CN106775929A - A kind of virtual platform safety monitoring method and system - Google Patents
A kind of virtual platform safety monitoring method and system Download PDFInfo
- Publication number
- CN106775929A CN106775929A CN201611063511.3A CN201611063511A CN106775929A CN 106775929 A CN106775929 A CN 106775929A CN 201611063511 A CN201611063511 A CN 201611063511A CN 106775929 A CN106775929 A CN 106775929A
- Authority
- CN
- China
- Prior art keywords
- server end
- monitor
- virtual machine
- data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000002159 abnormal effect Effects 0.000 claims abstract description 15
- 238000001514 detection method Methods 0.000 claims abstract description 15
- 230000005856 abnormality Effects 0.000 claims abstract description 13
- 238000012790 confirmation Methods 0.000 claims abstract description 7
- 230000016571 aggressive behavior Effects 0.000 claims abstract description 4
- 238000007596 consolidation process Methods 0.000 claims abstract description 4
- 238000012360 testing method Methods 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 32
- 238000004422 calculation algorithm Methods 0.000 claims description 17
- 238000005094 computer simulation Methods 0.000 claims description 4
- 238000007405 data analysis Methods 0.000 description 10
- 238000003860 storage Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000005119 centrifugation Methods 0.000 description 2
- 238000007635 classification algorithm Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 230000008713 feedback mechanism Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000010361 transduction Methods 0.000 description 2
- 230000026683 transduction Effects 0.000 description 2
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of virtual platform safety monitoring method and system.This method is:1) server end is set on main frame or virtual machine, a client is set in the monitor of virtual machine of monitored fictitious host computer;2) demand for security that user customizes is resolved to the demand configuration file of consolidation form and stored by server end;3) client obtains the demand configuration file from server end, and monitor in real time gathers the operation information of the monitor of virtual machine and is sent to server end;4) server end sets outlier threshold according to history gathered data, is then based on the outlier threshold and carries out abnormality detection to the data of Real-time Collection being sent to the user;5) normal event and abnormal aggression event of the server end in the confirmation result of user, generates label data;It is then based on label data and history gathered data sets up disaggregated model, abnormality detection then is carried out to the data of Real-time Collection using the disaggregated model, and testing result is sent to user.
Description
Technical field
The present invention relates to virtual platform safety, specifically, it is related to a kind of virtual platform method for safety monitoring and is
System.Belong to field of information security technology.
Background technology
With Intel Virtualization Technology and the continuous ripe and extensive utilization of cloud computing technology, user is gradually by the IT bases of oneself
Facility is moved on virtual platform, with the various facilities brought using Intel Virtualization Technology:On demand extension, flexibly migration, data
Backup, fault recovery etc..
Virtual platform refer to using Intel Virtualization Technology build Infrastructure platform, including bottom hardware, virtual machine prison
Control device (VMM) and user virtual machine.Wherein, monitor of virtual machine is the core of whole system, and it is that a kind of system is soft
Part, directly controls bottom hardware, takes out multiple analog hardwares to support the operation of upper-level virtual machine.According to traditional operation system
System authority level is divided, and VMM runs on the ranks of Ring 0, user virtual machine runs on Ring 1-3 ranks.
The safety problem of current virtual platform is that attacker can utilize itself leak of virtual platform and management to lack
It is trapped into the escape of row virtual machine to attack, so as to control VMM, and then controls all user virtual machines.Therefore, need to ensure user at present
The safe operation of virtual machine and the safe operation of whole virtual platform.And current virtual platform safety approach is mainly solved
Problem certainly is the safety problem of user virtual machine, and a kind of method is one secure virtual machine of structure on VMM, for detecting void
Flow between plan machine, or user is detected with proxy-free mode using Virtual Machine introspection technologies
The information such as process, the file of virtual machine.
