Threat intelligence response and disposal method and system based on virtual machine introspection

A processing method and virtual machine technology, applied in the information field, can solve problems such as security software attacks, poor protection efficiency, and high maintenance costs, and achieve fine-grained detection, easy maintenance, and high efficiency

Active Publication Date: 2018-01-19
INST OF INFORMATION ENG CAS
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] (1) Install the security protection software in the virtual machine, and install the software and configure the security policy for each virtual machine, and the maintenance cost is high;
[0004] (2) Install the security protection software in the virtual machine, because it runs in the system to be protected, the security software may be attacked, and the security is poor;
[0005] (3) When the security protection software is deployed on the LAN, only threat information at the operating system level can be obtained, and the protection efficiency is poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat intelligence response and disposal method and system based on virtual machine introspection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Embodiments of the present invention will be described in further detail below in conjunction with the accompanying drawings.

[0036] The threat intelligence response and disposal based on the introspection of the virtual machine in the present invention is realized on the framework shown in the accompanying drawing. Using the virtual machine introspection technology, the threat detection and response module is installed outside the detected virtual machine, completely transparent to the detected virtual machine. The present invention does not make any changes to the existing cloud architecture, and only uses the interface provided by the virtual machine monitor to simultaneously detect and respond to network threats on multiple virtual machines on the virtual machine monitor.

[0037] The threat intelligence response and processing method of the present invention includes the following steps:

[0038] Step 1. Deploy the threat detection and response module on a privi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a threat intelligence response and disposal method and system based on virtual machine introspection. A threat detection and response module is deployed on a privilege virtualmachine except a detected virtual machine; a virtual machine introspection technology is used for obtaining a port number-transmission layer network protocol-process corresponding relationship in thedetected virtual machine which carries out network communication; the network data package of virtual machine communication is captured and analyzed; a network threat intelligence database is used for judging whether the data package has threats or not; and if the data package has threats, a thread alarm is given, and the obtained corresponding relationship is used for positioning and threateningthe virtual machine process of thread source communication so as to block the process or the port and the like. By use of the method and the system, the threat detection and response module is deployed on the outer part of the detected virtual machine, the detection and response module is effectively protected, meanwhile, process-level network threat detection and response can be finished, existing cloud architecture does not need to be changed, and the method and the system can be conveniently applied to a server of a cloud service provider.

Description

technical field [0001] The invention belongs to the field of information technology, in particular to a threat intelligence response and processing method and system based on virtual machine introspection. Background technique [0002] With the rapid development of cloud computing, there are more and more network attacks against enterprise server virtual machines, which have brought huge losses to cloud computing service providers and users. In order to detect and respond to network threats and reduce the harm caused by network attacks, there are two commonly used methods at this stage: installing security protection software in virtual machines; deploying security protection software on LANs. These methods maintain the security of the virtual machine system to a certain extent, but they are not perfect, mainly in the following aspects: [0003] (1) Install the security protection software in the virtual machine, and install the software and configure the security policy fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/55G06F21/57
Inventor 于爱民郭云龙马建刚赵力欣
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap