KR101519414B1 - System and method for analysising lifecycle of virtual machine - Google Patents

System and method for analysising lifecycle of virtual machine Download PDF

Info

Publication number
KR101519414B1
KR101519414B1 KR1020140050507A KR20140050507A KR101519414B1 KR 101519414 B1 KR101519414 B1 KR 101519414B1 KR 1020140050507 A KR1020140050507 A KR 1020140050507A KR 20140050507 A KR20140050507 A KR 20140050507A KR 101519414 B1 KR101519414 B1 KR 101519414B1
Authority
KR
South Korea
Prior art keywords
event
information
life cycle
virtual machine
continuity
Prior art date
Application number
KR1020140050507A
Other languages
Korean (ko)
Inventor
이슬기
신영상
황동욱
박해룡
Original Assignee
한국인터넷진흥원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국인터넷진흥원 filed Critical 한국인터넷진흥원
Priority to KR1020140050507A priority Critical patent/KR101519414B1/en
Application granted granted Critical
Publication of KR101519414B1 publication Critical patent/KR101519414B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A virtual machine life cycle analysis system and method for preventing security incidents such as malicious activity detection in a cloud environment is disclosed. To this end, the present invention provides a system for tracking and analyzing a virtual machine life cycle in a cloud computing environment, the system comprising: a life cycle information collection unit for collecting lifecycle information related to dynamic behavior of a virtual machine; An event continuity tracking unit for tracking event continuity from the life cycle information collected using an API based on XML-PRC; And an event continuity analyzer for calculating whether the event information is identical between the event continuity and the event time.
Thus, the present invention can detect the malicious behavior in the cloud computing environment by knowing through what process the event continuity is tracked from the life cycle information.

Figure R1020140050507

Description

TECHNICAL FIELD [0001] The present invention relates to a virtual machine life cycle analysis system and a virtual machine life cycle analysis system,

The present invention relates to a virtual machine tracking system and method, and more particularly, to a virtual machine life cycle analysis system and method for preventing security incidents such as malicious activity detection in a cloud environment.

Cloud computing is a way of borrowing and paying for computing resources as much as they need it, and providing physically independent resources for use with virtualization technology.

In recent years, however, security incidents are increasing in the above cloud computing environment. Amazon EC2 has been out of order due to the loss of personal information due to "Find My Macbook" that provides functions from Apple, and a power outage caused by a natural disaster (storm), resulting in services such as Instagram, Netflix, Pinterest, .

In addition, there may be threats in the cloud environment, such as the possibility of exposing sensitive information to Amazon Simple Storage Service (Amazon S3) and the threat posed by features provided to cloud users by specific Cloud Service Providers (CSPs) There was an example that could.

First, this is a case where important information can be exposed due to the problem of setting up the cloud users. Amazon S3 allows users to change their account access to a logical group that can be accessed from a predictable URL called 'buckets' when they are made public. When examining 12,328 buckets to check for vulnerabilities, 1,951 buckets were accessible and 10,377 buckets were set to private. Most users are set to private, but about 15% of users have set their account settings to public, meaning they are exposed to sensitive data and company confidential information. The types of information exposed in the test include: personal photos, car sales information, customer information, employee personal information, databases, video game source code, PHP sources with ID / PW, and 126 billion files from 1,951 buckets Could.

The second case occurs in the snapshot function that creates a new virtual machine by storing the virtual machine image that the CSP manages in the service provided by the CSP. Since the snapshot function can be easily used through the web interface and the image creation option can be selected for the other users to open the image, there is a problem that the image can be leaked to another person unlike the user's intention.

To solve this problem, the virtual machine life cycle was traced through log file analysis called xensource.log which occurred in Citrix XenServer environment which is an open source cloud platform.

In this way, life-cycle tracing through log analysis is advantageous in that there is no resource consumption due to additional file creation because XenServer uses logs provided by XenServer. However, since the creation and deletion of virtual machines can not be analyzed, Depending on the version, the format of xensourcee.log can be changed, so it has a strong dependency.

1. Korean Patent No. 10-1107056, filed on Jan. 11, 2012, entitled " Security Information Processing Method of Virtual Machine in Cloud Computing Environment ". 2. Korean Patent Laid-Open Publication No. 2009-0000678, publication date: January 08, 2009 Title of invention: Method of computer life cycle management.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and it is an object of the present invention to provide a virtual machine life cycle analysis system and method capable of detecting a malicious behavior of tracking and analyzing a virtual machine life cycle using an API based on XML-PRC in a cloud computing environment The purpose is to provide.

The features of the present invention for achieving the objects of the present invention as described above and performing the characteristic functions of the present invention described below are as follows.

According to an aspect of the present invention, there is provided a system for tracking and analyzing a virtual machine life cycle in a cloud computing environment, the system comprising: a life cycle information collection unit for collecting lifecycle information related to a dynamic behavior of a virtual machine; An event continuity tracking unit for tracking event continuity from the life cycle information collected using an API based on XML-PRC; And an event continuity analyzer for calculating whether or not the event information is identical between the event continuity and the event duration, and an event continuity analyzing unit.

Here, the virtual machine life cycle analysis system according to one aspect of the present invention may further include a life cycle analysis information storage unit for storing life cycle analysis information acquired from the event continuity analysis unit.

In addition, the life cycle information collection unit according to an aspect of the present invention may collect lifecycle information on the dynamic activity including generation, copying, movement, and deletion.

In addition, the event continuity analyzer according to an aspect of the present invention may calculate the identity and the event time of the event information including a class, an operation, an identifier number (uuid), and a name label have.

According to another aspect of the present invention, there is provided a method for tracking and analyzing a virtual machine life cycle in a cloud computing environment, comprising the steps of: (a) collecting lifecycle information related to dynamic behavior of a virtual machine in a life cycle information collecting unit step; (b) tracking event continuity in the event continuity tracking unit from the life cycle information collected using an API based on XML-PRC; And (c) determining, by the event continuity analyzer, whether or not the event information is identical between the event continuations that are tracked, in a virtual machine life cycle analysis method.

Here, the step (a) according to another aspect of the present invention may collect lifecycle information on the dynamic behavior including generation, copying, movement, and deletion in the lifecycle information collection unit.

According to another aspect of the present invention, in the step (c), it is determined whether or not the event information including the class, operation, uuid, and name label is identical .

According to another aspect of the present invention, the step (c) may further include the step of calculating an event time in the event continuity analyzer based on the determination of the identity of the event.

According to another aspect of the present invention, the virtual machine life cycle analysis method further includes the step of (d) storing the life cycle analysis information acquired by the step (c) in the life cycle analysis information storage unit Lt; / RTI >

As described above, according to the present invention, life-cycle tracking using existing log analysis can not detect a specific event and has a great dependency on the change of format. However, it is difficult to use the API based on XML- The real-time tracking analysis enables to know what process is executed through the process, and thus it is possible to detect malicious behavior in the cloud computing environment.

Particularly, the present invention can recognize whether a virtual machine life cycle event continuity and an event information confirmed through the virtual machine life cycle are the same or not, and how a process of an event is executed through an event calculation to more easily detect malicious behavior in a cloud computing environment There is an effect that can be done.

FIG. 1 and FIG. 2 illustrate a virtual machine life cycle analysis system 100 according to a first embodiment of the present invention.
3 is a diagram illustrating a virtual machine life cycle analysis method (SlOO) according to a second embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

First Embodiment

FIG. 1 and FIG. 2 illustrate a virtual machine life cycle analysis system 100 according to a first embodiment of the present invention.

As shown in the figure, the virtual machine life cycle analysis system 100 according to the first embodiment of the present invention includes a life cycle information collection unit 110, an event continuity tracking Unit 120, an event continuity analysis unit 130, and a life cycle analysis information storage unit 140.

First, life cycle information collecting unit 110 according to the present invention collects lifecycle information of a virtual machine from a virtual machine which is in a state such as Created, Running, Down, and Destroyed according to a result of executing a command such as Start, Stop, Reboot, Lt; / RTI >

At this time, the lifecycle information of the collected virtual machines means information related to dynamic actions including generation, copying, movement and deletion. In other words, the lifecycle information of the virtual machine means a series of processes from creation to deletion of the virtual machine. Thus, the form of the life cycle information of the collected virtual machine can be expressed as shown in the following table (1).

Scenario Virtual Machine Lifecycle History Virtual Machine Image Created VM Snapshot Virtual Machine Image Leakage - Virtual Machine Restoration VM Created (VM Snapshot Image) Brute-Force Attack - Virtual Machine Rollback VM Rollback Attack & Rollback Repetition
VM Rollback
VM Rollback
VM Rollback
<Lifecycle (VM Rollback) Repetition>

In the above table (1), a virtual machine image is generated using the function provided by the CSP first as a result of a command issued to the virtual machine by the administrator and a history state of the virtual machine life cycle information according to the security threat scenario, If the image is leaked unintentionally, the hacker attempts to restore the published virtual machine image and continue the rollback command and Brute-Force Attack. Password cracking occurs due to continuous attack because the rollback is performed before the data deletion function is activated more than a certain number of times.

Thus, when the history of the virtual machine life cycle is known, a record of VM Rollback is continuously generated within a predetermined reference time, and in the case of a normal virtual machine, it is determined that the operation is abnormal, Can be used to detect.

Next, the event continuity tracking unit 120 tracks event continuity from the collected life cycle information using an API based on XML-PRC to detect malicious behavior.

The XAPI refers to an API based on XML-PRC that provides a function of accessing the cloud platform XenServer 101 of Citrix developed using the open source Xen Project using HTTPS 443 . It can be managed as if it were connected to a local host on a remote system. The SDK provided by Citrix supports five languages: C, C #, Java, PowerShell, and Python.

In addition, the XAPI is a type of toolstack for configuring and managing the hypervisor Xen 102 and includes a default toolstack of the Xen Cloud Platform (XCP) of the XenServer 101. In addition to the advantages provided by these toolstacks, the XAPI is also compatible with top-level cloud environment management tools such as OpenStack and CloudStack. Therefore, if you use XAPI to track the life cycle, ) Can be obtained.

Number Class Operation uuid name label One task add [task's uuid value] [task's name value] 2 vm mod [VM's uuid value] [vm's name value] 3 task del [task's uuid value] [task's name value]

As shown in Table 2, when event information having event continuity is acquired, it can be divided into processes and events that are different depending on event types but are commonly applied.

For example, a task registered through uuid can be distinguished from tasks that have completed all the procedures and are removed from the task queue. When an event is generated using XenCenter or Console, which is a management tool of GUI environment, the information of virtual machine following the information of task add becomes the subject of event command. If the events occur simultaneously, the intermediate steps of the task procedure can be mixed, but since the uuid value of the task and vm are unique, you will be able to identify the task start and end, and the event subject.

Next, the event continuity analyzer 130 according to the present invention calculates whether the event information is identical between the event continuity tracked by the event continuity tracker 120 and the event time.

Whether the event information is the same or not and the event time can be confirmed through the following Table (3).

Timestamp Class Operation Uuid Name 1383020228 task add gt; Async.VM.clean_shutdown 1383020228 vm mod 15a7ef3f-5fe0-3c6d-14aa-e881e0a4f29a VM_Name 1383020282 task del gt; Async.VM.clean_shutdown

That is, Table 3 shows the continuity status between event information including a class, an operation, an identifier number (uuid), and a name label. For example, when the virtual machine called 'VM_Name' If the command is issued, it is classified as the continuity rule identified in Table (2). VM-Name 'through the name of the vm class. In this embodiment, it can be confirmed that the uuid and the name deleting the task are added and deleted, and the event operation time can be calculated by checking the Timestamp.

As a result of analyzing the event information generated using XAPI, we confirmed that event information that could not be analyzed by the existing method of analyzing the log can be additionally analyzed.

Analyzing the problem of virtual machine creation event in log analysis method does not follow the rule of Table (2), but there is no problem in analysis because add operation information of vm class is transmitted.

In addition, since the deletion event of the virtual machine conforms to the rules as shown in Table 2, the virtual machine life cycle can be traced from creation to deletion of the virtual machine. Therefore, the problem of the conventional log analysis method can be solved through the life cycle analysis using XAPI. Since the process of starting and ending the event process and checking the subject of the event is simple, the period of analysis is shortened and the event information can be analyzed in real time.

Lastly, the life cycle analysis information storage unit 140 according to the present invention stores the life cycle analysis information acquired by the event continuity analysis unit 130 described above. Thus, by storing the life cycle analysis information, it can be continuously used to detect malicious activity.

Second Embodiment

3 is a diagram illustrating a virtual machine life cycle analysis method (SlOO) according to a second embodiment of the present invention.

As shown in FIG. 3, the virtual machine life cycle analysis method (S100) according to the second embodiment of the present invention includes steps S110 to S140 for tracking and analyzing the virtual machine life cycle in a cloud computing environment .

First, in step S110 according to the present invention, lifecycle information of a virtual machine from a virtual machine that is in a state such as Created, Running, Down, and Destroyed according to a result of a command such as tart, Stop, Reboot, (110).

At this time, the lifecycle information of the collected virtual machines means information related to dynamic actions including generation, copying, movement and deletion. In other words, the lifecycle information of the virtual machine means a series of processes from creation to deletion of the virtual machine. Thus, the type of lifecycle information of the collected virtual machine can be represented as shown in Table 1 described above.

In the above table (1), a virtual machine image is generated using the function provided by the CSP first as a result of a command issued to the virtual machine by the administrator and a history state of the virtual machine life cycle information according to the security threat scenario, If the image is leaked unintentionally, the hacker attempts to restore the published virtual machine image and continue the rollback command and Brute-Force Attack. Password cracking occurs due to continuous attack because the rollback is performed before the data deletion function is activated more than a certain number of times.

Thus, when the history of the virtual machine life cycle is known, a record of VM Rollback is continuously generated within a predetermined reference time, and in the case of a normal virtual machine, it is determined that the operation is abnormal, Can be used to detect.

Thereafter, in step S120 according to the present invention, the event continuity is traced from the life cycle information collected using the XML-PRC based API to the event continuity tracking unit 120 in order to detect malicious behavior.

The XAPI refers to an API based on XML-PRC that provides a function to access the open source cloud platform XenServer 101 developed using the open source Xen Project using HTTPS 443 . It can be managed as if it were connected to a local host on a remote system. The SDK provided by Citrix supports five languages: C, C #, Java, PowerShell, and Python.

In addition, the XAPI is a type of toolstack for configuring and managing the hypervisor Xen 102 and includes a default toolstack of the Xen Cloud Platform (XCP) of the XenServer 101. In addition to these tools, XAPI is also compatible with top-level cloud environment management tools such as OpenStack and CloudStack. Therefore, if you use XAPI to track the life cycle, ) Can be obtained.

As shown in Table 2, when event information having event continuity is acquired, it can be divided into processes and events that are different depending on event types but are commonly applied.

For example, a task registered through uuid can be distinguished from tasks that have completed all the procedures and are removed from the task queue. When an event is generated using XenCenter or Console, which is a management tool of GUI environment, the information of virtual machine following the information of task add becomes the subject of event command. If the events occur simultaneously, the intermediate steps of the task procedure can be mixed, but since the uuid value of the task and vm are unique, you will be able to identify the task start and end, and the event subject.

Thereafter, in step S130 according to the present invention, the event continuity analyzer 130 determines whether the event information is the same among the event continuances tracked by the event continuity tracker 120. [

Whether or not these event information are identical can be confirmed through the above-mentioned Table (3). That is, Table 3 shows the continuity status between event information including a class, an operation, an identifier number (uuid), and a name label. For example, when the virtual machine called 'VM_Name' If the command is issued, it is classified as the continuity rule identified in Table (2). Accordingly, in this embodiment, it can be confirmed that uuid and name are added to and deleted from Task.

In the step S130 according to the present invention, the event continuity analyzer 130 calculates an event time based on the event information if the event information is determined to be the same as the event information. The calculated event time is shown in Table 3 described above.

As a result of analyzing the event information generated using XAPI, we confirmed that event information that could not be analyzed by the existing method of analyzing the log can be additionally analyzed.

Analyzing the problem of virtual machine creation event in log analysis method does not follow the rule of Table (2), but there is no problem in analysis because add operation information of vm class is transmitted.

Also, since the deletion event of the virtual machine conforms to the rules as shown in Table 2, the virtual machine life cycle can be traced from creation to deletion of the virtual machine. Therefore, the problem of the conventional log analysis method can be solved through the life cycle analysis using XAPI. Since the process of starting and ending the event process and checking the subject of the event is simple, the period of analysis is shortened and the event information can be analyzed in real time.

Finally, in step S140 according to the present invention, lifecycle analysis information stored in the life cycle analysis information storage unit 140 is stored in step S130. Thus, by storing the life cycle analysis information, it can be continuously used to detect malicious activity.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the exemplary embodiments or constructions. You can understand that you can do it. The embodiments described above are therefore to be considered in all respects as illustrative and not restrictive.

100: Virtual Machine Life Cycle Analysis System
101: Cloud Platform XenServer
102: Hypervisor Xen (Hypervisor Xen)
110: Lifecycle information collection unit
120: Event continuity tracking unit
130: Event continuity analysis unit
140; Life cycle analysis information storage unit

Claims (9)

A system for tracking and analyzing a virtual machine life cycle in a cloud computing environment,
A life cycle information collection unit for collecting lifecycle information related to a dynamic behavior of a virtual machine;
An event continuity tracking unit for tracking event continuity from the life cycle information collected using an API based on XML-PRC; And
An event continuity analyzer for calculating whether the event information is identical between the event continuity and the event time;
And a virtual machine lifecycle analysis system. The method according to claim 1,
A life cycle analysis information storage unit for storing life cycle analysis information acquired from the event continuity analysis unit;
The virtual machine lifecycle analysis system further comprising: The method according to claim 1,
The life cycle information collecting unit,
And life cycle information for the dynamic action including creation, copying, movement, and deletion is collected. The method of claim 3,
Wherein the event continuity analyzer comprises:
Wherein the event information includes at least one of event information including a class, an operation, an identifier number, and a name label. A method for tracking and analyzing a virtual machine life cycle in a cloud computing environment,
(a) collecting lifecycle information related to dynamic behavior of a virtual machine in a lifecycle information collector;
(b) tracking event continuity in the event continuity tracking unit from the life cycle information collected using an API based on XML-PRC; And
(c) determining, by the event continuity analysis unit, whether or not the event information is identical to the event continuity traced;
The virtual machine life cycle analysis method comprising: 6. The method of claim 5,
The step (a)
Wherein lifecycle information on the dynamic behavior including generation, copying, movement, and deletion is collected in the lifecycle information collection unit. The method according to claim 6,
The step (c)
The method comprising the steps of: determining whether or not the event information includes a class, an operation, an identifier number (uuid), and a name label. 8. The method of claim 7,
The step (c)
Calculating an event time on the basis of the determination as the result of the determination as the same as the event time if the event is determined to be the same;
And analyzing the virtual machine lifecycle. 6. The method of claim 5,
(d) storing lifecycle analysis information obtained by the step (c) in a life cycle analysis information storage unit;
And analyzing the virtual machine lifecycle.
KR1020140050507A 2014-04-28 2014-04-28 System and method for analysising lifecycle of virtual machine KR101519414B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140050507A KR101519414B1 (en) 2014-04-28 2014-04-28 System and method for analysising lifecycle of virtual machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140050507A KR101519414B1 (en) 2014-04-28 2014-04-28 System and method for analysising lifecycle of virtual machine

Publications (1)

Publication Number Publication Date
KR101519414B1 true KR101519414B1 (en) 2015-05-12

Family

ID=53394447

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140050507A KR101519414B1 (en) 2014-04-28 2014-04-28 System and method for analysising lifecycle of virtual machine

Country Status (1)

Country Link
KR (1) KR101519414B1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020022085A (en) * 1999-07-13 2002-03-23 썬 마이크로시스템즈, 인코포레이티드 Methods and apparatus for managing an application according to an application lifecycle
JP2005269439A (en) * 2004-03-19 2005-09-29 Ricoh Co Ltd Image forming apparatus, information processing method, information processing program, and recording medium
KR101059199B1 (en) * 2011-01-13 2011-08-25 주식회사 이글루시큐리티 A cloud computing enterprise security management system and a method thereof
KR101343617B1 (en) * 2011-12-28 2013-12-20 대전대학교 산학협력단 Management Method of Service Level Agreement for Guarantee of Quality of Service in Cloud Environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020022085A (en) * 1999-07-13 2002-03-23 썬 마이크로시스템즈, 인코포레이티드 Methods and apparatus for managing an application according to an application lifecycle
JP2005269439A (en) * 2004-03-19 2005-09-29 Ricoh Co Ltd Image forming apparatus, information processing method, information processing program, and recording medium
KR101059199B1 (en) * 2011-01-13 2011-08-25 주식회사 이글루시큐리티 A cloud computing enterprise security management system and a method thereof
KR101343617B1 (en) * 2011-12-28 2013-12-20 대전대학교 산학협력단 Management Method of Service Level Agreement for Guarantee of Quality of Service in Cloud Environment

Similar Documents

Publication Publication Date Title
US11113156B2 (en) Automated ransomware identification and recovery
US10936717B1 (en) Monitoring containers running on container host devices for detection of anomalies in current container behavior
US10216607B2 (en) Dynamic tracing using ranking and rating
US9684534B2 (en) Monitoring and modifying allocated computing resources
Almulla et al. A state-of-the-art review of cloud forensics
TWI514283B (en) Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US8621282B1 (en) Crash data handling
WO2016082501A1 (en) Method, apparatus and system for processing cloud application attack behaviours in cloud computing system
US10503914B2 (en) Techniques for security auditing of cloud resources
EP3178004B1 (en) Recovering usability of cloud based service from system failure
US20130073704A1 (en) Methods and apparatus for remediating policy test failures, including promoting changes for compliance review
US10956664B2 (en) Automated form generation and analysis
CN105024879A (en) Virtual machine fault detection and recovery system and virtual machine detection, recovery and starting method
CN104216743A (en) Method and system for maintaining start completeness of configurable virtual machine
US9734330B2 (en) Inspection and recovery method and apparatus for handling virtual machine vulnerability
US20190294796A1 (en) Resolving anomalies for network applications using code injection
KR101519414B1 (en) System and method for analysising lifecycle of virtual machine
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
US10997292B2 (en) Multiplexed—proactive resiliency system
CN113467941A (en) Method and device for sharing information
US20200125735A1 (en) Non-intrusive method of detecting security flaws of a computer program
Zhang et al. VMFDF: a virtualization-based multi-level fault detection framework for high availability computing
Upadhyay et al. Virtual memory introspection framework for cyber threat detection in virtual environment
Hubbard III Data Collection for Cyber Anomaly Event Detection
Manacero et al. AMFC Tool: Auditing and Monitoring for Cloud Computing

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20180509

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20190502

Year of fee payment: 5