount of resources, so all virtual machines on a main frame all carry out security protection by main frame, namely only on main frame, installation protection capacity of safety protection software reaches the protection to all virtual machines, considerably reduce the issuable resource consumption of securing software, improve the quantity of the virtual machine that same main frame can be disposed.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the device comprising key element and also there is other identical element.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.
Above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any simple modification that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (10)
1. a safety protecting method for virtual machine, is applied to the security protection system of virtual machine, it is characterized in that, described system comprises main frame and virtual machine, is provided with the memory headroom corresponding to described virtual machine, comprises in described main frame:
Described virtual machine intercepts and captures file read-write event or network event, and the data that described file read-write event or network event are pointed to are inserted described memory headroom;
Described main frame reads the data of described file read-write event or network event sensing from described memory headroom;
The described file read-write event that described Host Detection reads or the data that network event points to, and obtain testing result.
2. method according to claim 1, is characterized in that, comprises further:
If contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame is deleted described in described memory headroom by the data of virus infections;
Described virtual machine reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine the data that corresponding former described file read-write event is pointed to.
3. method according to claim 1, is characterized in that, comprises further:
If described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine deletes the data that former described file read-write event corresponding in virtual machine is pointed to.
4. method according to claim 1, is characterized in that, comprises further:
If described testing result is the data that described network event points to is network attack data, described main frame or described virtual machine interrupt described network event.
5. the method according to any one of Claims 1-4, is characterized in that, described memory headroom is the shared drive of described main frame and described virtual machine.
6. method according to claim 5, is characterized in that, described system comprises multiple described virtual machine, and each described virtual machine and described main frame use different described shared drives jointly.
7. the method according to any one of Claims 1-4, is characterized in that, described memory headroom is host memory, and described virtual machine accesses described host memory by procotol.
8. a security protection system for virtual machine, is characterized in that, comprises main frame and virtual machine, is provided with the memory headroom corresponding to described virtual machine, comprises in described main frame:
The data that described file read-write event or network event are pointed to, for intercepting and capturing file read-write event or network event, are inserted described memory headroom by described virtual machine;
Described main frame is used for the data reading described file read-write event or network event sensing from described memory headroom;
Described main frame also for detecting the data of described file read-write event or the network event sensing read, and obtains testing result.
9. system according to claim 8, is characterized in that, comprises further:
If contain by the data of virus infections in the data that described testing result is described file read-write event to be pointed to, described main frame is deleted described in described memory headroom by the data of virus infections, described virtual machine reads described memory headroom from described memory headroom to be deleted described by the reservation data after the data of virus infections, to cover in described virtual machine the data that corresponding former described file read-write event is pointed to;
If described testing result is the data that described file read-write event is pointed to is wooden horse data, described virtual machine deletes the data that former described file read-write event corresponding in virtual machine is pointed to;
If described testing result is the data that described network event points to is network attack data, described main frame or described virtual machine interrupt described network event.
10. the system according to Claim 8 or described in 9, is characterized in that, described memory headroom is the shared drive of described main frame and described virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510732581.2A CN105320884A (en) | 2015-11-02 | 2015-11-02 | Security protection method and system for virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510732581.2A CN105320884A (en) | 2015-11-02 | 2015-11-02 | Security protection method and system for virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105320884A true CN105320884A (en) | 2016-02-10 |
Family
ID=55248249
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510732581.2A Pending CN105320884A (en) | 2015-11-02 | 2015-11-02 | Security protection method and system for virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105320884A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106384049A (en) * | 2016-09-06 | 2017-02-08 | 亚信科技(成都)有限公司 | Safety protection method and system |
| CN106778274A (en) * | 2016-12-29 | 2017-05-31 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| CN106778240A (en) * | 2016-11-18 | 2017-05-31 | 航天恒星科技有限公司 | A kind of virtual machine virus method method and device |
| CN106778275A (en) * | 2016-12-29 | 2017-05-31 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system and physical host under virtualized environment |
| CN106844006A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on data prevention method and system under virtualized environment |
| CN106845216A (en) * | 2016-12-30 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Checking and killing method and device based on virtualized environment |
| CN106845214A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| CN106919840A (en) * | 2017-03-03 | 2017-07-04 | 努比亚技术有限公司 | The detection method and device of a kind of Malware |
| CN109254827A (en) * | 2018-08-27 | 2019-01-22 | 电子科技大学成都学院 | A kind of secure virtual machine means of defence and system based on big data and machine learning |
| CN110866245A (en) * | 2019-11-13 | 2020-03-06 | 哈尔滨工业大学 | Detection method and detection system for maintaining file security of virtual machine |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254120A (en) * | 2011-08-09 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Method, system and relevant device for detecting malicious codes |
| US20130036470A1 (en) * | 2011-08-03 | 2013-02-07 | Zhu Minghang | Cross-vm network filtering |
| CN103150506A (en) * | 2013-02-17 | 2013-06-12 | 北京奇虎科技有限公司 | Method and device for detecting rogue program |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
| CN104751050A (en) * | 2015-04-13 | 2015-07-01 | 成都睿峰科技有限公司 | Client application program management method |
| CN104766011A (en) * | 2015-03-26 | 2015-07-08 | 国家电网公司 | Sandbox detection alarming method and system based on main engine characteristic |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
-
2015
- 2015-11-02 CN CN201510732581.2A patent/CN105320884A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130036470A1 (en) * | 2011-08-03 | 2013-02-07 | Zhu Minghang | Cross-vm network filtering |
| CN102254120A (en) * | 2011-08-09 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Method, system and relevant device for detecting malicious codes |
| CN103150506A (en) * | 2013-02-17 | 2013-06-12 | 北京奇虎科技有限公司 | Method and device for detecting rogue program |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
| CN104766011A (en) * | 2015-03-26 | 2015-07-08 | 国家电网公司 | Sandbox detection alarming method and system based on main engine characteristic |
| CN104751050A (en) * | 2015-04-13 | 2015-07-01 | 成都睿峰科技有限公司 | Client application program management method |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106384049A (en) * | 2016-09-06 | 2017-02-08 | 亚信科技(成都)有限公司 | Safety protection method and system |
| CN106778240A (en) * | 2016-11-18 | 2017-05-31 | 航天恒星科技有限公司 | A kind of virtual machine virus method method and device |
| CN106845214A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| CN106778275A (en) * | 2016-12-29 | 2017-05-31 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system and physical host under virtualized environment |
| CN106844006A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on data prevention method and system under virtualized environment |
| CN106778274A (en) * | 2016-12-29 | 2017-05-31 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| CN106844006B (en) * | 2016-12-29 | 2019-11-12 | 北京瑞星网安技术股份有限公司 | Based on the data prevention method and system under virtualized environment |
| CN106845216A (en) * | 2016-12-30 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Checking and killing method and device based on virtualized environment |
| CN106919840A (en) * | 2017-03-03 | 2017-07-04 | 努比亚技术有限公司 | The detection method and device of a kind of Malware |
| CN109254827A (en) * | 2018-08-27 | 2019-01-22 | 电子科技大学成都学院 | A kind of secure virtual machine means of defence and system based on big data and machine learning |
| CN109254827B (en) * | 2018-08-27 | 2022-04-22 | 电子科技大学成都学院 | Virtual machine safety protection method and system based on big data and machine learning |
| CN110866245A (en) * | 2019-11-13 | 2020-03-06 | 哈尔滨工业大学 | Detection method and detection system for maintaining file security of virtual machine |
| CN110866245B (en) * | 2019-11-13 | 2023-11-07 | 哈尔滨工业大学 | Detection method and detection system for maintaining file security of virtual machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105320884A (en) | Security protection method and system for virtual machine | |
| US10599846B2 (en) | Segregating executable files exhibiting network activity | |
| CN109831420B (en) | Method and device for determining kernel process permission | |
| JP4406627B2 (en) | Computer security management, such as in virtual machines or hardened operating systems | |
| RU2645268C2 (en) | Complex classification for detecting malware | |
| KR101535502B1 (en) | System and method for controlling virtual network including security function | |
| US20120005755A1 (en) | Infection inspection system, infection inspection method, storage medium, and program | |
| US11012449B2 (en) | Methods and cloud-based systems for detecting malwares by servers | |
| CN107004088B (en) | Determining device, determining method and recording medium | |
| CN105393255A (en) | Process evaluation for malware detection in virtual machines | |
| CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
| CN104769604A (en) | Real-time module protection | |
| CN105103158A (en) | Profiling code execution | |
| KR20120010140A (en) | Device and method for providing soc-based anti-malware service, and interface method | |
| US9542557B2 (en) | Snoop-based kernel integrity monitoring apparatus and method thereof | |
| US9064120B2 (en) | Systems and methods for directing application updates | |
| CN110659478B (en) | Method for detecting malicious files preventing analysis in isolated environment | |
| CN103345604A (en) | Sandbox system based on light-weight virtual machine monitor and method for monitoring OS with sandbox system | |
| CN105117649A (en) | Anti-virus method and anti-virus system for virtual machine | |
| CN109597675A (en) | Virtual machine Malware behavioral value method and system | |
| US9202053B1 (en) | MBR infection detection using emulation | |
| CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
| US10089469B1 (en) | Systems and methods for whitelisting file clusters in connection with trusted software packages | |
| CN105550574B (en) | Side channel analysis evidence-obtaining system and method based on memory activity | |
| US11811803B2 (en) | Method of threat detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160210 |
|
| RJ01 | Rejection of invention patent application after publication |