技术领域technical field
本发明涉及计算机技术领域,特别是涉及一种虚拟化安全检测方法与系统。The invention relates to the field of computer technology, in particular to a virtualization security detection method and system.
背景技术Background technique
虚拟化,是指通过虚拟化技术将一台计算机虚拟为多台逻辑计算机。在一台计算机上同时运行多个逻辑计算机,每个逻辑计算机可运行不同的操作系统,并且应用程序都可以在相互独立的空间内运行而互不影响,从而显著提高计算机的工作效率。Virtualization refers to virtualizing a computer into multiple logical computers through virtualization technology. Run multiple logical computers on one computer at the same time, each logical computer can run a different operating system, and the application programs can run in independent spaces without affecting each other, thereby significantly improving the work efficiency of the computer.
现有的虚拟化安全检测方案中,若对局域网中的信息进行安全检测,需要在局域网的虚拟机中设置一台或多台查杀服务器,将局域网中的全部信息发送到一台或多台查杀服务器进行安全检测。In the existing virtualization security detection scheme, if security detection is performed on the information in the local area network, it is necessary to set up one or more killing servers in the virtual machine of the local area network, and send all the information in the local area network to one or more Kill the server for security detection.
由于局域网中的信息相对固定,频繁地利用查杀服务器对局域网中的信息进行检测,会造成局域网的网络资源和虚拟机的配置资源的浪费。Since the information in the local area network is relatively fixed, frequently using the killing server to detect the information in the local area network will cause a waste of network resources of the local area network and virtual machine configuration resources.
发明内容Contents of the invention
鉴于上述现有的虚拟化安全检测方法通过查杀服务器对局域网中的信息进行安全检测,容易造成资源浪费的问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的虚拟化安全检测方法与系统。In view of the fact that the above-mentioned existing virtualization security detection method performs security detection on the information in the local area network by killing the server, it is easy to cause waste of resources. Chemical security detection method and system.
依据本发明的一个方面,提供了一种虚拟化安全检测方法,包括:According to one aspect of the present invention, a virtualization security detection method is provided, including:
轻代理客户端获取所述轻代理客户端所在的局域网中的全部待检测信息,通过所述轻代理客户端中的轻代理查杀引擎对所述全部待检测信息进行安全检测;The light agent client obtains all the information to be detected in the local area network where the light agent client is located, and performs security detection on all the information to be detected through the light agent killing engine in the light agent client;
若所述轻代理查杀引擎对所述全部待检测信息进行安全检测未得到全部检测结果,则所述轻代理客户端将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别;If the light agent killing engine performs security detection on all the information to be detected and fails to obtain all detection results, then the light agent client sends the information to be detected without detection results to the public cloud server outside the local area network Carrying out security detection; determining the security level of the information to be detected for which the detection result has not been obtained according to the detection result of the public cloud server;
当所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果时,将所述全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使所述缓存服务器和/或查杀服务器进行所述局域网中的待检测信息的安全检测;When the light agent killing engine obtains all the detection results of all the information to be detected, it sends all the information to be detected and all corresponding detection results to the cache server and/or the killing server, so that the The cache server and/or the killing server perform security detection of the information to be detected in the local area network;
其中,所述轻代理客户端位于虚拟机中。Wherein, the light proxy client is located in a virtual machine.
根据本发明的另一方面,提供了一种虚拟化安全检测系统,包括:轻代理客户端、缓存服务器和/或查杀服务器;其中,所述轻代理客户端包括:According to another aspect of the present invention, a virtualization security detection system is provided, including: a light proxy client, a cache server and/or an killing server; wherein, the light proxy client includes:
待检测信息获取及检测模块,用于获取所述轻代理客户端所在的局域网中的全部待检测信息,通过所述轻代理客户端中的轻代理查杀引擎对所述全部待检测信息进行安全检测;The information to be detected acquisition and detection module is used to obtain all the information to be detected in the local area network where the light agent client is located, and perform security on all the information to be detected through the light agent killing engine in the light agent client detection;
待检测信息发送及检测模块,用于若所述轻代理查杀引擎对所述全部待检测信息进行安全检测未得到全部检测结果,则将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别;The information to be detected sending and detection module is used to send the information to be detected without detection results to the outside of the local area network if the light agent killing engine performs security detection on all the information to be detected and fails to obtain all detection results The public cloud server of the public cloud server carries out security detection; According to the detection result of the public cloud server, the security level of the information to be detected that has not obtained the detection result is determined;
检测结果发送模块,用于当所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果时,将所述全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使所述缓存服务器和/或查杀服务器进行所述局域网中的待检测信息的安全检测;A detection result sending module, configured to send all the information to be detected and all corresponding detection results to the cache server and/or query when the light agent killing engine obtains all the detection results of the information to be detected. Killing the server, so that the cache server and/or killing server performs security detection of the information to be detected in the local area network;
其中,所述轻代理客户端位于虚拟机中。Wherein, the light proxy client is located in a virtual machine.
现有的虚拟化安全检测方案中,当对局域网中的全部信息进行安全检测时,需要在局域网的虚拟机中设置一台或多台查杀服务器,通过查杀服务器对全部信息进行安全检测。由于局域网中的全部信息相对固定,增加或更新的内容很少,若利用查杀服务器频繁地扫描局域网中相对固定的全部信息,势必造成资源的浪费。而根据本发明的虚拟机安全检测方案,在虚拟机中设置轻代理客户端,由轻代理客户端获取轻代理客户端所在的局域网中的全部待检测信息,通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测;若未得到全部检测结果,则将未得到检测结果的待检测信息发送至局域网外部的公有云服务器进行安全检测;再根据公有云服务器的检测结果确定未得到检测结果的待检测信息的安全级别;若得到全部检测结果,则将全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使缓存服务器和/或查杀服务器进行局域网中的待检测信息的安全检测。In the existing virtualization security detection scheme, when performing security detection on all information in the local area network, it is necessary to set up one or more killing servers in the virtual machines of the local area network, and perform security detection on all information through the killing servers. Because all the information in the local area network is relatively fixed, and there are few added or updated contents, if the anti-virus server is used to frequently scan all the relatively fixed information in the local area network, it will inevitably cause waste of resources. According to the virtual machine security detection scheme of the present invention, a light proxy client is set in the virtual machine, and the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and passes through the light proxy client in the light proxy client. The killing engine performs security detection on all the information to be detected; if all the detection results are not obtained, the information to be detected without detection results is sent to the public cloud server outside the LAN for security detection; and then determined according to the detection results of the public cloud server The security level of the information to be detected without detection results; if all the detection results are obtained, all the information to be detected and all corresponding detection results are sent to the cache server and/or killing server, so that the cache server and/or killing The server performs security detection of the information to be detected in the local area network.
在通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测,并得到全部检测结果时,确定局域网中的全部信息均为被轻代理查杀引擎识别的信息,此时不再需要对局域网中的全部信息进行安全检测,节省了局域网中的网络资源和局域网中的虚拟机的资源占用。When the light agent killing engine in the light agent client performs security detection on all the information to be detected, and obtains all detection results, it is determined that all the information in the local area network is the information recognized by the light agent killing engine. In addition, it is necessary to perform security detection on all information in the local area network, which saves network resources in the local area network and resource occupation of virtual machines in the local area network.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.
附图说明Description of drawings
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:
图1是根据本发明实施例一的一种虚拟化安全检测方法的步骤流程图;FIG. 1 is a flowchart of steps of a virtualization security detection method according to Embodiment 1 of the present invention;
图2是根据本发明实施例二的一种虚拟化安全检测方法的步骤流程图;FIG. 2 is a flow chart of steps of a virtualization security detection method according to Embodiment 2 of the present invention;
图3是根据本发明实施例三的一种虚拟化安全检测系统的结构框图;FIG. 3 is a structural block diagram of a virtualization security detection system according to Embodiment 3 of the present invention;
图4是根据本发明实施例四的一种虚拟化安全检测系统的结构框图。FIG. 4 is a structural block diagram of a virtualization security detection system according to Embodiment 4 of the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
实施例一Embodiment one
详细介绍本发明实施例提供的一种虚拟化安全检测方法。A virtualization security detection method provided by an embodiment of the present invention is introduced in detail.
参照图1,示出了本发明实施例中的一种虚拟化安全检测方法的步骤流程图。Referring to FIG. 1 , it shows a flowchart of steps of a virtualization security detection method in an embodiment of the present invention.
本发明实施例中的虚拟化安全检测方法可以应用于包括轻代理客户端、缓存服务器和/或查杀服务器在内的系统中。The virtualization security detection method in the embodiment of the present invention can be applied to a system including a light proxy client, a cache server and/or an antivirus server.
其中,所述轻代理客户端可以设置于虚拟机中,所述缓存服务器和/或所述查杀服务器可以设置于虚拟机或物理机中。例如,所述轻代理客户端可以设置于多台虚拟机中的一台虚拟机中,所述缓存服务器和/或所述查杀服务器可以仅设置于一台物理机中,或者,也可以设置于一台虚拟机中,可选地,所述轻代理客户端、所述缓存服务器和/或所述查杀服务器可以设置于多台虚拟机中的同一台虚拟机中,而其它虚拟机中则无需设置。Wherein, the light proxy client may be set in a virtual machine, and the cache server and/or the killing server may be set in a virtual machine or a physical machine. For example, the light proxy client can be set in a virtual machine among multiple virtual machines, and the cache server and/or the killing server can be set in only one physical machine, or can also be set In a virtual machine, optionally, the light proxy client, the cache server and/or the killing server can be set in the same virtual machine among multiple virtual machines, while other virtual machines No setting is required.
本实施例的虚拟化安全检测方法包括以下步骤:The virtualization security detection method of the present embodiment includes the following steps:
步骤100,轻代理客户端获取所述轻代理客户端所在的局域网中的全部待检测信息,通过所述轻代理客户端中的轻代理查杀引擎对所述全部待检测信息进行安全检测;若所述轻代理查杀引擎对所述全部待检测信息进行安全检测未得到全部检测结果,则执行步骤102;若所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果,则执行步骤104。Step 100, the light agent client obtains all the information to be detected in the local area network where the light agent client is located, and performs security detection on all the information to be detected through the light agent killing engine in the light agent client; if The light agent detection and killing engine performs security detection on all the information to be detected and fails to obtain all detection results, then perform step 102; if the light agent detection and killing engine obtains all detection results of all the information to be detected, then Execute step 104.
所述待检测信息可以来源于同一台虚拟机中,也可以来源于多台虚拟机中,可以来源于一台物理机中,也可以来源于多台物理机中,也就是说,通过轻代理客户端可以获取局域网中任务位置的待检测信息。The information to be detected may come from the same virtual machine, or from multiple virtual machines, or from one physical machine, or from multiple physical machines, that is to say, through the light agent The client can obtain the information to be detected of the task location in the local area network.
而且,轻代理客户端可以通过网络获取全部待检测信息,与通过底层物理层传输待检测信息相比,因底层物理层本身的局限,仅能传输文件信息,而通过网络传输的待检测信息,除了可以是文件信息外,还可以包括但不限于网址信息、访问路径信息、注册表读写信息等。Moreover, the light agent client can obtain all the information to be detected through the network. Compared with the transmission of the information to be detected through the underlying physical layer, due to the limitations of the underlying physical layer itself, only file information can be transmitted, while the information to be detected transmitted through the network, In addition to file information, it may also include but not limited to URL information, access path information, registry read and write information, and the like.
在轻代理客户端内部设置有轻代理查杀引擎,所述轻代理查杀引擎可以针对特定类型、特定环境或特定资源等的信息进行快捷地安全检测,其相对于传统的查杀服务器,具有资源占用率低、查杀效率高等优点。A light agent killing engine is provided inside the light agent client, and the light agent killing engine can quickly and safely detect information such as specific types, specific environments, or specific resources. Compared with traditional killing servers, it has the advantages of It has the advantages of low resource occupation rate and high killing efficiency.
步骤102,所述轻代理客户端将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别。Step 102, the light agent client sends the information to be detected that has not obtained the detection result to the public cloud server outside the local area network for security detection; according to the detection result of the public cloud server Check the security level of the information.
例如,轻代理客户端对待检测信息A进行安全检测,未到到待检测信息A的检测结果,表示轻代理客户端无法对待检测信息A进行识别,则轻代理客户端将待检测信息A发送至局域网外部的云服务器进行安全检测,进一步根据云服务器的检测结果确定待检测信息A的安全级别。For example, the light proxy client performs security detection on the information to be detected A, but does not receive the detection result of the information A to be detected, indicating that the light proxy client cannot identify the information A to be detected, then the light proxy client sends the information A to be detected to The cloud server outside the local area network performs security detection, and further determines the security level of the information A to be detected according to the detection result of the cloud server.
步骤104,所述轻代理客户端将所述全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使所述缓存服务器和/或查杀服务器进行所述局域网中的待检测信息的安全检测。Step 104, the light proxy client sends all the information to be detected and all the corresponding detection results to the cache server and/or the killing server, so that the cache server and/or the killing server can be detected in the local area network. The security detection of the information to be detected.
所述轻代理客户端对全部待检测信息进行安全检测,得到全部检测结果,表示局域网中的全部信息均可以被轻代理客户端识别,则轻代理客户端中的查杀引擎可以关闭,不需要再对当前的局域网中的信息进行安全检测。Described light proxy client carries out security detection to all information to be detected, obtains all detection results, shows that all information in the local area network can be identified by light proxy client, then the killing engine in the light proxy client can be closed, does not need Then carry out security detection on the information in the current local area network.