But current rare technical scheme can be monitored and protection to monitor of virtual machine (VMM).Patent
CN201610229787.8 monitors the integrality of VMM using TPM reliable hardwares, and this scheme has two shortcomings:1st, need
Install the credible custom hardwares of TPM on general X86 servers additional, it is relatively costly;2nd, the program can only be detected when virtual machine starts
The integrality of bottom VMM, it is impossible to accomplish security monitoring during operation.
At present, realize being monitored during the operation of monitor of virtual machine (VMM), so as to ensure monitor of virtual machine (VMM)
Normal operation be insurmountable prior art.
The content of the invention
It is an object of the invention to overcome problems of the prior art, there is provided a kind of virtual platform security monitoring side
Method and system, real-time, fine-grained can monitor operating monitor of virtual machine, so as to ensure its safety.
Virtual platform safety monitoring system of the present invention includes:
Server end and client, server end are operated on the operating system of main frame or virtual machine, including strategy
Analysis module, data analysis module, data memory module, client operates in the monitor of virtual machine of monitored fictitious host computer
In, including information acquisition module:
A) user's login system and demand for security is customized;
B) demand for security that user customizes is resolved to strategy analysis module the demand configuration file (XML) of consolidation form,
And in sending it to data memory module;
C) information acquisition module obtains demand configuration file from data memory module, and according to configuration file Initialize installation
The species and working method of information gathering, and start the monitor of virtual machine (VMM) of main frame where monitor in real time, gather virtual machine
The operation information of watch-dog is simultaneously sent in data memory module;
D) data analysis module reads the history gathered data stored in data memory module, and operation clustering algorithm draws just
Normal disaggregated model, and (obtain determining after disaggregated model the maximum of each class according to the model parameter setting outlier threshold of generation
Centrifugation distance, according to these distance values set outlier threshold), based on this threshold value to Real-time Collection come data carry out abnormal inspection
Survey, and the abnormal alarm that will be detected is sent to user;
E) user is investigated and is confirmed to abnormal alarm, and will confirm that result feeds back to data analysis module;
F) normal event and abnormal aggression event of the data analysis module in the confirmation result of user, generates tape label
Data, operation semisupervised classification algorithm draw new disaggregated model, including normal model and Exception Model;Newly-generated exception
Model is used to instruct the abnormality detection of real-time data collection, and testing result feeds back to user;Meanwhile, data analysis module periodically will
The parameter persistent storage of data model is in data memory module.
G) step e), f) circular flow, while disaggregated model is also in constantly improve.
Described demand for security includes monitoring granularity, the IP address section of monitored fictitious host computer cluster, fictitious host computer type
Number with the information such as version;Monitoring granularity option carries out daily record, two ranks of function.IP address is used to position fictitious host computer,
And 2 the step of client-side program, such as specific embodiment is installed on fictitious host computer.Fictitious host computer model and version are used to distinguish
VMM, the client-side program run on different VMM is different, such as the client-side program for Xen and KVM is exactly different.
Described data acquisition module operates in system kernel layer (Ring 0) of place fictitious host computer, is configured according to strategy
Monitoring granularity option in file carries out information gathering:
If a) option is daily record rank (LOG), the daily record of monitor in real time monitor of virtual machine is simultaneously assisted using syslog
View will be dealt into data memory module outside daily record;
If b) option is function rank (FUNCTION), it is capable of the function call time of monitor in real time monitor of virtual machine
Sequence, and in real time preserve and outgoing function call storehouse operation information, specifically include function name, allocating time, process PID,
The information such as function parameter value, function call result, and function call order and function allocating stack information is sent to data deposits
In storage module;
Described data analysis module, it is characterised in that data modeling uses clustering algorithm first, after obtaining disaggregated model
Determine the maximum centrifugal distance of each classification, these distance values are exactly the threshold value of abnormality detection, based on threshold value to Real-time Collection
Data carry out abnormality detection, specifically, if certain data has been above this maximum with the distance at all clustering cluster centers
Centrifugation distance, then be considered as abnormal data;Additionally, after having the result and label data of user feedback again, using semi-supervised machine
Device learning algorithm sets up new disaggregated model, with the increase of the security incident quantity and label data for confirming, semi-supervised
Algorithm continuous service is practised, new disaggregated model is also adjusted and perfect continuous.
