首页> 外国专利> System and method for analyzing a log in a virtual machine based on a template

System and method for analyzing a log in a virtual machine based on a template

机译：基于模板分析虚拟机中的日志的系统和方法

页面导航

摘要
著录项
相似文献

摘要

Disclosed is a method for analyzing a log for conducting an antivirus scan of a file. The method includes opening a file in a virtual machine. The opening of the file includes execution of a guest process having a thread in a virtual processor of the virtual machine. A plurality of events in the thread of the guest process is intercepted. Registers associated with a system call made during execution of the first thread of the guest process are determined. Execution of the thread of the guest process is halted. In a log associated with the opening of the file, information is saved indicating events intercepted during execution of the thread in an altered guest physical memory page, and context data of the virtual processor. Using at least one template having rules, the saved log is analyzed to determine whether the file opened in the virtual machine is harmful.

机译：公开了一种用于分析用于进行文件的防病毒扫描的日志的方法。该方法包括在虚拟机中打开文件。文件的开放包括执行具有虚拟机的虚拟处理器中的线程的客户进程的执行。拦截客户流程的线程中的多个事件。确定与在执行客户处理的第一线程期间进行的系统调用相关联的寄存器。停止执行客户流程的线程。在与文件的打开相关联的日志中，保存信息，指示在改变的客户物理存储器页面执行线程期间截获的事件，以及虚拟处理器的上下文数据。使用具有规则的至少一个模板，分析保存的日志以确定虚拟机中打开的文件是否有害。

著录项

公开/公告号US11048795B2

专利类型
公开/公告日2021-06-29

原文格式PDF
申请/专利权人 AO KASPERSKY LAB;
展开▼

申请/专利号US201916715599
发明设计人 VLADISLAV V. PINTIYSKY;DENIS V. ANIKIN;DENIS Y. KOBYCHEV;MAXIM Y. GOLOVKIN;VITALY V. BUTUZOV;DMITRY V. KARASOVSKY;DMITRY A. KIRSANOV;
展开▼

申请日2019-12-16
分类号G06F21;G06F21/53;G06F21/56;G06F21/55;G06F21/60;
国家 US
入库时间 2022-08-24 19:38:48

相似文献

专利
外文文献
中文文献