CN105843671B - Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform - Google Patents
Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform Download PDFInfo
- Publication number
- CN105843671B CN105843671B CN201610164765.8A CN201610164765A CN105843671B CN 105843671 B CN105843671 B CN 105843671B CN 201610164765 A CN201610164765 A CN 201610164765A CN 105843671 B CN105843671 B CN 105843671B
- Authority
- CN
- China
- Prior art keywords
- module
- information
- virtual machine
- risk
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
A kind of resources of virtual machine security monitoring and risk pretreatment system based on cloud platform, by arranging resources of virtual machine monitoring module of the invention in the calculate node of operation cloud platform Compute service, resource data collection and resource data analysis module of the invention are arranged on the collector node of operation cloud platform Compute service, run arrange risk processing and monitoring management module of the invention on the same main controlled node of cloud platform Horizon, Glance, Swift service to realize resource security monitoring and risk pretreatment to virtual machine in cloud platform calculate node at the same time.The present invention allows administrator to check in each calculate node the resource behaviour in service and safe condition of the virtual machine that is monitored through the invention, and independently implements to manage to dangerous virtual machine in the case where administrator's untreated dangerous virtual machine for a long time.Present invention can apply in cloud computing platform monitoring resource.
Description
Technical field
The invention belongs to field of computer technology, and it is flat based on cloud to further relate to one of field of information security technology
The resources of virtual machine security monitoring of platform and risk pretreatment system.The present invention can be used in cloud platform framework being transported in calculate node
The monitoring resource of row virtual machine, safety judge and are pre-processed accordingly.
Background technique
With popularizing for cloud platform, the deployment way of server is changed to cloud platform from entity by more and more enterprises, both
The saving for being conducive to space for its deployment is also beneficial to be dynamically distributed for the stock number of demand for services.
Monitoring is the important component of cloud platform, it is the premise of all management in cloud computing platform, can help cloud
The use of platform dynamic quantization resource, monitoring service deficiency etc., play an important role to the service quality for providing cloud platform.
Paper " the CloudVMI that Abhinav Srivastava et al. is delivered at it:Virtual Machine
Introspection as a Cloud Service”(2014IEEE International Conference on Cloud
Engineering the CloudVMI system architecture based on VMI is proposed in).It is put down in the paper using VMI as a kind of cloud
Service on platform is deployed on each physical node, carries out resource receipts to each virtual machine on physical node using LibVMI
Collection.The system architecture that the paper proposes, effectively shields the attack of rogue program in virtual machine, still, existing for the system
Shortcoming is the monitoring information for not making full use of the system to get, to the process thing in the monitoring information got
Part information causes waste.
Liang Yu et al. its paper " being based on OpenStack resource monitoring " (《Computer system application》2014
The phase of volume 23 the 4th) in propose a kind of resource monitoring based on OpenStack.The system be divided into worker,
Five modules of database, server, common and client.Wherein worker is its main monitoring module.Worker module
It using Libvirt as Core API, is deployed on each physical node, manages and monitor the object of the target virtual machine of node operation
Manage resource status such as memory, CPU, hard disk etc..Shortcoming existing for the system is, since the monitoring module of the system only obtains
The physical resource Information of virtual machine causes the control and monitoring of the monitoring system insufficient.
Summary of the invention
It is an object of the invention in view of the above-mentioned problems of the prior art, providing a kind of virtual machine based on cloud platform
Resource security monitoring and risk pretreatment system.The present invention can monitor in real time run in cloud platform calculate node it is monitored virtual
The resource information and safety state information of machine can handle it suggestion to the monitored virtual machine in unsafe condition in time
It is responded with processing, reducing potential threat in monitored virtual machine may lose to user's bring, and guarantee obtained by monitoring system
The accuracy of resource information.
The present invention solve above-mentioned technical problem technical solution be:The present invention includes resources of virtual machine monitoring module, resource
Data collection module, resource data analysis module, risk processing module and monitoring management module.
Resources of virtual machine monitoring module of the invention, be arranged in run cloud platform Compute service calculate node it
On, physical resource Information, process physics page information and process actual motion for periodically collecting monitored virtual machine are believed
Breath, and process physics page information is carried out semantic reparation is repaired as process structure body information, then by the process structure body after reparation
The physical resource Information and process actual motion information that information and resources of virtual machine monitoring module are collected into are sent to resource data
Collection module.
Resource data collection module of the invention is arranged on the collector node for running cloud platform Compute service,
For receiving the data of resources of virtual machine monitoring module transmission, and according to process structure body information, physical resource Information and process
Three classifications of actual motion information are classified, and sorted data are carried out persistent storage according still further to preformat.
Resource data analysis module of the invention is arranged on the collector node for running cloud platform Compute service,
For obtaining the information after resource data collection module classification stores, the process structure body information of acquirement is expected for establishing process
Behavior model, the physical resource Information and process actual motion information of acquirement are for verifying whether to meet resource data analysis module
Verification result is divided into credible, suspicious and dangerous three kinds of state outcomes by analyzing and determining by the process anticipatory behavior model of foundation,
Risk processing module is sent by the state outcome of judgement again.
Risk processing module of the invention, arrangement run cloud platform Horizon, Glance, Swift service at the same time
On same main controlled node, receive the analysis state outcome that sends of resource data analysis module, in analysis state outcome by
The trusted status that resource data analysis module judges is as a result, be forwarded directly to monitoring management module for trusted status result;
To the suspicious state outcome and precarious position judged in analysis state outcome by resource data analysis module as a result, then by wind
Dangerous processing module formulates corresponding treatment advice, then will analyze the suspicious state outcome in state outcome, precarious position result and
The corresponding treatment advice that risk processing module is made is sent to monitoring management module together, if monitoring management module to suspicious and
Precarious position result provides non-response message, then voluntarily makes respective handling to monitored virtual machine by risk processing module, then
Monitoring management module is sent by the processing result of risk processing module.
Monitoring management module of the invention, arrangement run cloud platform Horizon, Glance, Swift service at the same time
On same main controlled node, for starting entire monitoring system, received after system starting for receiving resource data of the invention
The risk processing information that the physical resource Information and risk processing module that collection module is sent are sent, then the physics received is provided
Source information and risk processing information are shown by web interface;And at the risk for sending risk processing module of the invention
Suspicious or precarious position in reason information is as a result, the treatment advice sent together with risk processing module notifies cloud platform management
Member, if cloud platform administrator is untreated within a certain period of time, monitoring management module sends suspicious or precarious position result not
Response message gives risk processing module.
Compared with prior art, the present invention has the following advantages that.
First, since resources of virtual machine monitoring module of the invention is arranged on the calculate node of monitored virtual machine and
It is not within monitored virtual machine, overcoming to be built into monitored virtual machine in the prior art influences to be supervised caused by agency
The problem of controlling virtual machine performance, so that The present invention reduces the performance losses for the virtual machine that is monitored caused by monitoring resource.
Second, since the process Physical Page of resources of virtual machine monitoring module of the invention to monitored virtual machine has carried out language
Justice-reparation is multiple, obtains the process actual motion information of monitored virtual machine, overcomes that control and monitoring in the prior art are insufficient to ask
Topic makes the available more monitoring informations of the present invention, provides effectively for the present invention to the safety judgement of monitored virtual machine
Data improve the validity of safety judgement.
Third, since risk processing module of the invention is in the untreated dangerous virtual machine of cloud platform administrator's long-time
In the case of can manage independently virtual machine, overcome in the prior art to the problem of monitored Virtual Machine Manager measure deficiency, make
The present invention can prevent damage behavior of the dangerous virtual machine to user resources in time, strengthen management intensity of the invention, subtract
The loss that dangerous virtual machine brings user is lacked.
Detailed description of the invention
Fig. 1 is the structural diagram of the present invention;
Fig. 2 is block architecture diagram of the invention;
Fig. 3 is operation figure of the invention.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawing.
Referring to attached drawing 1, the present invention includes virtual machine monitoring module, resource data collection module, resource data analysis module,
Risk processing module, monitoring management module;Virtual machine monitoring module arrangement is in the calculating section for running cloud platform Compute service
On point, for periodically collecting the practical fortune of physical resource Information, process physics page information and process of monitored virtual machine
Row information, and process physics page information is carried out semantic reparation is repaired as process structure body information, then by the process knot after reparation
The physical resource Information and process actual motion information that structure body information and resources of virtual machine monitoring module are collected into are sent to resource
Data collection module.
Resource data collection module arrangement is on the collector node for running cloud platform Compute service, for receiving
The data that resources of virtual machine monitoring module is sent, and according to process structure body information, physical resource Information and process actual motion
Three classifications of information are classified, and sorted data are carried out persistent storage according still further to preformat.
Resource data analysis module is arranged on the collector node for running cloud platform Compute service, for obtaining
Information after the storage of resource data collection module classification, the process structure body information of acquirement is for establishing process anticipatory behavior mould
Type, the physical resource Information and process actual motion information of acquirement are used to verify whether to meet the foundation of resource data analysis module
Verification result is divided into credible, suspicious and dangerous three kinds of state outcomes by analyzing and determining, then will sentenced by process anticipatory behavior model
Disconnected state outcome is sent to risk processing module.
Risk processing module arrangement runs the same master control of cloud platform Horizon, Glance, Swift service at the same time
On node, receive the analysis state outcome that sends of resource data analysis module, in analysis state outcome by resource data
The trusted status that analysis module judges is as a result, be forwarded directly to monitoring management module for trusted status result;To analysis shape
Suspicious state outcome and the precarious position judged in state result by resource data analysis module is as a result, then handle mould by risk
Block formulates corresponding treatment advice, then handles the suspicious state outcome in state outcome, precarious position result and risk is analyzed
The corresponding treatment advice that module is made is sent to monitoring management module together, if monitoring management module is to suspicious and precarious position
As a result non-response message is provided, then respective handling is voluntarily made to monitored virtual machine by risk processing module, then will be at risk
The processing result of reason module is sent to monitoring management module.
Monitoring management module arrangement runs the same master control of cloud platform Horizon, Glance, Swift service at the same time
On node, for starting entire monitoring system;For receiving the object that resource data collection module is sent after system starting
The risk processing information that reason resource information and risk processing module are sent, then the physical resource Information received and risk are handled
Information is shown by web interface;And the suspicious or precarious position in the risk processing information for sending risk processing module
As a result, the treatment advice sent together with risk processing module notifies cloud platform administrator, if cloud platform administrator is certain
Untreated in time, monitoring management module then sends suspicious or precarious position result non-response message and gives risk processing module.
Referring to attached drawing 2, virtual machine monitoring module of the invention includes adjusting type kernel unit, Process Tracking unit, semanteme
Repair unit and program behavior collector unit;Adjusting type kernel unit be used for collect monitored virtual machine physical resource Information and
Process physics page information;Process Tracking unit is used to collect the process actual motion information of monitored virtual machine;Semanteme is repaired single
Process physics page information of the member for collecting to adjusting type kernel unit carries out semanteme reparation, repairs as process structure body information,
And the physical resource Information collected to adjusting type kernel unit is integrated;Program behavior collector unit is for integrating Process Tracking
The process actual motion information that unit is collected.
Resource data collection module of the invention includes data separation unit and persistent storage unit;Data separation unit
Monitoring resource information for sending virtual machine monitoring module to be divided into process structure body information, process actual motion information and
Physical resource Information three classes;Persistent storage unit is for doing the sorted data of data separation unit according to scheduled format
Persistent storage out.
Resource data analysis module of the invention includes that program behavior establishes unit and program security analytical unit;Program
Behavior establishes unit and obtains process structure body information from resource data collection module, in conjunction with the corresponding source code of process or executable journey
Sequence obtains legal sequence model, by calling graph model to obtain the relationship between system calling and system calling, and takes out and is
System calls node, establishes the corresponding anticipatory behavior model of process;Program security analytical unit is obtained from resource data collection module
Process actual motion information and physical resource Information are taken, the program behavior of verifying resource data analysis module establishes unit foundation
Anticipatory behavior model, and verification result is divided into credible, suspicious and dangerous three kinds of states by analyzing and determining.
Referring to attached drawing 3, by it is of the invention once monitor and process for, illustrate that the execution of each functional module in the present invention is suitable
Sequence is as follows:
(1) monitoring system is started by monitoring management module.
(2) after monitoring system starting, resources of virtual machine monitoring module starts running in calculate node where collecting
The resource information of monitored virtual machine.
(3) after resource data collection module receives the resource information that resources of virtual machine monitoring module is collected, resource is believed
Breath classify and stored according to predetermined format.
(4) resource data analysis module obtains the resource information of resource data collection resume module storage, then believes resource
Breath carries out safety analysis.
(5) analysis that risk processing module reception resource data analysis module is made is as a result, for different analysis results
Make corresponding processing.
(6) monitoring management module receives resource information, the reception risk processing module hair that resource data collection module is sent
The risk situation sent and the treatment advice made to analysis result, are shown to interface and notify idea administrator.
(7) risk processing module judges whether administrator responds, if administrator responds, skips to step (8);As do not rung
It answers, skips to step (9).
(8) processing terminate for this monitoring.
(9) risk processing module is from the not corresponding dangerous virtual machine of main process task administrator.
Claims (1)
1. a kind of resources of virtual machine security monitoring and risk pretreatment system based on cloud platform, including resources of virtual machine monitor mould
Block, resource data collection module, resource data analysis module, risk processing module and monitoring management module;Wherein:
The resources of virtual machine monitoring module is arranged on the calculate node for running cloud platform Compute service, is used for
Physical resource Information, process physics page information and the process actual motion information of monitored virtual machine are periodically collected, and will
Process physics page information carries out semantic reparation, repairs as process structure body information, then by after reparation process structure body information and
The physical resource Information and process actual motion information that resources of virtual machine monitoring module is collected into are sent to resource data collection mould
Block;The resources of virtual machine monitoring module includes adjusting type kernel unit, Process Tracking unit, semantic reparation unit and program
Behavior collector unit;The adjusting type kernel unit is used to collect the physical resource Information and process physics of monitored virtual machine
Page information;The Process Tracking unit is used to collect the process actual motion information of monitored virtual machine;The semanteme is repaired
The process physics page information that multiple unit is used to collect adjusting type kernel unit carries out semantic reparation, repairs as process structure body letter
Breath, and integrate the physical resource Information of adjusting type kernel unit collection;The program behavior collector unit is for integrating process
The process actual motion information that tracking cell is collected;
The resource data collection module is arranged on the collector node for running cloud platform Compute service, for connecing
The data that resources of virtual machine monitoring module is sent are received, and according to process structure body information, physical resource Information and the practical fortune of process
Three classifications of row information are classified, and sorted data are carried out persistent storage according still further to preformat;The resource
Data collection module includes data separation unit and persistent storage unit;The data separation unit is for supervising virtual machine
The monitoring resource information that control module is sent to is divided into process structure body information, process actual motion information and physical resource Information three
Class;The persistent storage unit is used to the sorted data of data separation unit making persistence according to scheduled format
Storage;
The resource data analysis module is arranged on the collector node for running cloud platform Compute service, for obtaining
Information after taking resource data collection module classification to store, the process structure body information of acquirement is for establishing process anticipatory behavior mould
Type, the physical resource Information and process actual motion information of acquirement are used to verify whether to meet the foundation of resource data analysis module
Verification result is divided into credible, suspicious and dangerous three kinds of state outcomes by analyzing and determining, then will sentenced by process anticipatory behavior model
Disconnected state outcome is sent to risk processing module;The resource data analysis module includes that program behavior establishes unit and journey
Sequence safety analysis unit;The program behavior establishes unit and obtains process structure body information from resource data collection module,
Legal sequence model is obtained in conjunction with the corresponding source code of process or executable program, by calling graph model to obtain system calling and being
Relationship between system calling, and take out system and call node, establish the corresponding anticipatory behavior model of process;The program peace
Full property analytical unit obtains process actual motion information and physical resource Information from resource data collection module, verifies resource data
The program behavior of analysis module establishes the anticipatory behavior model of unit foundation, and being divided into verification result by analytical judgment can
Letter, suspicious and dangerous three kinds of states;
The risk processing module, arrangement run the same master of cloud platform Horizon, Glance, Swift service at the same time
Control on node, receive the analysis state outcome that sends of resource data analysis module, in analysis state outcome by number of resources
The trusted status judged according to analysis module is as a result, be forwarded directly to monitoring management module for trusted status result;To analysis
Suspicious state outcome and the precarious position judged in state outcome by resource data analysis module by risk as a result, then handled
Module formulates corresponding treatment advice, then will analyze at the suspicious state outcome in state outcome, precarious position result and risk
The corresponding treatment advice that reason module is made is sent to monitoring management module together, if monitoring management module is to suspicious and dangerous shape
State result provides non-response message, then voluntarily makes respective handling to monitored virtual machine by risk processing module, then by risk
The processing result of processing module is sent to monitoring management module;
