Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting abnormal behavior of virtual machine process

A detection method and virtual machine technology, applied in the field of virtualization security, can solve the problems of inability to guarantee the comprehensiveness of detection, virtual machine escaping security threats, etc., and achieve the effect of improving the detection rate and the degree of accurate matching.

Active Publication Date: 2019-06-25
SICHUAN UNIV
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The virtual machine in the cloud computing environment is different from the traditional host environment. It not only has the security risks in the traditional host, but also has complex and unknown security threats such as virtual machine escape. It only relies on the detection scheme of the traditional host for the privileged process. , the use of traditional host intrusion detection strategies for virtualization platforms often cannot guarantee the comprehensiveness of detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting abnormal behavior of virtual machine process
  • Method and system for detecting abnormal behavior of virtual machine process
  • Method and system for detecting abnormal behavior of virtual machine process

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be further described in detail below in conjunction with the drawings and specific embodiments.

[0053] Such as figure 1 As shown, the detection system can be used to detect the abnormal process system call behavior in the virtual machine, including semantic reconstruction module, capture module, modeling module and detection module.

[0054] The semantic reconstruction module adopts an agentless monitoring method. During the running of the virtual machine process, a monitoring event will be triggered to cause the virtual machine to exit, capture the virtual machine process scheduling event, obtain the underlying semantic information of the virtual machine process, and reconstruct the Linux operating system in the Hypervisor Semantic information related to Windows operating system virtual machine process.

[0055] figure 2 A schematic diagram of the capture module is given. The capture module monitors the virtual machine process system call...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virtual machine process exception behavior detection method and system. The detection method includes capturing virtual machine process scheduling events and reconstructing semantic information of virtual machine process of the Linux operating system and Windows operating system in Hypervisor; setting a system call entry function address pointed by virtual CPU register SYSENTER_EIP_MSR of the virtual machine in the Hypervisor as an illegal address and capturing the virtual machine process system call events to acquire virtual machine process system call data and recover operation of the virtual machine again; saving the virtual machine process semantic information and virtual machine process system call data into a virtual machine data journal file; carrying out modeling of behavior characteristics to the virtual machine data journal file; building a to-be-tested model according to the virtual machine process call data in testing, and outputting the test result to a virtual machine detection journal file according to a detection algorithm. By the method and system, security risk of cloud platform can be detected to a certain degree.

Description

technical field [0001] The invention relates to the technical field of virtualization security, in particular to a method and system for detecting abnormal behavior of a virtual machine process based on a system call vector space. Background technique [0002] With the rapid development of cloud computing technology, the security of cloud platforms has also received extensive attention from the industry. With the introduction of a virtual machine monitor (Virtual Machine Monitor, VMM), a malicious process in a virtual machine can attack the VMM or other virtual machines through vulnerabilities of the virtual machine, thereby threatening the security of the cloud platform. [0003] In the field of traditional host intrusion detection, the anomaly detection methods based on system calls mostly detect abnormal behaviors for a single privileged process in the host. The so-called privileged process means that it has super user privileges during the running process, and an attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455
CPCG06F9/45558G06F2009/45591
Inventor 陈兴蜀陈佳昕金鑫陈蒙蒙王伟金逸灵蔡梦娟
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com