发明名称 |
Detecting stealth network communications |
摘要 |
A computer has a hypervisor that supervises a virtual machine. The virtual machine includes a guest security module that enforces a security policy on network traffic entering and exiting the virtual machine. Malicious software (malware) uses stealth network communications to avoid the guest security module and attempts to communicate with its home base. A security module within the hypervisor has access to all network communications entering and exiting the computer. The security module communicates with the guest security module to identify communications of which the guest security module is aware. The security module analyzes the network communications for the computer to identify a stealth network communication of which the guest security module is unaware. The security module alters the stealth network communication, thereby prevent the malware from communicating with its home base. |
申请公布号 |
US8079030(B1) |
申请公布日期 |
2011.12.13 |
申请号 |
US20070685534 |
申请日期 |
2007.03.13 |
申请人 |
SATISH SOURABH;HERNACKI BRIAN;SYMANTEC CORPORATION |
发明人 |
SATISH SOURABH;HERNACKI BRIAN |
分类号 |
G06F9/455;H04L29/06 |
主分类号 |
G06F9/455 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|