The monitoring management module, arrangement run the same master of cloud platform Horizon, Glance, Swift service at the same time
It controls on node, for starting entire monitoring system;For receiving what resource data collection module was sent after system starting
The risk that physical resource Information and risk processing module are sent handles information, then will be at the physical resource Information that received and risk
Reason information is shown by web interface;And the suspicious or dangerous shape in the risk processing information for sending risk processing module
State is as a result, the treatment advice sent together with risk processing module notifies cloud platform administrator, if cloud platform administrator is one
It fixes time interior untreated, monitoring management module then sends suspicious or precarious position result non-response message and handles mould to risk
Block.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610164765.8A CN105843671B (en) | 2016-03-22 | 2016-03-22 | Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610164765.8A CN105843671B (en) | 2016-03-22 | 2016-03-22 | Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105843671A CN105843671A (en) | 2016-08-10 |
CN105843671B true CN105843671B (en) | 2018-11-16 |
Family
ID=56587713
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610164765.8A Active CN105843671B (en) | 2016-03-22 | 2016-03-22 | Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105843671B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI756156B (en) * | 2019-04-07 | 2022-02-21 | 新唐科技股份有限公司 | Monitor system booting security device and method thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101499016A (en) * | 2008-01-31 | 2009-08-05 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
CN102713860A (en) * | 2011-12-30 | 2012-10-03 | 华为技术有限公司 | User experience index monitoring method and monitoring virtual machine |
CN103024060A (en) * | 2012-12-20 | 2013-04-03 | 中国科学院深圳先进技术研究院 | Open type cloud computing monitoring system for large scale cluster and method thereof |
CN104539689A (en) * | 2014-12-23 | 2015-04-22 | 西安电子科技大学 | Resource monitoring method under cloud platform |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7845009B2 (en) * | 2006-05-16 | 2010-11-30 | Intel Corporation | Method and apparatus to detect kernel mode rootkit events through virtualization traps |
-
2016
- 2016-03-22 CN CN201610164765.8A patent/CN105843671B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101499016A (en) * | 2008-01-31 | 2009-08-05 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
CN102713860A (en) * | 2011-12-30 | 2012-10-03 | 华为技术有限公司 | User experience index monitoring method and monitoring virtual machine |
CN103024060A (en) * | 2012-12-20 | 2013-04-03 | 中国科学院深圳先进技术研究院 | Open type cloud computing monitoring system for large scale cluster and method thereof |
CN104539689A (en) * | 2014-12-23 | 2015-04-22 | 西安电子科技大学 | Resource monitoring method under cloud platform |
Non-Patent Citations (2)
Title |
---|
"分布式监控系统结构研究与设计";田雨 等;《沈阳理工大学学报》;20070430;第26卷(第2期);第5-9页 * |
"基于OpenStack资源监控系统";梁宇 等;《计算机系统应用》;20141231;第23卷(第4期);第16、44-47页 * |
Also Published As
Publication number | Publication date |
---|---|
CN105843671A (en) | 2016-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105511944B (en) | A kind of method for detecting abnormality of cloud system internal virtual machine | |
CN110417721A (en) | Safety risk estimating method, device, equipment and computer readable storage medium | |
CN110866820A (en) | Real-time monitoring system, method, equipment and storage medium for banking business | |
CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
CN105490864B (en) | Business module monitoring method based on OSGI | |
CN104182278B (en) | A kind of method and apparatus for judging computer hardware resource busy extent | |
CN106354616A (en) | Method and device for monitoring application execution performance and high-performance computing system | |
CN111083662A (en) | Water quality monitoring Internet of things system based on cloud computing | |
CN111754241A (en) | User behavior perception method, device, equipment and medium | |
CN110570097A (en) | business personnel risk identification method and device based on big data and storage medium | |
CN107168844B (en) | Performance monitoring method and device | |
CN109558248A (en) | A kind of method and system for the determining resource allocation parameters calculated towards ocean model | |
CN105069029B (en) | A kind of real-time ETL system and method | |
CN110597719B (en) | Image clustering method, device and medium for adaptation test | |
CN111708932A (en) | Cloud computing platform and scheduling and data analysis method and system thereof | |
CN102722521B (en) | Method and system for monitoring data comparison | |
CN113504996B (en) | Load balancing detection method, device, equipment and storage medium | |
CN113282920B (en) | Log abnormality detection method, device, computer equipment and storage medium | |
CN105843671B (en) | Resources of virtual machine security monitoring and risk pretreatment system based on cloud platform | |
CN109446278A (en) | A kind of big data management platform system based on block chain | |
CN104735063B (en) | A kind of safe evaluating method for cloud infrastructure | |
CN110262955A (en) | Application performance monitoring tools based on pinpoint | |
KR102410151B1 (en) | Method, apparatus and computer-readable medium for machine learning based observation level measurement using server system log and risk calculation using thereof | |
CN114245204B (en) | Video surface signing method and device based on artificial intelligence, electronic equipment and medium | |
Hu et al. | Method of informational and psychological influence evaluation in social networks based on fuzzy logic |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |