Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Virtual machine introspection method and device, equipment and medium

A virtual machine and computer program technology, applied in the direction of program control device, program control design, software simulation/interpretation/simulation, etc., can solve problems such as reducing the performance of virtual machines, and achieve the effect of improving detection ability, performance, and optimization times

Pending Publication Date: 2021-01-22
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, the performance of virtual machine introspection and malware detection capabilities are reduced

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine introspection method and device, equipment and medium
  • Virtual machine introspection method and device, equipment and medium
  • Virtual machine introspection method and device, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In the prior art, an intrusive method is used to obtain high-level semantic information from a virtual machine, but the intrusive method needs to modify the virtual machine environment to achieve the purpose of obtaining high-level semantic information, and after modifying the virtual machine environment, malware Modified content can be detected, and detection and analysis can be avoided through the detected modified content. Therefore, the performance of virtual machine introspection and malware detection ability are reduced. In order to overcome the above problems, please propose a virtual machine introspection method based on fast tables, which can achieve non-invasive high-level semantic information acquisition, improve the performance of virtual machine introspection, and further improve the detection ability of malware in virtual environments.

[0043] The embodiment of this application discloses a virtual machine introspection method, see figure 1 As shown, the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virtual machine introspection method and apparatus, a device and a medium. The method comprises the steps of detecting whether a loss reset behavior exists in a fast table ofa target virtual machine or not; if the fast table has a lost reset behavior, checking a program counter to determine process information of the current process; after the process information is determined, checking the program counter again to determine link library information corresponding to the current process; and determining high-level semantic information of the target virtual machine byutilizing the process information and the link library information so as to realize virtual machine introspection. The change of the state of the virtual machine can be judged by detecting the loss reset behavior of the fast table, so that more critical time nodes are selected for virtual machine introspection, and the virtual machine introspection performance is improved; and the process information and the link library information are determined through the program counter to perform semantic reconstruction of the virtual machine, so that non-invasive semantic reconstruction is realized, theintrospection performance of the virtual machine is improved, and the detection capability of malicious software is improved.

Description

technical field [0001] The present invention relates to the field of virtual machines, in particular to a virtual machine introspection method, device, equipment and medium. Background technique [0002] Currently, during the dynamic analysis of malware, the malware will also detect the current execution environment. If it is detected that the current execution environment is a virtual environment, different execution strategies will be adopted, causing analysts to analyze the behavior of this malware. Incomplete or even completely wrong situations eventually lead to further spread and damage of malware. [0003] In the prior art, virtual machine introspection (Virtual Machine Introspection, VMI) technology is often used to detect the running state of the virtual machine. Virtual machine introspection refers to the technology of obtaining the internal state information of the client virtual machine system outside the virtual machine, which is widely accepted by the academic ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455
CPCG06F9/45558G06F2009/45591
Inventor 叶峥豪范渊吴卓群
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com