此时,轻代理客户端可以将当前局域网中的全部信息以及全部信息对应的全部检测结果发送至局域网中的缓存服务器和/或查杀服务器,利用缓存服务器和/或查杀服务器对局域网中的信息进行安全检测。At this point, the light proxy client can send all the information in the current local area network and all the detection results corresponding to all the information to the cache server and/or killing server in the local area network, and use the cache server and/or killing server to check the local area network. information for security testing.
缓存服务器和/或查杀服务器可以通过累积、学习局域网中的全部信息以及全部信息对应的全部检测结果,增加缓存服务器的缓存数据库和/或查杀服务器的查杀数据库,提高缓存服务器和/或查杀服务器的安全检测能力。The cache server and/or the killing server can increase the cache database of the cache server and/or the killing database of the killing server by accumulating and learning all the information in the local area network and all the detection results corresponding to the information, so as to improve the performance of the cache server and/or The security detection capability of killing the server.
需要说明的是,所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果,可以包括轻代理查杀引擎经过自身对待检测信息进行安全检测得到的检测结果,还可以包括经过公有云服务器进行安全检测得到的检测结果。It should be noted that, the light agent detection and killing engine obtains all the detection results of all the information to be detected, which may include the detection results obtained by the light agent detection and killing engine through its own security detection of the information to be detected, and may also include The detection result obtained by the security detection performed by the cloud server.
综上所述,本发明实施例在虚拟机中设置轻代理客户端,由轻代理客户端获取轻代理客户端所在的局域网中的全部待检测信息,通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测;若未得到全部检测结果,则将未得到检测结果的待检测信息发送至局域网外部的公有云服务器进行安全检测;再根据公有云服务器的检测结果确定未得到检测结果的待检测信息的安全级别;若得到全部检测结果,则将全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使缓存服务器和/或查杀服务器进行局域网中的待检测信息的安全检测。In summary, in the embodiment of the present invention, a light proxy client is set in the virtual machine, and the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and checks and kills all the information through the light proxy client in the light proxy client. The engine performs security detection on all the information to be detected; if all the detection results are not obtained, the information to be detected without detection results is sent to the public cloud server outside the LAN for security detection; and then determined according to the detection results of the public cloud server. The security level of the information to be detected of the detection result; if all the detection results are obtained, all the information to be detected and all corresponding detection results are sent to the cache server and/or the killing server, so that the cache server and/or the killing server Security detection of the information to be detected in the local area network.
在通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测,并得到全部检测结果时,确定局域网中的全部信息均为被轻代理查杀引擎识别的信息,此时不再需要对局域网中的全部信息进行安全检测,节省了局域网中的网络资源和局域网中的虚拟机的资源占用。When the light agent killing engine in the light agent client performs security detection on all the information to be detected, and obtains all detection results, it is determined that all the information in the local area network is the information recognized by the light agent killing engine. In addition, it is necessary to perform security detection on all information in the local area network, which saves network resources in the local area network and resource occupation of virtual machines in the local area network.
实施例二Embodiment two
详细介绍本发明实施例提供的一种虚拟化安全检测方法。A virtualization security detection method provided by an embodiment of the present invention is introduced in detail.
参照图2,示出了本发明实施例中的一种虚拟化安全检测方法的步骤流程图。Referring to FIG. 2 , it shows a flowchart of steps of a virtualization security detection method in an embodiment of the present invention.
本发明实施例中的虚拟化安全检测方法可以应用于包括轻代理客户端、缓存服务器和/或查杀服务器在内的系统中。The virtualization security detection method in the embodiment of the present invention can be applied to a system including a light proxy client, a cache server and/or an antivirus server.
其中,所述轻代理客户端可以设置于虚拟机中,所述缓存服务器和/或所述查杀服务器可以设置于虚拟机中或物理机中。例如,所述轻代理客户端可以设置于多台虚拟机中的一台虚拟机中,所述缓存服务器和/或所述查杀服务器可以仅设置于一台物理机中,或者,也可以设置于一台虚拟机中,可选地,所述轻代理客户端、所述缓存服务器和/或所述查杀服务器可以设置于多台虚拟机中的同一台虚拟机中,而其它虚拟机中则无需设置。Wherein, the light proxy client may be set in a virtual machine, and the cache server and/or the killing server may be set in a virtual machine or a physical machine. For example, the light proxy client can be set in a virtual machine among multiple virtual machines, and the cache server and/or the killing server can be set in only one physical machine, or can also be set In a virtual machine, optionally, the light proxy client, the cache server and/or the killing server can be set in the same virtual machine among multiple virtual machines, while other virtual machines No setting is required.
本实施例的虚拟化安全检测方法包括以下步骤:The virtualization security detection method of the present embodiment includes the following steps:
步骤200,轻代理客户端获取所述轻代理客户端所在的局域网中的全部待检测信息,通过所述轻代理客户端中的轻代理查杀引擎对所述全部待检测信息进行安全检测。Step 200, the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and performs security detection on all the information to be detected through the light proxy killing engine in the light proxy client.
所述待检测信息可以来源于同一台虚拟机中,也可以来源于多台虚拟机中,可以来源于一台物理机中,也可以来源于多台物理机中,也就是说,通过轻代理客户端可以获取局域网中任务位置的待检测信息。The information to be detected may come from the same virtual machine, or from multiple virtual machines, or from one physical machine, or from multiple physical machines, that is to say, through the light agent The client can obtain the information to be detected of the task location in the local area network.
而且,轻代理客户端可以通过网络获取全部待检测信息,与通过底层物理层传输待检测信息相比,因底层物理层本身的局限,仅能传输文件信息,而通过网络传输的待检测信息,除了可以是文件信息外,还可以包括但不限于网址信息、访问路径信息、注册表读写信息等。Moreover, the light agent client can obtain all the information to be detected through the network. Compared with the transmission of the information to be detected through the underlying physical layer, due to the limitations of the underlying physical layer itself, only file information can be transmitted, while the information to be detected transmitted through the network, In addition to file information, it may also include but not limited to URL information, access path information, registry read and write information, and the like.
在轻代理客户端内部设置有轻代理查杀引擎,所述轻代理查杀引擎可以针对特定类型、特定环境或特定资源等的信息进行快捷地安全检测,其相对于传统的查杀服务器,具有资源占用率低、查杀效率高等优点。A light agent killing engine is provided inside the light agent client, and the light agent killing engine can quickly and safely detect information such as specific types, specific environments, or specific resources. Compared with traditional killing servers, it has the advantages of It has the advantages of low resource occupation rate and high killing efficiency.
优选地,所述步骤200中轻代理客户端获取所述轻代理客户端所在的局域网中的全部待检测信息的过程可以为:Preferably, the process in which the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located in the step 200 may be:
所述轻代理客户端从所述局域网中的至少一台物理机的至少一台虚拟机中获取全部待检测信息。The light proxy client obtains all information to be detected from at least one virtual machine of at least one physical machine in the local area network.
其中,所述局域网包括至少一台物理机,每台所述物理机包括至少一台虚拟机。Wherein, the local area network includes at least one physical machine, and each of the physical machines includes at least one virtual machine.
例如,轻代理客户端Q1所在的局域网J1中包括物理机W1和物理机W2,物理机W1包括虚拟机X1和X2,物理机W2包括虚拟机X3和X4,则轻代理客户端Q1可以从虚拟机X1、X2、X3和X4中获取全部待检测信息,既可以单独从虚拟机X1中获取全部待检测信息,又可以单独从虚拟机X2中获取全部待检测信息,还可以单独从虚拟机X3中获取全部待检测信息,同时,也可以单独从虚拟机X4中获取全部待检测信息。需要说明的是,当轻代理客户端从某一个或几个虚拟机或物理机中获取到局域网中的全部待检测信息时,表示局域网中的其他虚拟机或物理机中无待检测信息。For example, the local area network J1 where the light proxy client Q1 is located includes physical machine W1 and physical machine W2, the physical machine W1 includes virtual machines X1 and X2, and the physical machine W2 includes virtual machines X3 and X4, then the light proxy client Q1 can be accessed from the virtual machine. All the information to be detected can be obtained from the machines X1, X2, X3 and X4, and all the information to be detected can be obtained from the virtual machine X1, and all the information to be detected can be obtained from the virtual machine X2, and can also be obtained from the virtual machine X3 All the information to be detected can be obtained from the virtual machine X4, and at the same time, all the information to be detected can also be obtained from the virtual machine X4. It should be noted that when the light agent client obtains all the information to be detected in the local area network from one or several virtual machines or physical machines, it means that there is no information to be detected in other virtual machines or physical machines in the local area network.
优选地,所述待检测信息可以包括文件信息、网址信息、访问路径信息、注册表读写信息中的至少一种,本发明实施例对待检测信息的具体内容不作限制。Preferably, the information to be detected may include at least one of file information, website information, access path information, and registry read/write information, and the embodiment of the present invention does not limit the specific content of the information to be detected.
优选地,所述步骤200中所述轻代理客户端中的轻代理查杀引擎对所述全部待检测信息进行安全检测的的步骤,可以包括:Preferably, the step of the light agent killing engine in the light agent client in the step 200 performing security detection on all the information to be detected may include:
子步骤2001,所述轻代理客户端获取所述全部待检测信息的全部特征值。Sub-step 2001, the light proxy client obtains all feature values of all the information to be detected.
所述待检测信息的特征值为用于标识待检测信息具有唯一性的属性信息,轻代理客户端可以对待检测信息进行计算等操作得到特征值,本发明实施例对轻代理客户端获取待检测信息的特征值的技术手段不作限制。The characteristic value of the information to be detected is the attribute information used to identify the uniqueness of the information to be detected. The light agent client can perform operations such as calculation on the information to be detected to obtain the characteristic value. In the embodiment of the present invention, the light agent client obtains the information to be detected. The technical means of the characteristic value of the information is not limited.
子步骤2002,所述轻代理查杀引擎扫描所述全部特征值对所述全部待检测信息进行安全检测。In sub-step 2002, the light agent scanning and killing engine scans all the feature values to perform security detection on all the information to be detected.
所述轻代理查杀引擎为轻代理客户端的核心组件,利用轻代理查杀引擎可以对特征值进行扫描和识别,实现对待检测信息的安全检测。The light agent antivirus engine is a core component of the light agent client, and the light agent antivirus engine can scan and identify the characteristic value to realize the security detection of the information to be detected.
步骤202,所述轻代理查杀引擎判断是否获取到所述全部待检测信息的全部检测结果;若否,则执行步骤204;若是,则执行步骤206。Step 202, the light agent killing engine judges whether all detection results of all the information to be detected have been obtained; if not, execute step 204; if yes, execute step 206.
优选地,所述步骤202可以为:Preferably, the step 202 may be:
所述轻代理查杀引擎判断在设定时间段内是否需要将所述局域网中的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;若否,则所述轻代理查杀引擎确定获取到所述局域网中的全部待检测信息的全部检测结果;若是,则所述轻代理查杀引擎确定未获取到所述局域网中的全部待检测信息的全部检测结果。The light agent killing engine judges whether the information to be detected in the local area network needs to be sent to a public cloud server outside the local area network for security detection within a set time period; if not, the light agent killing engine Determining that all the detection results of all the information to be detected in the local area network have been obtained; if yes, the light agent killing engine determines that all the detection results of all the information to be detected in the local area network have not been obtained.
其中,所述设定时间段可以为几个月,具体可以根据局域网的实际情况进行设定,本发明实施例对设定时间段不作限制。Wherein, the set time period may be several months, specifically, it may be set according to the actual situation of the local area network, and the embodiment of the present invention does not limit the set time period.
步骤204,所述轻代理客户端将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别。Step 204, the light agent client sends the information to be detected that has not obtained the detection result to the public cloud server outside the local area network for security detection; Check the security level of the information.
例如,轻代理客户端对待检测信息A进行安全检测,未到到待检测信息A的检测结果,表示轻代理客户端无法对待检测信息A进行识别,则轻代理客户端将待检测信息A发送至局域网外部的云服务器进行安全检测,进一步根据云服务器的检测结果确定待检测信息A的安全级别。For example, the light proxy client performs security detection on the information to be detected A, but does not receive the detection result of the information A to be detected, indicating that the light proxy client cannot identify the information A to be detected, then the light proxy client sends the information A to be detected to The cloud server outside the local area network performs security detection, and further determines the security level of the information A to be detected according to the detection result of the cloud server.
优选地,所述步骤204中所述轻代理客户端将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测的过程可以为:Preferably, the light proxy client in the step 204 sends the information to be detected that has not obtained the detection result to the public cloud server outside the local area network for security detection. The process may be:
所述轻代理客户端按照预设的扫描顺序,将所述未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测。The light proxy client sends the information to be detected for which no detection result has been obtained to a public cloud server outside the local area network for security detection according to a preset scanning sequence.
若存在多个需要发送至公有云服务器进行安全检测的待检测信息,则轻代理客户端可以按照预设的扫描顺序,发送多个待检测信息至公有云服务器进行安全检测。If there are multiple pieces of information to be detected that need to be sent to the public cloud server for security detection, the light proxy client can send multiple pieces of information to be detected to the public cloud server for security detection according to a preset scanning sequence.
步骤206,所述轻代理客户端将所述全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使所述缓存服务器和/或查杀服务器进行所述局域网中的待检测信息的安全检测;并且,关闭所述轻代理客户端中的轻代理查杀引擎。Step 206, the light proxy client sends all the information to be detected and all the corresponding detection results to the cache server and/or the killing server, so that the cache server and/or the killing server can be detected in the local area network. security detection of the information to be detected; and, closing the light agent killing engine in the light agent client.
所述轻代理客户端对全部待检测信息进行安全检测,得到全部检测结果,表示局域网中的全部信息均可以被轻代理客户端识别,则轻代理客户端中的查杀引擎可以关闭,不需要再对当前的局域网中的信息进行安全检测。Described light proxy client carries out security detection to all information to be detected, obtains all detection results, shows that all information in the local area network can be identified by light proxy client, then the killing engine in the light proxy client can be closed, does not need Then carry out security detection on the information in the current local area network.
此时,轻代理客户端可以将当前局域网中的全部信息以及全部信息对应的全部检测结果发送至局域网中的缓存服务器和/或查杀服务器,利用缓存服务器和/或查杀服务器对局域网中的信息进行安全检测。At this point, the light proxy client can send all the information in the current local area network and all the detection results corresponding to all the information to the cache server and/or killing server in the local area network, and use the cache server and/or killing server to check the local area network. information for security testing.
优选地,所述轻代理客户端可以将所述公有云服务器的检测结果返回给所述缓存服务器和/或查杀服务器。Preferably, the light proxy client can return the detection result of the public cloud server to the cache server and/or killing server.
缓存服务器和/或查杀服务器可以通过累积、学习局域网中的全部信息以及全部信息对应的全部检测结果,增加缓存服务器的缓存数据库和/或查杀服务器的查杀数据库,提高缓存服务器和/或查杀服务器的安全检测能力。The cache server and/or the killing server can increase the cache database of the cache server and/or the killing database of the killing server by accumulating and learning all the information in the local area network and all the detection results corresponding to the information, so as to improve the performance of the cache server and/or The security detection capability of killing the server.
优选地,所述步骤206中所述缓存服务器进行所述局域网中的待检测信息的安全检测的过程可以为:Preferably, in the step 206, the process of the cache server performing security detection of the information to be detected in the local area network may be:
步骤61,所述缓存服务器判断是否缓存有所述待检测信息与所述待检测信息对应的安全级别的对应关系;若不存在,则执行步骤62;若存在,则执行步骤63。Step 61 , the cache server judges whether the correspondence between the information to be detected and the security level corresponding to the information to be detected is cached; if not, execute step 62 ; if yes, execute step 63 .
在缓存服务器中可以缓存待检测信息与其对应的安全级别的对应关系。例如,缓存服务器中缓存有待检测信息A与其对应的安全级别“危险”的对应关系;缓存服务器中缓存有待检测信息B与其对应的安全级别“安全”的对应关系。The correspondence between the information to be detected and its corresponding security level can be cached in the cache server. For example, the cache server caches the correspondence between the information to be detected A and its corresponding security level "dangerous"; the cache server caches the correspondence between the information to be detected B and its corresponding security level "safe".
步骤62,所述缓存服务器将所述待检测信息发送给查杀服务器进行所述待检测信息的安全检测;根据所述查杀服务器的检测结果确定所述待检测信息的安全级别。Step 62 , the cache server sends the information to be detected to the antivirus server for security detection of the information to be detected; and determines the security level of the information to be detected according to the detection result of the antivirus server.
例如,在缓存服务器中不存在待检测信息C与其对应的安全级别的对应关系,则缓存服务器将待检测信息C发送至查杀服务器进行待检测信息C的安全检测,由查杀服务器得到待检测信息C的检测结果,缓存服务器可以根据检测结果确定待检测信息C的安全级别。For example, if there is no corresponding relationship between the information to be detected C and its corresponding security level in the cache server, the cache server will send the information C to be detected to the killing server for security detection of the information C to be detected, and the killing server will obtain the information to be detected For the detection result of the information C, the cache server may determine the security level of the information C to be detected according to the detection result.
也就是说,在缓存服务器中不存在某待检测信息与其对应的安全级别的对应关系时,缓存服务器将该待检测信息发送至查杀服务器进行安全检测,由查杀服务器得到的检测结果判断出该待检测信息的安全级别。That is to say, when there is no corresponding relationship between certain information to be detected and its corresponding security level in the cache server, the cache server sends the information to be detected to the antivirus server for security detection, and the detection result obtained by the antivirus server determines that The security level of the information to be detected.
步骤63,根据所述对应关系确定所述待检测信息的安全级别。Step 63: Determine the security level of the information to be detected according to the corresponding relationship.
若缓存服务器中存在某待检测信息与其对应的安全级别的对应关系,则直接确定出该待检测信息对应的安全级别。If there is a corresponding relationship between certain information to be detected and its corresponding security level in the cache server, the security level corresponding to the information to be detected is directly determined.
优选地,所述步骤206中所述查杀服务器进行所述局域网中的待检测信息的安全检测的过程可以为:Preferably, the process for the killing server in step 206 to perform security detection of the information to be detected in the local area network may be:
步骤64,所述查杀服务器获取所述待检测信息的特征值。Step 64, the killing server acquires the feature value of the information to be detected.
步骤65,所述查杀服务器通过所述查杀服务器的查杀引擎扫描所述特征值对所述待检测信息进行安全检测。In step 65, the antivirus server scans the feature value through an antivirus engine of the antivirus server to perform security detection on the information to be detected.
需要说明的是,上述步骤64和步骤65的具体实现过程可以参照上述子步骤2001和子步骤2002的实现过程,在此不再赘述。It should be noted that, the specific implementation process of the above-mentioned step 64 and step 65 can refer to the implementation process of the above-mentioned sub-step 2001 and sub-step 2002, which will not be repeated here.
需要说明的是,所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果,可以包括轻代理查杀引擎经过自身对待检测信息进行安全检测得到的检测结果,还可以包括经过公有云服务器进行安全检测得到的检测结果。It should be noted that, the light agent detection and killing engine obtains all the detection results of all the information to be detected, which may include the detection results obtained by the light agent detection and killing engine through its own security detection of the information to be detected, and may also include The detection result obtained by the security detection performed by the cloud server.
综上所述,本发明实施例在虚拟机中设置轻代理客户端,由轻代理客户端获取轻代理客户端所在的局域网中的全部待检测信息,通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测;若未得到全部检测结果,则将未得到检测结果的待检测信息发送至局域网外部的公有云服务器进行安全检测;再根据公有云服务器的检测结果确定未得到检测结果的待检测信息的安全级别;若得到全部检测结果,则关闭轻代理客户端中的轻代理查杀引擎,并将全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使缓存服务器和/或查杀服务器进行局域网中的待检测信息的安全检测。In summary, in the embodiment of the present invention, a light proxy client is set in the virtual machine, and the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and checks and kills all the information through the light proxy client in the light proxy client. The engine performs security detection on all the information to be detected; if all the detection results are not obtained, the information to be detected without detection results is sent to the public cloud server outside the LAN for security detection; and then determined according to the detection results of the public cloud server. The security level of the information to be detected in the detection results; if all the detection results are obtained, the light agent killing engine in the light agent client is closed, and all the information to be detected and all corresponding detection results are sent to the cache server and/or the query server. kill the server, so that the cache server and/or the killing server can perform security detection of the information to be detected in the local area network.
