CN108377263A - Adaptive private clound sandbox setting method, equipment and medium - Google Patents
Adaptive private clound sandbox setting method, equipment and medium Download PDFInfo
- Publication number
- CN108377263A CN108377263A CN201810106489.9A CN201810106489A CN108377263A CN 108377263 A CN108377263 A CN 108377263A CN 201810106489 A CN201810106489 A CN 201810106489A CN 108377263 A CN108377263 A CN 108377263A
- Authority
- CN
- China
- Prior art keywords
- sandbox
- resource
- private clound
- task
- adaptive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1008—Server selection for load balancing based on parameters of servers, e.g. available memory or workload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1029—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers using data related to the state of servers by a load balancer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Catching Or Destruction (AREA)
Abstract
Adaptive private clound sandbox setting method provided by the invention, equipment and medium, method include:By cloud resource monitoring programme monitor private clound resource service condition, detect private clound on whether available free resource;When the available free resource of private clound, start the right quantity sandbox in multiple sandboxs, the sandbox after startup obtains task requests from sandbox adaptive platform;When private clound does not have idling-resource, continue waiting for until available free resource;When the load of Cloud Server is more than predetermined threshold value, sandbox is hung up, and records the metadata of sandbox, the Cloud Server of available free resource is found, sandbox is transferred on available free Cloud Server and is continued to run with;When the load of Cloud Server is less than predetermined threshold value, sandbox continues to run with.The present invention perceives the resource situation of Cloud Server, allows sandbox example number that can be adapted to private clound, possess adaptive characteristic, achieve the purpose that save cost by being communicated with private clound administrative center.
Description
Technical field
The present invention relates to computer software fields more particularly to adaptive private clound sandbox setting method, equipment and Jie
Matter field.
Background technology
Sandbox is a kind of operating system of barrier properties, is loaded with target software running environment and analysis software above, analysis
Software is used for analyzing the behavioural characteristic of target software.Security study personnel usually when carrying out malicious code analysis, in order to
It avoids excessively repeating complicated manual analysis, sandbox can be used to carry out automated analysis first, check its behavioural characteristic.In sandbox
In interactive operation Malware, after starting analysis software, it can when you run Malware collection system Global Information.
When being interacted with Malware in sandbox, the collection of malice index, such as the reading to sensitive document can be used it for, it is quick
Feel the detection of instruction.
The realization of major part sandbox is the installation operation simply on one or more physical machine or virtual machine at present
System and analysis software form.Its purpose is exactly to construct a required environment of running software, and guarantee has software to be analyzed
Energy normal operation forms report to which analysis software can track and collect the various actions feature of the software, to Security Officer point
Analysis.One basic procedure is exactly to open sandbox virtual machine, is put into running software to be analyzed, collects various resources, such as registration table,
Internet resources, file access.
With private clound technology maturation, private clound is more and more in the application of enterprises, but traditional sandbox disposes skill
Art lacks flexibility and elasticity, is unable to fully the powerful calculating ability and storage capacity that are provided using private clound.
Invention content
In view of the above technical problems, the present invention provides a kind of adaptive private clound sandbox setting method, equipment and medium,
By with private clound administrative center communicate, the resource situation of Cloud Server can be perceived, allow sandbox example number that can be adapted to private clound,
Possess adaptive characteristic, and bottom good compatibility, special sandbox equipment need not be bought, achievees the purpose that save cost.
In order to solve the above technical problems, technical solution provided by the invention is:
In a first aspect, the present invention provides a kind of adaptive private clound sandbox setting method, including:
Step S1 monitors the resource service condition of private clound by cloud resource monitoring programme, and detecting in the private clound is
No available free resource, the cloud resource monitoring programme are established in the private clound, and multiple sandboxs are carried by Cloud Server;
Step S2 sends out the right quantity sandbox in the multiple sandbox of task start when the available free resource of the private clound,
Sandbox after startup obtains task requests from sandbox adaptive platform, wherein sandbox adaptive platform setting is exclusive virtual
In machine;
Step S3, according to the load capacity of cloud resource monitoring programme detection Cloud Server, when the private clound does not have
Available free resource continues waiting for until available free resource;
Step S4, when the Cloud Server load be more than predetermined threshold value, hang up the sandbox, and record the sandbox
Metadata finds the Cloud Server of available free resource, the sandbox is transferred on available free Cloud Server and is continued to run with;When
The load of the Cloud Server is less than the predetermined threshold value, and the sandbox continues to run with.
Adaptive private clound sandbox setting method provided by the invention can be felt by being communicated with private clound administrative center
The resource situation for knowing Cloud Server allows sandbox example number that can be adapted to private clound, possesses adaptive characteristic, and bottom compatibility
It is good, special sandbox equipment need not be bought, achievees the purpose that save cost.
Further, further include:In the Cloud Server, finger daemon daemon is monitored to more by server resource
A private clound platform management center authentication registration;
After obtaining certification, finger daemon is monitored by the server resource and reports server to provide to cloud resource monitoring center
Source service condition.
Further, further include:According to the resource of the private clound, an appropriate number of sandbox is pre-established.
Further, further include:According to the resource service condition of the private clound, to it is described pre-establish it is an appropriate number of
Sandbox is allocated processing:
When the resource of the private clound is nervous, certain inoperative shapes in an appropriate number of sandbox are pre-established described in closing
The sandbox example of state, playback resource give the private clound;And/or
Certain sandbox examples in working condition in an appropriate number of sandbox are pre-established described in pause, and cloud resource is waited for fill
Foot again continues to the work of the pause sandbox.
Further, the sandbox adaptive platform receives the task requests by restful API.
Further, the step S2 detects cloud service according to the task requests by the cloud resource monitoring programme
The load capacity of device;It specifically includes:
According to the task requests, the sandbox adaptive platform updates task status, while updating the task and corresponding to
The IP and Hostname of unique virtual machine;
After obtaining task requests, the sandbox starts dynamic operation, and scans the behavioural information for collecting sample to be detected;
After the completion of scanning, report is generated, is sent to the sandbox adaptive platform, the report reflects the test sample to be checked
This behavioural information.
Further, in the sandbox adaptive platform, including 2 vector tables and 4 threads, wherein described 2 to
Scale is respectively task dimension and sandbox virtual machine dimension, and 4 threads are worked in coordination work.
Further, 4 threads specifically include timer thread, and Web task interface threads distribute thread and harvesting
Thread;
The timer thread is used for one global priority queue of Dynamic Maintenance, is stored according to priority in the queue
The computing resource and storage resource situation at multiple private clound platform managements center;
The Web task interfaces thread is used to carry out priority setting to the task in the sandbox adaptive platform;
The thread that distributes is in the task and the private clound in sandbox adaptive platform described in periodic scan
Idling-resource;
The harvesting thread is for the task in sandbox adaptive platform described in periodic scan.
Second aspect, the present invention provide a kind of adaptive private clound sandbox setting equipment, including:At least one processing
Device, at least one processor and the computer program instructions being stored in the memory, when the computer program instructions
Method as described in relation to the first aspect is realized when being executed by the processor.
The third aspect, the present invention provide a kind of computer readable storage medium, are stored thereon with computer program instructions, when
Method as described in relation to the first aspect is realized when the computer program instructions are executed by processor.
Adaptive private clound sandbox setting method, equipment and medium provided by the invention are compared with prior art, beneficial
Effect is:
By being communicated with private clound administrative center, the resource situation of Cloud Server can be perceived, sandbox example number can be fitted
With private clound, possess adaptive characteristic, and bottom good compatibility, special sandbox equipment need not be bought, reach saving cost
Purpose.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described.
Fig. 1 shows a kind of flow chart for adaptive private clound sandbox setting method that the embodiment of the present invention is provided;
A kind of sandbox of the adaptive private clound sandbox setting method provided Fig. 2 shows the embodiment of the present invention is adaptive
Management platform and private clound is answered to interact schematic diagram;
Fig. 3 shows a kind of sandbox signal for adaptive private clound sandbox setting method that the embodiment of the present invention is provided
Figure;
Fig. 4 shows a kind of hardware configuration for adaptive private clound sandbox setting equipment that the embodiment of the present invention is provided
Schematic diagram.
Specific implementation mode
The embodiment of technical solution of the present invention is described in detail below in conjunction with attached drawing.Following embodiment is only used for
Clearly illustrate technical scheme of the present invention, therefore be intended only as example, and the protection of the present invention cannot be limited with this
Range.
Embodiment one
In a first aspect, referring to Fig. 1, the present invention provides a kind of adaptive private clound sandbox setting method, including:
Step S1 monitors the resource service condition of private clound by cloud resource monitoring programme, and detecting in the private clound is
No available free resource, the cloud resource monitoring programme are established in the private clound, and multiple sandboxs are carried by Cloud Server;
Step S2 sends out the right quantity sandbox in the multiple sandbox of task start when the available free resource of the private clound,
Sandbox after startup obtains task requests from sandbox adaptive platform, wherein sandbox adaptive platform setting is exclusive virtual
In machine;
Step S3 detects the load capacity of Cloud Server according to the cloud resource monitoring programme, when the private clound does not have
Idling-resource continues waiting for until available free resource;
Step S4, when the Cloud Server load be more than predetermined threshold value, hang up the sandbox, and record the sandbox
Metadata, wherein metadata refer to memory and CMOS of sandbox etc., and metadata (Metadata), also known as broker data relay data,
To describe the data (data about data) of data, the information of data attribute (property) is mainly described, for supporting
Such as indicate storage location, historical data.The sandbox is transferred to available free cloud by the Cloud Server for finding available free resource
It is continued to run on server;When the load of the Cloud Server is less than the predetermined threshold value, the sandbox continues to run with.
Adaptive private clound sandbox setting method provided by the invention, simply and efficiently solve sandbox make full use of it is privately owned
The elasticity capacity problem of cloud, the unpractical disadvantage that can not be combined with private clound with the traditional sandbox solved under private clound.It is logical
It crosses and private clound administrative center communicates, the resource situation of Cloud Server can be perceived, allow sandbox example number that can be adapted to private clound, gather around
There are adaptive characteristic, and bottom good compatibility, client to run sandbox by using the private clound of itself, need not buy special
Sandbox equipment, achieve the purpose that save cost.
Preferably, adaptive private clound sandbox setting method provided by the invention, bottom good compatibility can support mainstream
Virtualization technology such as KVM, VMWARE, LXC etc..
Referring to Fig. 2, it is preferable that further include:In the Cloud Server, finger daemon is monitored by server resource
Daemon is to multiple private clound platform managements center authentication registration;
After obtaining certification, finger daemon is monitored by the server resource and reports server to provide to cloud resource monitoring center
Source service condition.
Wherein, the resource service condition of private clound includes the computing resource and storage resource situation of private clound, or
Cpu resource utilizations information and memory usage.
It is highly preferred that if private clound it is resourceful, more sandbox examples can be maintained, subsequently have in this way appoint
When business, it can be sent directly into sandbox, avoid starting and closed the sandbox required time.If the resource of private clound is tight
, then adaptive platform moderately can reduce inactive sandbox example according to current task number and resource.The more moneys of release
Operation system is given in source.It can ensure that the resource of entire cloud makes full use of in this way.
Preferably, further include:According to the resource of the private clound, an appropriate number of sandbox is pre-established.
By above-mentioned setting, an appropriate number of sandbox can be set, to ensure the reasonable utilization of privately owned cloud resource.
Preferably, further include:According to the resource service condition of the private clound, an appropriate number of sand is pre-established to described
Case is allocated processing:
When the resource of the private clound is nervous, certain inoperative shapes in an appropriate number of sandbox are pre-established described in closing
The sandbox example of state, playback resource give the private clound;And/or
Certain sandbox examples in working condition in an appropriate number of sandbox are pre-established described in pause, and cloud resource is waited for fill
Foot again continues to the work of the pause sandbox.
When detecting the resource anxiety of private clound, it can be based on pre-establishing an appropriate number of sandbox example, wait for
Purposeful software needs to analyze.If adaptive platform finds that resource is nervous in cloud, can carry out following handle:It closes
The sandbox example of off working state deletes sandbox, and playback resource is to private clound, so that other cloud resources user uses.Or
Suspend some in the sandbox example of working condition, suspend sandbox, waits for cloud resource sufficient, again continue to the work of the sandbox.
Preferably, the sandbox adaptive platform receives the task requests by restful API.
In addition, can also pass through restful API Access software to be scanned and revocation task.
Preferably, the step S2 detects Cloud Server according to the task requests by the cloud resource monitoring programme
Load capacity;It specifically includes:
According to the task requests, the sandbox adaptive platform update task status is SCANNING, while updating institute
The task of stating corresponds to the information such as the IP and hostname of unique virtual machine, and hostname is used to show and be arranged the host name of system
Claim;
After obtaining task requests, the sandbox starts dynamic operation, and scans the behavioural information for collecting sample to be detected;
After the completion of scanning, report is generated, the sandbox adaptive platform is sent to, sandbox adaptive platform update at this time should
Task is REPORT;The report reflects the behavioural information of the sample to be detected.
Wherein, the behavioural information of sample to be detected refers to the behavioural information on Cloud Server, is specifically used for detection Cloud Server
Load capacity.
Specifically, referring to Fig. 3, sandbox shown in figure includes sandbox 1, and 3,3 sandboxs of sandbox 2 and sandbox can be from sandbox certainly
It adapts to obtain task in management platform, when having task in sandbox adaptive management platform, mission bit stream is sent to sandbox, it is husky
The behavioural information of sample to be detected is collected in case scanning, is generated behavior report messages, is sent to sandbox adaptive platform.
Further, if cancelling task, task is executing, and the task is removed at adaptive center from vector table, simultaneously
Destroy the corresponding sandbox for being carrying out the task.Otherwise directly remove the task.
Preferably, in the sandbox adaptive platform, including 2 vector tables and 4 threads, wherein 2 vectors
Table is respectively task dimension and sandbox virtual machine dimension, and 4 threads are worked in coordination work.
Wherein, 2 vector tables are specially:
Preferably, 4 threads specifically include timer thread, and Web task interface threads distribute thread and harvesting line
Journey;
The timer thread is used for one global priority queue of Dynamic Maintenance, is stored according to priority in the queue
(cpu resource utilizations information and memory use the computing resource and storage resource situation at multiple private clound platform managements center
Rate);Its cpu and memory source threshold value are configurable, and cloud platform administrative center is configurable.Only idleness is more than just putting for threshold value
Enqueue.When needing to create sandbox virtual machine, the scheduler communications corresponding with it of an element are taken out in queue
Such as the nova-scheduler of openstack, start unique virtual machine.
The Web task interfaces thread is used to carry out priority setting to the task in the sandbox adaptive platform;Tool
Body, task can assign priority, and task is also organized into a priority query in inside, be stored by the priority of task.
Acquiescence does not assign priority, then being defaulted as 0.
The thread that distributes is in the task and the private clound in sandbox adaptive platform described in periodic scan
Idling-resource;Specifically, scan task queue after thread cycle locks is distributed, if there is task, is taken out, unlock.Scanning money
Source queue obtains most idle calculating center, sends out task start sandbox.Task status is PENDING. if not provided, sleep is arrived
Period starts.
The harvesting thread is for the task in sandbox adaptive platform described in periodic scan.Specifically, thread is gathered in
The task of periodic scan SCANNING types destroys corresponding unique virtual machine, task team is added in task again if overtime
Row mainly prevent sandbox abnormal.
Second aspect, the present invention provide a kind of adaptive private clound sandbox setting equipment, including:At least one processing
Device, at least one processor and the computer program instructions being stored in the memory, when the computer program instructions
Method as described in relation to the first aspect is realized when being executed by the processor.
It can in conjunction with the non-local mean denoising method of the compacting seismic data random noise of Fig. 4 embodiment of the present invention described
To be realized by adaptive private clound sandbox setting equipment.Fig. 4 shows provided in an embodiment of the present invention adaptive privately owned
The hardware architecture diagram of equipment is arranged in cloud sandbox.
Adaptive private clound sandbox setting equipment may include processor 401 and be stored with computer program instructions
Memory 402.
Specifically, above-mentioned processor 401 may include central processing unit (CPU) or specific integrated circuit
(Application Specific Integrated Circuit, ASIC), or may be configured to implement implementation of the present invention
One or more integrated circuits of example.
Memory 402 may include the mass storage for data or instruction.For example unrestricted, memory
402 may include hard disk drive (Hard Disk Drive, HDD), floppy disk, flash memory, CD, magneto-optic disk, tape or logical
With the combination of universal serial bus (Universal Serial Bus, USB) driver or two or more the above.It is closing
In the case of suitable, memory 402 may include the medium of removable or non-removable (or fixed).In a suitable case, it stores
Device 402 can be inside or outside data processing equipment.In a particular embodiment, memory 402 is nonvolatile solid state storage
Device.In a particular embodiment, memory 402 includes read-only memory (ROM).In a suitable case, which can be mask
The ROM of programming, programming ROM (PROM), erasable PROM (EPROM), electric erasable PROM (EEPROM), electrically-alterable ROM
(EAROM) or the combination of flash memory or two or more the above.
Processor 401 is by reading and executing the computer program instructions stored in memory 402, to realize above-mentioned implementation
Any one adaptive private clound sandbox setting method in example.
In one example, adaptive private clound sandbox setting equipment may also include communication interface 403 and bus 410.
Wherein, as shown in figure 4, processor 401, memory 402, communication interface 403 are connected by bus 410 and complete mutual lead to
Letter.
Communication interface 403 is mainly used for realizing in the embodiment of the present invention between each module, device, unit and/or equipment
Communication.
Bus 410 includes hardware, software or both, and the component that adaptive private clound sandbox is arranged to equipment is coupled to each other
Together.For example unrestricted, bus may include accelerated graphics port (AGP) or other graphics bus, enhancing industry mark
Quasi- framework (EISA) bus, front side bus (FSB), super transmission (HT) interconnection, Industry Standard Architecture (ISA) bus, infinite bandwidth
Interconnection, low pin count (LPC) bus, memory bus, micro- channel architecture (MCA) bus, peripheral component interconnection (PCI) bus,
PCI-Express (PCI-X) bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association part (VLB) are total
The combination of line or other suitable buses or two or more the above.In a suitable case, bus 410 may include
One or more buses.Although specific bus has been described and illustrated in the embodiment of the present invention, the present invention considers any suitable
Bus or interconnection.
The third aspect, in conjunction with the adaptive private clound sandbox setting method in above-described embodiment, the embodiment of the present invention can
A kind of computer readable storage medium is provided to realize.It is stored with computer program instructions on the computer readable storage medium;
The computer program instructions realize that any one adaptive private clound sandbox in above-described embodiment is set when being executed by processor
Set method.
It should be clear that the invention is not limited in specific configuration described above and shown in figure and processing.
For brevity, it is omitted here the detailed description to known method.In the above-described embodiments, several tools have been described and illustrated
The step of body, is as example.But procedure of the invention is not limited to described and illustrated specific steps, this field
Technical staff can be variously modified, modification and addition after the spirit for understanding the present invention, or suitable between changing the step
Sequence.
Functional block shown in structures described above block diagram can be implemented as hardware, software, firmware or their group
It closes.When realizing in hardware, it may, for example, be electronic circuit, application-specific integrated circuit (ASIC), firmware appropriate, insert
Part, function card etc..When being realized with software mode, element of the invention is used to execute program or the generation of required task
Code section.Either code segment can be stored in machine readable media program or the data-signal by being carried in carrier wave is passing
Defeated medium or communication links are sent." machine readable media " may include any medium for capableing of storage or transmission information.
The example of machine readable media includes electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), soft
Disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can be via such as internet, inline
The computer network of net etc. is downloaded.
It should also be noted that, the exemplary embodiment referred in the present invention, is retouched based on a series of step or device
State certain methods or system.But the present invention is not limited to the sequence of above-mentioned steps, that is to say, that can be according in embodiment
The sequence referred to executes step, may also be distinct from that the sequence in embodiment or several steps are performed simultaneously.
Adaptive private clound sandbox setting method, equipment and medium provided by the invention are compared with prior art, beneficial
Effect is:
By being communicated with private clound administrative center, the resource situation of Cloud Server can be perceived, sandbox example number can be fitted
With private clound, possess adaptive characteristic, and bottom good compatibility, special sandbox equipment need not be bought, reach saving cost
Purpose.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to
So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into
Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme should all cover in the claim of the present invention and the range of specification.
Claims (10)
1. a kind of adaptive private clound sandbox setting method, which is characterized in that including:
Step S1 monitors the resource service condition of private clound by cloud resource monitoring programme, and whether detect in the private clound has
Idling-resource, the cloud resource monitoring programme are established in the private clound, and multiple sandboxs are carried by Cloud Server;
Step S2 sends out the right quantity sandbox in the multiple sandbox of task start when the available free resource of the private clound, starts
Sandbox afterwards obtains task requests from sandbox adaptive platform, wherein the sandbox adaptive platform is arranged in unique virtual machine
In;
Step S3 detects the load capacity of Cloud Server according to the cloud resource monitoring programme, when the private clound is without the free time
Resource continues waiting for until available free resource;
Step S4, when the Cloud Server load be more than predetermined threshold value, hang up the sandbox, and record first number of the sandbox
According to finding the Cloud Server of available free resource, the sandbox be transferred on available free Cloud Server and continued to run with;When described
The load of Cloud Server is less than the predetermined threshold value, and the sandbox continues to run with.
2. according to the method described in claim 1, it is characterized in that,
Further include:In the Cloud Server, finger daemon daemon is monitored to private clound platform management by server resource
Center authentication registration;
After obtaining certification, finger daemon is monitored by the server resource and reports server resource to make to cloud resource monitoring center
Use situation.
3. according to the method described in claim 1, it is characterized in that,
Further include:According to the resource of the private clound, an appropriate number of sandbox is pre-established.
4. according to the method described in claim 3, it is characterized in that,
Further include:According to the resource service condition of the private clound, pre-establishes an appropriate number of sandbox to described and be allocated
Processing:
When the resource of the private clound is nervous, certain off working states in an appropriate number of sandbox are pre-established described in closing
Sandbox example, playback resource give the private clound;And/or
Certain sandbox examples in working condition in an appropriate number of sandbox are pre-established described in pause, wait for cloud resource sufficient,
Again continue to the work of the pause sandbox.
5. according to the method described in claim 1, it is characterized in that,
The sandbox adaptive platform receives the task requests by restful API.
6. according to the method described in claim 1, it is characterized in that,
The step S2 detects the load capacity of Cloud Server by the cloud resource monitoring programme according to the task requests;
It specifically includes:
According to the task requests, the sandbox adaptive platform updates task status, at the same update the task correspond to it is exclusive
The IP and Hostname of virtual machine;
After obtaining task requests, the sandbox starts dynamic operation, and scans the behavioural information for collecting sample to be detected;
After the completion of scanning, report is generated, is sent to the sandbox adaptive platform, the report reflects the sample to be detected
Behavioural information.
7. according to the method described in claim 1, it is characterized in that,
In the sandbox adaptive platform, including 2 vector tables and 4 threads, wherein 2 vector tables are respectively task
Dimension and sandbox virtual machine dimension, 4 threads are worked in coordination work.
8. the method according to the description of claim 7 is characterized in that
4 threads specifically include timer thread, and Web task interface threads distribute thread and harvesting thread;
The timer thread is used for one global priority queue of Dynamic Maintenance, multiple according to priority storage in the queue
The computing resource and storage resource situation at private clound platform management center;
The Web task interfaces thread is used to carry out priority setting to the task in the sandbox adaptive platform;
The thread that distributes is for the free time in the task and the private clound in sandbox adaptive platform described in periodic scan
Resource;
The harvesting thread is for the task in sandbox adaptive platform described in periodic scan.
9. equipment is arranged in a kind of adaptive private clound sandbox, which is characterized in that including:It is at least one processor, at least one
Memory and the computer program instructions being stored in the memory, when the computer program instructions are by the processor
The method as described in any one of claim 1-8 is realized when execution.
10. a kind of computer readable storage medium, is stored thereon with computer program instructions, which is characterized in that when the calculating
The method as described in any one of claim 1-8 is realized when machine program instruction is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810106489.9A CN108377263A (en) | 2018-02-02 | 2018-02-02 | Adaptive private clound sandbox setting method, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810106489.9A CN108377263A (en) | 2018-02-02 | 2018-02-02 | Adaptive private clound sandbox setting method, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108377263A true CN108377263A (en) | 2018-08-07 |
Family
ID=63017195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810106489.9A Pending CN108377263A (en) | 2018-02-02 | 2018-02-02 | Adaptive private clound sandbox setting method, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108377263A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109710392A (en) * | 2018-12-21 | 2019-05-03 | 万达信息股份有限公司 | A kind of heterogeneous resource dispatching method based on mixed cloud |
CN109815007A (en) * | 2018-12-15 | 2019-05-28 | 平安科技(深圳)有限公司 | Thread control method, device, electronic equipment and storage medium based on cloud monitoring |
CN111339529A (en) * | 2020-03-13 | 2020-06-26 | 杭州指令集智能科技有限公司 | Management framework and method for low-code business orchestration component operation, computing device and medium |
CN112199188A (en) * | 2019-07-08 | 2021-01-08 | 富士通株式会社 | Non-transitory computer-readable recording medium, method and apparatus for information processing |
CN113238870A (en) * | 2021-05-31 | 2021-08-10 | 山东中科好靓科技有限公司 | Calculation capacity recycling algorithm based on multi-node storage device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104010028A (en) * | 2014-05-04 | 2014-08-27 | 华南理工大学 | Dynamic virtual resource management strategy method for performance weighting under cloud platform |
CN104104679A (en) * | 2014-07-18 | 2014-10-15 | 四川中亚联邦科技有限公司 | Data processing method based on private cloud |
US20150067171A1 (en) * | 2013-08-30 | 2015-03-05 | Verizon Patent And Licensing Inc. | Cloud service brokering systems and methods |
CN106713332A (en) * | 2016-12-30 | 2017-05-24 | 山石网科通信技术有限公司 | Network data processing method, device and system |
CN107171894A (en) * | 2017-06-15 | 2017-09-15 | 北京奇虎科技有限公司 | The method of terminal device, distributed high in the clouds detecting system and pattern detection |
-
2018
- 2018-02-02 CN CN201810106489.9A patent/CN108377263A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150067171A1 (en) * | 2013-08-30 | 2015-03-05 | Verizon Patent And Licensing Inc. | Cloud service brokering systems and methods |
CN104010028A (en) * | 2014-05-04 | 2014-08-27 | 华南理工大学 | Dynamic virtual resource management strategy method for performance weighting under cloud platform |
CN104104679A (en) * | 2014-07-18 | 2014-10-15 | 四川中亚联邦科技有限公司 | Data processing method based on private cloud |
CN106713332A (en) * | 2016-12-30 | 2017-05-24 | 山石网科通信技术有限公司 | Network data processing method, device and system |
CN107171894A (en) * | 2017-06-15 | 2017-09-15 | 北京奇虎科技有限公司 | The method of terminal device, distributed high in the clouds detecting system and pattern detection |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109815007A (en) * | 2018-12-15 | 2019-05-28 | 平安科技(深圳)有限公司 | Thread control method, device, electronic equipment and storage medium based on cloud monitoring |
CN109710392A (en) * | 2018-12-21 | 2019-05-03 | 万达信息股份有限公司 | A kind of heterogeneous resource dispatching method based on mixed cloud |
CN109710392B (en) * | 2018-12-21 | 2023-08-01 | 万达信息股份有限公司 | Heterogeneous resource scheduling method based on hybrid cloud |
CN112199188A (en) * | 2019-07-08 | 2021-01-08 | 富士通株式会社 | Non-transitory computer-readable recording medium, method and apparatus for information processing |
CN111339529A (en) * | 2020-03-13 | 2020-06-26 | 杭州指令集智能科技有限公司 | Management framework and method for low-code business orchestration component operation, computing device and medium |
CN113238870A (en) * | 2021-05-31 | 2021-08-10 | 山东中科好靓科技有限公司 | Calculation capacity recycling algorithm based on multi-node storage device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108377263A (en) | Adaptive private clound sandbox setting method, equipment and medium | |
US9813377B2 (en) | Dynamic provisioning of protection software in a host intrusion prevention system | |
US9386044B2 (en) | Correlation based security risk identification | |
US8453204B2 (en) | Method and system for regulating host security configuration | |
US7979863B2 (en) | Method and apparatus for dynamic CPU resource management | |
CN108039964B (en) | Fault processing method, device and system based on network function virtualization | |
US8863276B2 (en) | Automated role adjustment in a computer system | |
CN102254120B (en) | Method, system and relevant device for detecting malicious codes | |
US20160021131A1 (en) | Identifying stealth packets in network communications through use of packet headers | |
US20110179489A1 (en) | Host intrusion prevention server | |
IL182013A (en) | Method and device for questioning a plurality of computerized devices | |
CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
US20130254524A1 (en) | Automated configuration change authorization | |
JP6717206B2 (en) | Anti-malware device, anti-malware system, anti-malware method, and anti-malware program | |
CN111917769A (en) | Automatic handling method and device of security event and electronic equipment | |
US10445213B2 (en) | Non-transitory computer-readable storage medium, evaluation method, and evaluation device | |
CN107704313A (en) | A kind of virtual machine management method and its device | |
CA2939610C (en) | Methods and systems for regulating host security configuration | |
US20240152609A1 (en) | Event-driven monitoring of resources in a cloud computing environment | |
CN118044155A (en) | Transparency of information collected from tenant containers | |
CN111984363A (en) | WAF management method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180807 |