Described clustering algorithm includes but is not limited to K-means algorithms, hierarchical clustering algorithm, DBSCAN algorithms.
Described semisupervised classification algorithm includes but is not limited to production Parameter Estimation Method, figure cutting method, coorinated training
Method and transduction SVM algorithm.
Described data memory module, including:
A) data of storage are including policy configuration file, monitoring data, data model and threshold value etc.;
B) data that information acquisition module sends are carried out into field extraction in real time, is organized into after format data to store and arrives
In file system;
C) when system load is high, data memory module supports distributed storage.
Compared to the prior art, the present invention has following advantage:
1. virtual platform safety monitoring system of the present invention is a set of software systems, it is not necessary to the branch of the reliable hardware such as TPM
Hold, it is applied widely.
2. virtual platform safety monitoring system of the present invention be capable of monitor in real time monitor of virtual machine running status (including
Function calling sequence and function stack information);The threshold value for obtaining is modeled come real-time monitoring virtual machine using history monitoring data
The exception of watch-dog is simultaneously alarmed;Meanwhile, the system also introduces feedback mechanism, comes to monitoring number with reference to semi-supervised learning algorithm
According to be modeled with analysis, can not only substantial amounts of history monitoring data be carried out automatically analyzing modeling, while can also take into account
User to the customized demand of system security incident with consider, using the feedback result of user come evolutionary algorithm and detection model.
Brief description of the drawings
Fig. 1 is the structure chart of virtual platform safety monitoring system of the present invention.
Specific embodiment
The present invention will be further described in detail with specific embodiment below in conjunction with the accompanying drawings, but limits never in any form
The scope of the present invention.
The present embodiment uses system architecture as shown in Figure 1, wherein, server end is arranged on an independent main frame, visitor
Family end is deployed in monitored virtual machine host.
Step 1:User's login system webpage first, the demand for security that oneself has been customized above is as follows:
1) granularity is monitored:Function level
2) fictitious host computer IP network section:192.168.10.1--192.168.10.5
3) fictitious host computer model:Dell rack-mount server R730,
4) fictitious host computer VMM models:KVM(Kernel-Based Virtual Machine)
Step 2:Demand for security above is parsed into XML file conf.xml by analysis of strategies component, and storage is deposited to data
In storage module (local file system).Server end is configured according to the ip network segments of configuration file afterwards, successively to 192.168.1.1
Each main frame to 192.168.10.5 sends SSH requests, and ssh logs in backward each main frame transmission information acquisition component of entering
Installation file bag, and installed and initialized.
Step 3:IP address be on the main frame of 192.168.10.1 information acquisition module initialization after, deposited from data immediately
Newest conf.xml files are read in storage module, according to the demand that function is monitored, starts the virtual machine monitoring to place main frame
Device (VMM) enters the fine granularity monitoring of line function rank, wherein, the function of monitoring is the node function in VMM, belongs to VMM works
Make the function that must be called in flow.
Step 4:After monitoring starts, information acquisition module will monitor the function operation information for obtaining and assisted with syslog immediately
View is sent to server end, and specific monitoring information form is as follows:
Function name | Process PID | Function parameter value | Function call result | Host ip | Allocating time |
The monitoring information that data memory module will be received is formatted, and is stored as the ORC forms text of key-value key-value pairs
Part.
Step 5:Data analysis module reads all monitoring data ORC files being collected into the past period, operation
Cluster SVM algorithm draws the parameter of data classification and corresponding sorting algorithm to data modeling, sets different based on class models
Normal detection threshold value, while by these model parameters storage to the parameter.conf files in file system.
Step 6:The monitoring data that the parameter that data analysis module was obtained according to before is sended over to information acquisition module
Real-time abnormality detection is carried out, discovery has alarm to be then sent to user.
Here illustrated by taking the exception on function calling sequence as an example, such as the normal function sequence stored in parameter
Show three kinds:1,func1->func2->func3;2,func1->func3->func2;3,func2->func1->Func3, such as
Func3- is found that during fruit abnormality detection>func2->The calling sequence of func1, then produce abnormal alarm.
Step 7:User is investigated and is confirmed to time of fire alarming, if it find that the allocating time field in alert data
Value, the time just safeguarded with fictitious host computer system upgrade matches, then can exclude caused by this alarm is system maintenance;Such as
Fruit carrys out secondary evidence without related normal operating record, and user then goes on the main frame of correspondence IP address to be checked, confirmation VMM and
Whether the virtual machine of user also in normal work, then proceeds by the confirmation of security incident and traces if abnormal.Finally use
Family feeds back to data analysis module by result is investigated.
Step 8:Data analysis module is according to user feedback result, if reporting by mistake, then by func3->func2->func1
In addition normal tag data set.If it is confirmed that be security incident (machine of attacking or delay), then by func3->func2->func1
Abnormal label data is added to concentrate.Semi-supervised transduction SVM algorithm is then run, normal model and Exception Model is obtained, will
In the new model parameter write-in parameter.conf for obtaining.
Step 9:Abnormality detection is carried out to real-time data collection using Exception Model parameter, the anomalous event for detecting is issued
User's confirmation, goes to step 7.
So, step 7-9 runs without interruption, and tape label data are on the increase, the continuous learning improvement of SVM algorithm of transduceing, and obtains
The disaggregated model for arriving also constantly improve.
From the present embodiment as can be seen that the system with the operating monitor of virtual machine of monitor in real time (VMM), and can be utilized
Feedback mechanism and semi-supervised learning algorithm carry out accurate abnormality detection to monitoring data with alarm.
Claims (10)
1. a kind of virtual platform method for safety monitoring, its step is:
1) server end is set on main frame or virtual machine, one is set in the monitor of virtual machine of monitored fictitious host computer
Client;
2) demand for security that user customizes is resolved to the demand configuration file of consolidation form and stored by server end;
3) client obtains the demand configuration file from server end, and the species that is gathered according to the configuration file configuration information and
Mode, monitor in real time gathers the operation information of the monitor of virtual machine and is sent to server end;
4) server end sets outlier threshold according to history gathered data, is then based on data of the outlier threshold to Real-time Collection
Abnormality detection is carried out, and the abnormal alarm that will be detected is sent to the user;
5) user is investigated and is confirmed to abnormal alarm, and will confirm that result feeds back to server end;
6) normal event and abnormal aggression event of the server end in the confirmation result of user, generates label data;Then
Disaggregated model is set up based on label data and history gathered data, the data of Real-time Collection are carried out using the disaggregated model then
Abnormality detection, and testing result is sent to user.
2. the method for claim 1, it is characterised in that the demand for security includes monitoring granularity, some monitored
The IP address of fictitious host computer, fictitious host computer model and version;Each virtual machine host model client corresponding with version.
3. method as claimed in claim 2, it is characterised in that the monitoring granularity includes daily record rank or function rank.
4. method as claimed in claim 3, it is characterised in that if the monitoring granularity is daily record rank, client is real-time
Monitor the daily record of monitor of virtual machine and daily record is dealt into server end using syslog agreements;If the monitoring granularity is function
Rank, then the function call order of client monitor in real time monitor of virtual machine, and by function call order and function call
Storehouse operation information be dealt into server end.
5. the method for claim 1, it is characterised in that set the method for the outlier threshold as:Server end is to first
Beginning history gathered data is clustered, and then the maximum centrifugal distance setting outlier threshold setting according to each class after cluster is abnormal
Threshold value.
6. the method as described in claim 1 or 5, it is characterised in that server end is based on label data and history gathered data
Disaggregated model is set up using semi-supervised learning algorithm.
7. a kind of virtual platform safety monitoring system a, it is characterised in that server end is set on main frame or virtual machine,
A client is set in the monitor of virtual machine of monitored fictitious host computer;Wherein,
Server end, the demand for security for user to be customized resolves to the demand configuration file of consolidation form and stores;And
Outlier threshold is set according to history gathered data, be then based on the outlier threshold carries out abnormality detection to the data of Real-time Collection,
And the abnormal alarm that will be detected is sent to the user;And normal event and abnormal aggression in the confirmation result of user
Event, generates label data;It is then based on label data and history gathered data sets up disaggregated model, then using the classification mould
Type carries out abnormality detection to the data of Real-time Collection, and testing result is sent into user;
Client, for obtaining the demand configuration file from server end, and the kind gathered according to the configuration file configuration information
Class and mode, monitor in real time gather the operation information of the monitor of virtual machine and are sent to server end.
8. system as claimed in claim 7, it is characterised in that the demand for security includes monitoring granularity, some monitored
The IP address of fictitious host computer, fictitious host computer model and version;Each virtual machine host model client corresponding with version.
9. system as claimed in claim 8, it is characterised in that the monitoring granularity includes daily record rank or function rank.
10. system as claimed in claim 9, it is characterised in that if the monitoring granularity is daily record rank, client is real-time
Monitor the daily record of monitor of virtual machine and daily record is dealt into server end using syslog agreements;If the monitoring granularity is function
Rank, then the function call order of client monitor in real time monitor of virtual machine, and by function call order and function call
Storehouse operation information be dealt into server end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611063511.3A CN106775929B (en) | 2016-11-25 | 2016-11-25 | A kind of virtual platform safety monitoring method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611063511.3A CN106775929B (en) | 2016-11-25 | 2016-11-25 | A kind of virtual platform safety monitoring method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106775929A true CN106775929A (en) | 2017-05-31 |
CN106775929B CN106775929B (en) | 2019-11-26 |
Family
ID=58904553
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611063511.3A Expired - Fee Related CN106775929B (en) | 2016-11-25 | 2016-11-25 | A kind of virtual platform safety monitoring method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106775929B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107579858A (en) * | 2017-09-28 | 2018-01-12 | 厦门集微科技有限公司 | The alarm method and device of cloud main frame, communication system |
CN107943835A (en) * | 2017-10-26 | 2018-04-20 | 中国南方电网有限责任公司 | It is a kind of to report and submit data analysis and taxis system for electric system |
CN108111359A (en) * | 2018-01-19 | 2018-06-01 | 北京奇艺世纪科技有限公司 | A kind of monitor processing method, device and monitoring processing system |
CN108920253A (en) * | 2018-06-20 | 2018-11-30 | 成都虫洞奇迹科技有限公司 | A kind of the virtual machine monitoring system and monitoring method of no agency |
WO2018233170A1 (en) * | 2017-06-23 | 2018-12-27 | 平安科技(深圳)有限公司 | Method, device, computer device, and storage medium for recording a log |
CN109522095A (en) * | 2018-11-27 | 2019-03-26 | 无锡华云数据技术服务有限公司 | Cloud host abnormal failure detects recovery system, method and cloud platform |
CN110166476A (en) * | 2019-05-30 | 2019-08-23 | 中国联合网络通信集团有限公司 | A kind of violence-averse crack method and device |
CN110505177A (en) * | 2018-05-16 | 2019-11-26 | 杭州海康威视数字技术股份有限公司 | A kind of Information Collection System, terminal device and distance host |
CN110674839A (en) * | 2019-08-16 | 2020-01-10 | 平安科技(深圳)有限公司 | Abnormal user identification method and device, storage medium and electronic equipment |
CN111625428A (en) * | 2020-04-20 | 2020-09-04 | 中国建设银行股份有限公司 | Method, system, device and storage medium for monitoring running state of Java application program |
CN112187762A (en) * | 2020-09-22 | 2021-01-05 | 国网湖南省电力有限公司 | Abnormal network access monitoring method and monitoring device based on clustering algorithm |
CN112740133A (en) * | 2018-09-24 | 2021-04-30 | Abb瑞士股份有限公司 | System and method for monitoring the technical state of a technical installation |
CN113726771A (en) * | 2021-08-30 | 2021-11-30 | 上海仪电(集团)有限公司中央研究院 | Cloud platform virus searching and killing method and system based on vaccine model |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593259A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | software integrity verification method and system |
CN102546625A (en) * | 2011-12-31 | 2012-07-04 | 深圳市永达电子股份有限公司 | Semi-supervised clustering integrated protocol identification system |
JP2012216008A (en) * | 2011-03-31 | 2012-11-08 | Nec Corp | Virtual computer device and method for controlling virtual computer device |
CN103580960A (en) * | 2013-11-19 | 2014-02-12 | 佛山市络思讯环保科技有限公司 | Online pipe network anomaly detection system based on machine learning |
CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
CN103873763A (en) * | 2012-12-17 | 2014-06-18 | 三星电机株式会社 | Camera module driver and camera module including the same |
CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for protecting information security under virtualization platform |
CN104636678A (en) * | 2013-11-15 | 2015-05-20 | 中国电信股份有限公司 | Method and system for controlling terminal device under cloud computing environment |
CN105511944A (en) * | 2016-01-07 | 2016-04-20 | 上海海事大学 | Anomaly detection method of internal virtual machine of cloud system |
-
2016
- 2016-11-25 CN CN201611063511.3A patent/CN106775929B/en not_active Expired - Fee Related
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593259A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | software integrity verification method and system |
JP2012216008A (en) * | 2011-03-31 | 2012-11-08 | Nec Corp | Virtual computer device and method for controlling virtual computer device |
CN102546625A (en) * | 2011-12-31 | 2012-07-04 | 深圳市永达电子股份有限公司 | Semi-supervised clustering integrated protocol identification system |
CN103873763A (en) * | 2012-12-17 | 2014-06-18 | 三星电机株式会社 | Camera module driver and camera module including the same |
CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
CN104636678A (en) * | 2013-11-15 | 2015-05-20 | 中国电信股份有限公司 | Method and system for controlling terminal device under cloud computing environment |
CN103580960A (en) * | 2013-11-19 | 2014-02-12 | 佛山市络思讯环保科技有限公司 | Online pipe network anomaly detection system based on machine learning |
CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for protecting information security under virtualization platform |
CN105511944A (en) * | 2016-01-07 | 2016-04-20 | 上海海事大学 | Anomaly detection method of internal virtual machine of cloud system |
Non-Patent Citations (1)
Title |
---|
葛君伟、张博、方义秋: "云计算环境下的资源监测模型研究", 《计算机工程》 * |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018233170A1 (en) * | 2017-06-23 | 2018-12-27 | 平安科技(深圳)有限公司 | Method, device, computer device, and storage medium for recording a log |
CN107579858A (en) * | 2017-09-28 | 2018-01-12 | 厦门集微科技有限公司 | The alarm method and device of cloud main frame, communication system |
CN107943835A (en) * | 2017-10-26 | 2018-04-20 | 中国南方电网有限责任公司 | It is a kind of to report and submit data analysis and taxis system for electric system |
CN108111359A (en) * | 2018-01-19 | 2018-06-01 | 北京奇艺世纪科技有限公司 | A kind of monitor processing method, device and monitoring processing system |
CN110505177B (en) * | 2018-05-16 | 2023-06-30 | 杭州海康威视数字技术股份有限公司 | Information collection system, terminal equipment and remote host |
CN110505177A (en) * | 2018-05-16 | 2019-11-26 | 杭州海康威视数字技术股份有限公司 | A kind of Information Collection System, terminal device and distance host |
CN108920253A (en) * | 2018-06-20 | 2018-11-30 | 成都虫洞奇迹科技有限公司 | A kind of the virtual machine monitoring system and monitoring method of no agency |
CN108920253B (en) * | 2018-06-20 | 2022-05-17 | 成都灵跃云创科技有限公司 | Agent-free virtual machine monitoring system and monitoring method |
CN112740133A (en) * | 2018-09-24 | 2021-04-30 | Abb瑞士股份有限公司 | System and method for monitoring the technical state of a technical installation |
US12019432B2 (en) | 2018-09-24 | 2024-06-25 | Abb Schweiz Ag | System and methods monitoring the technical status of technical equipment |
CN109522095B (en) * | 2018-11-27 | 2020-04-10 | 无锡华云数据技术服务有限公司 | Cloud host abnormal fault detection and recovery system and method and cloud platform |
CN109522095A (en) * | 2018-11-27 | 2019-03-26 | 无锡华云数据技术服务有限公司 | Cloud host abnormal failure detects recovery system, method and cloud platform |
CN110166476B (en) * | 2019-05-30 | 2021-09-17 | 中国联合网络通信集团有限公司 | Anti-brute force cracking method and device |
CN110166476A (en) * | 2019-05-30 | 2019-08-23 | 中国联合网络通信集团有限公司 | A kind of violence-averse crack method and device |
CN110674839A (en) * | 2019-08-16 | 2020-01-10 | 平安科技(深圳)有限公司 | Abnormal user identification method and device, storage medium and electronic equipment |
CN110674839B (en) * | 2019-08-16 | 2023-11-24 | 平安科技(深圳)有限公司 | Abnormal user identification method and device, storage medium and electronic equipment |
CN111625428A (en) * | 2020-04-20 | 2020-09-04 | 中国建设银行股份有限公司 | Method, system, device and storage medium for monitoring running state of Java application program |
CN112187762A (en) * | 2020-09-22 | 2021-01-05 | 国网湖南省电力有限公司 | Abnormal network access monitoring method and monitoring device based on clustering algorithm |
CN113726771A (en) * | 2021-08-30 | 2021-11-30 | 上海仪电(集团)有限公司中央研究院 | Cloud platform virus searching and killing method and system based on vaccine model |
Also Published As
Publication number | Publication date |
---|---|
CN106775929B (en) | 2019-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106775929B (en) | A kind of virtual platform safety monitoring method and system | |
Lou et al. | Mining dependency in distributed systems through unstructured logs analysis | |
EP3465515B1 (en) | Classifying transactions at network accessible storage | |
CN109522095B (en) | Cloud host abnormal fault detection and recovery system and method and cloud platform | |
US9967169B2 (en) | Detecting network conditions based on correlation between trend lines | |
CN103905253B (en) | A kind of server monitoring management method based on Nagios and BMC | |
CN108964995A (en) | Log correlation analysis method based on time shaft event | |
CN103973481A (en) | System and method for auditing cloud computing data center based on SDN | |
KR20180068002A (en) | Cloud infra real time analysis system based on big date and the providing method thereof | |
CN104038466A (en) | Intrusion detection system, method and device for cloud calculating environment | |
CN102902615A (en) | Failure alarm method and system for Lustre parallel file system | |
CN106961428A (en) | Centralized intrusion detection system based on private cloud platform | |
US9154386B2 (en) | Using metadata analysis for monitoring, alerting, and remediation | |
CN112306802A (en) | Data acquisition method, device, medium and electronic equipment of system | |
CN103929502A (en) | Cloud platform safe monitor system and method based on virtual machine introspection technology | |
CN111193643A (en) | Cloud server state monitoring system and method | |
US11163875B1 (en) | Discovery of computer system incidents to be remediated based on correlation between support interaction data and computer system telemetry data | |
JP6607572B2 (en) | Recovery control system and method | |
Li et al. | Predictive analysis in network function virtualization | |
CN108809729A (en) | The fault handling method and device that CTDB is serviced in a kind of distributed system | |
CN108337100B (en) | Cloud platform monitoring method and device | |
CN117391675B (en) | Data center infrastructure operation and maintenance management method | |
US10110440B2 (en) | Detecting network conditions based on derivatives of event trending | |
US20210373953A1 (en) | System and method for an action contextual grouping of servers | |
CN104899078A (en) | Auditing system and method in virtual machine environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191126 |