在通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测,并得到全部检测结果时,确定局域网中的全部信息均为被轻代理查杀引擎识别的信息,此时关闭轻代理客户端中的轻代理查杀引擎,不再需要对局域网中的全部信息进行安全检测,节省了局域网中的网络资源和局域网中的虚拟机的资源占用。When the light agent killing engine in the light agent client performs security detection on all the information to be detected and obtains all the detection results, it is determined that all the information in the LAN is recognized by the light agent killing engine. At this time, close The light agent killing engine in the light agent client no longer needs to perform security inspection on all information in the LAN, saving network resources in the LAN and resource occupation of virtual machines in the LAN.
实施例三Embodiment Three
详细介绍本发明实施例提供的一种虚拟化安全检测系统。A virtualization security detection system provided by an embodiment of the present invention is introduced in detail.
参照图3,示出了本发明实施例中的一种虚拟化安全检测系统的结构框图。Referring to FIG. 3 , it shows a structural block diagram of a virtualization security detection system in an embodiment of the present invention.
所述系统可以包括:设置于虚拟机中的轻代理客户端300,以及缓存服务器和/或查杀服务器;The system may include: a light proxy client 300 set in a virtual machine, and a cache server and/or an killing server;
其中,缓存服务器和/或查杀服务器可以设置于物理机或虚拟机中。例如,所述轻代理客户端300可以设置于多台虚拟机中的一台虚拟机中,所述缓存服务器和/或所述查杀服务器可以仅设置于一台物理机中,或者,也可以设置于一台虚拟机中,可选地,所述轻代理客户端300、所述缓存服务器和/或所述查杀服务器可以设置于多台虚拟机中的同一台虚拟机中,而其它虚拟机中则无需设置。Wherein, the cache server and/or the killing server can be set in a physical machine or a virtual machine. For example, the light proxy client 300 may be set in a virtual machine among multiple virtual machines, and the cache server and/or the killing server may be set in only one physical machine, or Set in a virtual machine, optionally, the light proxy client 300, the cache server and/or the killing server can be set in the same virtual machine among multiple virtual machines, while other virtual machines There is no need to set it in the machine.
其中,所述轻代理客户端300,可以包括:待检测信息获取及检测模块3001,待检测信息发送及检测模块3002,检测结果发送模块3003。Wherein, the light proxy client 300 may include: a module 3001 for acquiring and detecting information to be detected, a module 3002 for sending and detecting information to be detected, and a module 3003 for sending detection results.
待检测信息获取及检测模块3001,用于获取所述轻代理客户端300所在的局域网中的全部待检测信息,通过所述轻代理客户端300中的轻代理查杀引擎对所述全部待检测信息进行安全检测。The information to be detected acquisition and detection module 3001 is used to obtain all the information to be detected in the local area network where the light agent client 300 is located, and the light agent killing engine in the light agent client 300 to detect all the information to be detected information for security testing.
待检测信息发送及检测模块3002,用于若所述轻代理查杀引擎对所述全部待检测信息进行安全检测未得到全部检测结果,则将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别。The information to be detected sending and detection module 3002 is used to send the information to be detected without detection results to the local area network if the light agent killing engine performs security detection on all the information to be detected and fails to obtain all detection results An external public cloud server performs security detection; and according to the detection result of the public cloud server, the security level of the information to be detected for which the detection result has not been obtained is determined.
检测结果发送模块3003,用于当所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果时,将所述全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使所述缓存服务器和/或查杀服务器进行所述局域网中的待检测信息的安全检测。A detection result sending module 3003, configured to send all the information to be detected and all corresponding detection results to the cache server and/or The killing server, so that the cache server and/or the killing server performs security detection of the information to be detected in the local area network.
综上所述,本发明实施例在虚拟机中设置轻代理客户端,由轻代理客户端获取轻代理客户端所在的局域网中的全部待检测信息,通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测;若未得到全部检测结果,则将未得到检测结果的待检测信息发送至局域网外部的公有云服务器进行安全检测;再根据公有云服务器的检测结果确定未得到检测结果的待检测信息的安全级别;若得到全部检测结果,则将全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使缓存服务器和/或查杀服务器进行局域网中的待检测信息的安全检测。In summary, in the embodiment of the present invention, a light proxy client is set in the virtual machine, and the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and checks and kills all the information through the light proxy client in the light proxy client. The engine performs security detection on all the information to be detected; if all the detection results are not obtained, the information to be detected without detection results is sent to the public cloud server outside the LAN for security detection; and then determined according to the detection results of the public cloud server. The security level of the information to be detected of the detection result; if all the detection results are obtained, all the information to be detected and all corresponding detection results are sent to the cache server and/or the killing server, so that the cache server and/or the killing server Security detection of the information to be detected in the local area network.
在通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测,并得到全部检测结果时,确定局域网中的全部信息均为被轻代理查杀引擎识别的信息,此时不再需要对局域网中的全部信息进行安全检测,节省了局域网中的网络资源和局域网中的虚拟机的资源占用。When the light agent killing engine in the light agent client performs security detection on all the information to be detected, and obtains all detection results, it is determined that all the information in the local area network is the information recognized by the light agent killing engine. In addition, it is necessary to perform security detection on all information in the local area network, which saves network resources in the local area network and resource occupation of virtual machines in the local area network.
实施例四Embodiment four
详细介绍本发明实施例提供的一种虚拟化安全检测系统。A virtualization security detection system provided by an embodiment of the present invention is introduced in detail.
参照图4,示出了本发明实施例中的一种虚拟化安全检测系统的结构框图。Referring to FIG. 4 , it shows a structural block diagram of a virtualization security detection system in an embodiment of the present invention.
所述系统可以包括:设置于虚拟机中的轻代理客户端400,以及缓存服务器402和/或查杀服务器404。The system may include: a light proxy client 400 set in a virtual machine, and a cache server 402 and/or an antivirus server 404 .
其中,缓存服务器402和/或查杀服务器404可以设置于物理机或虚拟机中。例如,所述轻代理客户端400可以设置于多台虚拟机中的一台虚拟机中,所述缓存服务器402和/或所述查杀服务器404可以仅设置于一台物理机中,或者,也可以设置于一台虚拟机中,可选地,所述轻代理客户端400、所述缓存服务器402和/或所述查杀服务器404可以设置于多台虚拟机中的同一台虚拟机中,而其它虚拟机中则无需设置。Wherein, the cache server 402 and/or the killing server 404 may be set in a physical machine or a virtual machine. For example, the light proxy client 400 may be set in a virtual machine among multiple virtual machines, and the cache server 402 and/or the killing server 404 may be set in only one physical machine, or, It can also be set in a virtual machine, optionally, the light proxy client 400, the cache server 402 and/or the killing server 404 can be set in the same virtual machine among multiple virtual machines , while other virtual machines do not need to be set.
其中,所述轻代理客户端400可以包括:待检测信息获取及检测模块4001,待检测信息发送及检测模块4002,检测结果发送模块4003,轻代理查杀引擎关闭模块4004,第一特征值获取模块4005,第二安全检测模块4006,检测结果返回模块4007,待检测信息发送判断模块4008,全部检测结果确定模块4009。Wherein, the light proxy client 400 may include: a module 4001 for acquiring and detecting information to be detected, a module 4002 for sending and detecting information to be detected, a module 4003 for sending detection results, a module 4004 for closing the light agent killing engine, and acquiring a first characteristic value. Module 4005 , second safety detection module 4006 , detection result return module 4007 , information to be detected transmission judgment module 4008 , all detection result determination module 4009 .
所述缓存服务器402可以包括:关系判断模块4021,待检测信息发送模块4022,安全级别确定模块4023。The cache server 402 may include: a relationship judging module 4021 , an information sending module 4022 to be detected, and a security level determining module 4023 .
所述查杀服务器404可以包括:第二特征值获取模块4041,第二安全检测模块4042。The killing server 404 may include: a second characteristic value acquisition module 4041 and a second security detection module 4042 .
所述轻代理客户端400可以包括:The light proxy client 400 may include:
待检测信息获取及检测模块4001,用于获取所述轻代理客户端400所在的局域网中的全部待检测信息,通过所述轻代理客户端400中的轻代理查杀引擎对所述全部待检测信息进行安全检测。The information to be detected acquisition and detection module 4001 is used to obtain all the information to be detected in the local area network where the light agent client 400 is located, and to detect all the information to be detected by the light agent killing engine in the light agent client 400 information for security testing.
优选地,所述待检测信息获取及检测模块4001从所述局域网中的至少一台物理机的至少一台虚拟机中获取全部待检测信息。Preferably, the information to be detected acquisition and detection module 4001 obtains all information to be detected from at least one virtual machine of at least one physical machine in the local area network.
其中,所述局域网包括至少一台物理机,每台所述物理机包括至少一台虚拟机。Wherein, the local area network includes at least one physical machine, and each of the physical machines includes at least one virtual machine.
优选地,所述待检测信息包括文件信息、网址信息、访问路径信息、注册表读写信息中的至少一种。Preferably, the information to be detected includes at least one of file information, website information, access path information, and registry read/write information.
待检测信息发送及检测模块4002,用于若所述轻代理查杀引擎对所述全部待检测信息进行安全检测未得到全部检测结果,则将未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测;根据所述公有云服务器的检测结果确定所述未得到检测结果的待检测信息的安全级别。The information to be detected sending and detection module 4002 is used to send the information to be detected without detection results to the local area network if the light agent killing engine performs security detection on all the information to be detected and fails to obtain all detection results An external public cloud server performs security detection; and according to the detection result of the public cloud server, the security level of the information to be detected for which the detection result has not been obtained is determined.
优选地,所述待检测信息发送及检测模块4002按照预设的扫描顺序,将所述未得到检测结果的待检测信息发送至所述局域网外部的公有云服务器进行安全检测。Preferably, the information to be detected sending and detecting module 4002 sends the information to be detected without detection results to a public cloud server outside the local area network for security detection according to a preset scanning sequence.
检测结果发送模块4003,用于当所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果时,将所述全部待检测信息和对应的全部检测结果发送至缓存服务器402和/或查杀服务器404,以使所述缓存服务器402和/或查杀服务器404进行所述局域网中的待检测信息的安全检测。A detection result sending module 4003, configured to send all the information to be detected and all corresponding detection results to the cache server 402 and/or when the light agent killing engine obtains all the detection results of all the information to be detected Or the killing server 404, so that the cache server 402 and/or the killing server 404 performs security detection of the information to be detected in the local area network.
轻代理查杀引擎关闭模块4004,用于当所述轻代理查杀引擎获取到所述全部待检测信息的全部检测结果时,关闭所述轻代理客户端400中的轻代理查杀引擎。The light agent checking and killing engine closing module 4004 is configured to close the light agent checking and killing engine in the light agent client 400 when the light agent checking and killing engine obtains all the detection results of all the information to be detected.
第一特征值获取模块4005,用于获取所述全部待检测信息的全部特征值。The first feature value obtaining module 4005 is configured to obtain all feature values of all the information to be detected.
第二安全检测模块4006,用于通过所述轻代理查杀引擎扫描所述全部特征值对所述全部待检测信息进行安全检测。The second security detection module 4006 is configured to perform security detection on all the information to be detected by scanning all the characteristic values through the light agent killing engine.
检测结果返回模块4007,用于将所述公有云服务器的检测结果返回给所述缓存服务器402和/或查杀服务器404。The detection result returning module 4007 is configured to return the detection result of the public cloud server to the cache server 402 and/or the killing server 404 .
待检测信息发送判断模块4008,用于通过所述轻代理查杀引擎判断在设定时间段内是否需要将所述局域网中的待检测信息发送至所述局域网外部的公有云服务器进行安全检测。The information to be detected sending judging module 4008 is used to judge whether the information to be detected in the local area network needs to be sent to a public cloud server outside the local area network for security detection within a set period of time through the light agent killing engine.
全部检测结果确定模块4009,用若在设定时间段内不需要将所述局域网中的待检测信息发送至所述局域网外部的公有云服务器进行安全检测,则通过所述轻代理查杀引擎确定获取到所述局域网中的全部待检测信息的全部检测结果。All detection results determining module 4009, if it is not necessary to send the information to be detected in the local area network to the public cloud server outside the local area network for security detection within the set time period, then determine the result through the light agent killing engine All detection results of all the information to be detected in the local area network are acquired.
所述缓存服务器402,可以包括The cache server 402 may include
关系判断模块4021,用于判断是否缓存有所述待检测信息与所述待检测信息对应的安全级别的对应关系。The relationship judging module 4021 is configured to judge whether the corresponding relationship between the information to be detected and the security level corresponding to the information to be detected is cached.
待检测信息发送模块4022,用于若所述缓存服务器402中不存在所述待检测信息与所述待检测信息对应的安全级别的对应关系,则将所述待检测信息发送给所述查杀服务器404进行所述待检测信息的安全检测。An information-to-be-detected sending module 4022, configured to send the information to be detected to the scanning and killing information if there is no corresponding relationship between the information to be detected and the security level corresponding to the information to be detected in the cache server 402 The server 404 performs security detection of the information to be detected.
安全级别确定模块4023,用于若所述缓存服务器402中存在所述待检测信息与所述待检测信息对应的安全级别的对应关系,则根据所述对应关系确定所述待检测信息的安全级别,或根据所述查杀服务器404的检测结果确定所述待检测信息的安全级别。A security level determination module 4023, configured to determine the security level of the information to be detected according to the corresponding relationship if there is a correspondence between the information to be detected and the security level corresponding to the information to be detected in the cache server 402 , or determine the security level of the information to be detected according to the detection result of the killing server 404 .
所述查杀服务器404,可以包括:The killing server 404 may include:
第二特征值获取模块4041,用于获取所述待检测信息的特征值。The second feature value obtaining module 4041 is configured to obtain the feature value of the information to be detected.
第二安全检测模块4042,用于通过所述查杀服务器404的查杀引擎扫描所述特征值对所述待检测信息进行安全检测。The second security detection module 4042 is configured to perform security detection on the information to be detected by scanning the feature value through the detection and killing engine of the killing server 404 .
综上所述,本发明实施例在虚拟机中设置轻代理客户端,由轻代理客户端获取轻代理客户端所在的局域网中的全部待检测信息,通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测;若未得到全部检测结果,则将未得到检测结果的待检测信息发送至局域网外部的公有云服务器进行安全检测;再根据公有云服务器的检测结果确定未得到检测结果的待检测信息的安全级别;若得到全部检测结果,则关闭轻代理客户端中的轻代理查杀引擎,并将全部待检测信息和对应的全部检测结果发送至缓存服务器和/或查杀服务器,以使缓存服务器和/或查杀服务器进行局域网中的待检测信息的安全检测。In summary, in the embodiment of the present invention, a light proxy client is set in the virtual machine, and the light proxy client obtains all the information to be detected in the local area network where the light proxy client is located, and checks and kills all the information through the light proxy client in the light proxy client. The engine performs security detection on all the information to be detected; if all the detection results are not obtained, the information to be detected without detection results is sent to the public cloud server outside the LAN for security detection; and then determined according to the detection results of the public cloud server. The security level of the information to be detected in the detection results; if all the detection results are obtained, the light agent killing engine in the light agent client is closed, and all the information to be detected and all corresponding detection results are sent to the cache server and/or the query server. kill the server, so that the cache server and/or the killing server can perform security detection of the information to be detected in the local area network.
在通过轻代理客户端中的轻代理查杀引擎对全部待检测信息进行安全检测,并得到全部检测结果时,确定局域网中的全部信息均为被轻代理查杀引擎识别的信息,此时关闭轻代理客户端中的轻代理查杀引擎,不再需要对局域网中的全部信息进行安全检测,节省了局域网中的网络资源和局域网中的虚拟机的资源占用。When the light agent killing engine in the light agent client performs security detection on all the information to be detected and obtains all the detection results, it is determined that all the information in the LAN is recognized by the light agent killing engine. At this time, close The light agent killing engine in the light agent client no longer needs to perform security inspection on all information in the LAN, saving network resources in the LAN and resource occupation of virtual machines in the LAN.
在此提供的虚拟化安全检测方案不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造具有本发明方案的系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The virtualization security detection solutions provided herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct a system having the solution of the present invention is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的虚拟化安全检测方案中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the virtualization security detection solution according to the embodiment of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7ACN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410818266.7ACN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
| Publication Number | Publication Date |
|---|---|
| CN104504339A CN104504339A (en) | 2015-04-08 |
| CN104504339Btrue CN104504339B (en) | 2017-11-07 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410818266.7AActiveCN104504339B (en) | 2014-12-24 | 2014-12-24 | Virtualize safety detection method and system |
| Country | Link |
|---|---|
| CN (1) | CN104504339B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487775B (en)* | 2015-09-01 | 2020-01-21 | 阿里巴巴集团控股有限公司 | Service data processing method and device based on cloud platform |
| CN105893849B (en)* | 2016-03-30 | 2019-06-21 | 北京北信源软件股份有限公司 | Method for distributing patch under a kind of virtual platform |
| CN106383735A (en)* | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| CN114615035B (en)* | 2022-02-28 | 2023-12-08 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244622A (en)* | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en)* | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104680A1 (en)* | 2006-10-02 | 2008-05-01 | Gibson Gregg K | Local Blade Server Security |
| CN107608755A (en)* | 2010-07-01 | 2018-01-19 | 纽戴纳公司 | Split process between cluster by process type to optimize the use of cluster particular configuration |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244622A (en)* | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102523215A (en)* | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| Publication number | Publication date |
|---|---|
| CN104504339A (en) | 2015-04-08 |
| Publication | Publication Date | Title |
|---|---|---|
| US8683596B2 (en) | Detection of DOM-based cross-site scripting vulnerabilities | |
| US9367685B2 (en) | Dynamically optimizing performance of a security appliance | |
| CN103034808B (en) | Scan method, equipment and system and cloud management and equipment | |
| US11361072B2 (en) | Runtime detection of browser exploits via injected scripts | |
| CN103685258A (en) | Method and device for fast scanning website loopholes | |
| CN104298923B (en) | Leak type identification method and device | |
| CN104504339B (en) | Virtualize safety detection method and system | |
| CN102982284A (en) | Scanning equipment, cloud management equipment and method and system used for malicious program checking and killing | |
| CN103701816B (en) | Perform the scan method and scanning means of the server of Denial of Service attack | |
| CN106384048A (en) | Threat message processing method and device | |
| CN104504331B (en) | Virtualize safety detection method and system | |
| CN108234480B (en) | Intrusion detection method and device | |
| CN104579819B (en) | network security detection method and device | |
| CN104537304B (en) | File checking and killing method, device and system | |
| CN104504330B (en) | Virtualize safety detection method and system | |
| CN109597675A (en) | Virtual machine Malware behavioral value method and system | |
| CN104750536B (en) | A kind of method and apparatus realized virtual machine and examined oneself | |
| CN104598818A (en) | System and method for detecting file in virtual environment | |
| CN105515882A (en) | Website security detection method and website security detection device | |
| KR102292844B1 (en) | Apparatus and method for detecting malicious code | |
| CN102917053B (en) | A kind of method, apparatus and system for judging webpage urlrewriting | |
| CN105516053B (en) | Website security detection method and device | |
| JP2016181208A (en) | Fraud monitoring device and fraud monitoring program | |
| US10645098B2 (en) | Malware analysis system, malware analysis method, and malware analysis program | |
| JP6258189B2 (en) | Specific apparatus, specific method, and specific program |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right | Effective date of registration:20161207 Address after:100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after:BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before:100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before:Qizhi software (Beijing) Co.,Ltd. | |
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder | Address after:100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after:QAX Technology Group Inc. Address before:100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before:BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |