CN105590059B - 虚拟机逃逸的检测方法及装置 - Google Patents
虚拟机逃逸的检测方法及装置 Download PDFInfo
- Publication number
- CN105590059B CN105590059B CN201510959269.7A CN201510959269A CN105590059B CN 105590059 B CN105590059 B CN 105590059B CN 201510959269 A CN201510959269 A CN 201510959269A CN 105590059 B CN105590059 B CN 105590059B
- Authority
- CN
- China
- Prior art keywords
- escape
- detected
- virtual machine
- preset
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 230000024703 flight behavior Effects 0.000 claims abstract description 60
- 238000000034 method Methods 0.000 claims abstract description 32
- 230000006870 function Effects 0.000 claims description 45
- 230000006399 behavior Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000000875 corresponding effect Effects 0.000 description 84
- 230000008569 process Effects 0.000 description 10
- 230000009471 action Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 239000011800 void material Substances 0.000 description 4
- 230000003542 behavioural effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (14)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510959269.7A CN105590059B (zh) | 2015-12-18 | 2015-12-18 | 虚拟机逃逸的检测方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510959269.7A CN105590059B (zh) | 2015-12-18 | 2015-12-18 | 虚拟机逃逸的检测方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105590059A CN105590059A (zh) | 2016-05-18 |
CN105590059B true CN105590059B (zh) | 2019-04-23 |
Family
ID=55929633
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510959269.7A Active CN105590059B (zh) | 2015-12-18 | 2015-12-18 | 虚拟机逃逸的检测方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105590059B (zh) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103366117A (zh) * | 2012-03-31 | 2013-10-23 | 深圳市腾讯计算机系统有限公司 | 一种感染型病毒修复方法及系统 |
CN103839003A (zh) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | 恶意文件检测方法及装置 |
CN104462985A (zh) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | bat漏洞的检测方法以及装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9069983B1 (en) * | 2009-04-29 | 2015-06-30 | Symantec Corporation | Method and apparatus for protecting sensitive information from disclosure through virtual machines files |
CN103020525A (zh) * | 2012-12-20 | 2013-04-03 | 北京奇虎科技有限公司 | 虚拟机系统的反检测方法和装置 |
CN103577246B (zh) * | 2013-11-12 | 2017-05-31 | 浙江云巢科技有限公司 | 防止虚拟机逃逸的方法和装置 |
CN104598818A (zh) * | 2014-12-30 | 2015-05-06 | 北京奇虎科技有限公司 | 一种用于虚拟化环境中的文件检测系统及方法 |
-
2015
- 2015-12-18 CN CN201510959269.7A patent/CN105590059B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103366117A (zh) * | 2012-03-31 | 2013-10-23 | 深圳市腾讯计算机系统有限公司 | 一种感染型病毒修复方法及系统 |
CN103839003A (zh) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | 恶意文件检测方法及装置 |
CN104462985A (zh) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | bat漏洞的检测方法以及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN105590059A (zh) | 2016-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11716348B2 (en) | Malicious script detection | |
CN103955645B (zh) | 恶意进程行为的检测方法、装置及系统 | |
US11956264B2 (en) | Method and system for verifying validity of detection result | |
US20140237593A1 (en) | Method, device and system for detecting security of download link | |
US8782615B2 (en) | System, method, and computer program product for simulating at least one of a virtual environment and a debugging environment to prevent unwanted code from executing | |
WO2013170064A2 (en) | Methods and apparatus for identifying and removing malicious applications | |
CN110138727A (zh) | 反弹shell网络连接的信息查找方法及装置 | |
CN110417768B (zh) | 一种僵尸网络的跟踪方法及装置 | |
WO2012103646A1 (en) | Determining the vulnerability of computer software applications to privilege-escalation attacks | |
CN105516151B (zh) | 后门文件的查杀方法及装置 | |
US20190356675A1 (en) | Combining apparatus, combining method, and combining program | |
CN105095759A (zh) | 文件的检测方法及装置 | |
US20230096108A1 (en) | Behavior analysis based on finite-state machine for malware detection | |
CN105791250B (zh) | 应用程序检测方法及装置 | |
Choi et al. | All‐in‐One Framework for Detection, Unpacking, and Verification for Malware Analysis | |
CN105590058B (zh) | 虚拟机逃逸的检测方法及装置 | |
EP3504597B1 (en) | Identification of deviant engineering modifications to programmable logic controllers | |
CN105608374B (zh) | 虚拟机逃逸的检测方法及装置 | |
CN105447348B (zh) | 一种显示窗口的隐藏方法、装置及用户终端 | |
CN105553767B (zh) | 网站后门文件检测方法及装置 | |
CN110020530B (zh) | 用于确定应用程序在运行时的安全性的方法及其装置 | |
CN105590059B (zh) | 虚拟机逃逸的检测方法及装置 | |
EP4386596A1 (en) | Method and device for detecting malignancy of non-portable executable file through execution flow change of application program | |
CN111444510A (zh) | 基于虚拟机实现的cpu漏洞检测方法及系统 | |
CN105631320B (zh) | 虚拟机逃逸的检测方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Wang Shengping Inventor after: Tang Qinghao Inventor after: Wu Yunkun Inventor before: Wang Shengping Inventor before: Tang Qinghao |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Co-patentee after: QAX Technology Group Inc. Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Co-patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |