Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and device for detecting parasitic processes in a virtual machine

A virtual machine and process technology, applied in the computer field, can solve problems such as lack of versatility and inability to detect real-time performance, and achieve high real-time performance

Active Publication Date: 2018-04-17
BEIJING QIHOO TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Malicious code injection will lead to some abnormal behaviors of the process. However, the way, content, and location of code injection will continue to change with the development of technology. And its variants appear in large numbers every day to meet the needs of real-time detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting parasitic processes in a virtual machine
  • A method and device for detecting parasitic processes in a virtual machine
  • A method and device for detecting parasitic processes in a virtual machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0065] figure 1 A method for detecting parasitic processes in a virtual machine according to an embodiment of the present invention is shown. Such as figure 1 As shown, the method includes:

[0066] Step S110, determining one or more processes in the specified virtual machine as target processes.

[0067] Step S120, for each target process, reconstruct the process management structure of the target process inside the specified v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for detecting parasitic processes in a virtual machine. The method includes: determining one or more processes in a designated virtual machine as target processes; Reconstructing the process management structure of the target process inside the specified virtual machine; determining whether the target process is a parasitic process injected with malicious code or a malicious dynamic link library DLL by analyzing the reconstructed process management structure. The technical solution provided by the present invention aims at the behavior characteristics of malicious software parasitic in the process, reconstructs the process management structure of the target process in the specified virtual machine, and analyzes the reconstructed process management structure to determine whether the process running in the virtual machine is malicious The parasitic process of the software has made a relatively comprehensive judgment. Compared with the existing technology, this detection scheme has higher real-time performance, flexibility, versatility and accuracy, and meets the common needs of cloud service providers and users.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for detecting parasitic processes in a virtual machine. Background technique [0002] Virtualization technology realizes the virtualization of computing, storage, network and other IT resources, and is the basis for the rapid development of the cloud computing industry. Virtual Machine (Virtual Machine) is the most basic form of service provided by the cloud environment. Cloud service providers provide individual and organizational users with a single virtual machine or a virtual network composed of multiple virtual machines to meet the needs of users for easy maintenance, Requirements for highly available elastic cloud services. In a virtualized environment, services are provided to users in the form of virtual machines, and cloud service providers can only use interfaces such as Libvirt to obtain resource allocation and usage information such as CPU, memo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455
Inventor 罗凯
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com