Virtual platform threat behavior analysis method and system based on KNN

Virtual platform threat behavior analysis method and system based on KNN

The invention discloses a virtual platform threat behavior analysis method and system based on KNN, and belongs to the field of network security, and the method comprises the steps: firstly, extracting memory data in a virtual platform; analyzing the memory data to obtain threat source data; finally...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: YANG LING, WANG MIAO, DAI QIYI, CHEN YIXIN, ZOU QIANYING
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
HANDLING RECORD CARRIERS
PHYSICS
PRESENTATION OF DATA
RECOGNITION OF DATA
RECORD CARRIERS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a virtual platform threat behavior analysis method and system based on KNN, and belongs to the field of network security, and the method comprises the steps: firstly, extracting memory data in a virtual platform; analyzing the memory data to obtain threat source data; finally, identifying threat software of the threat source data by using a K-nearest algorithm, and if the threat software does not exist, ending the algorithm; if the threatening software exists, finishing the behavior reduction of the threatening software by utilizing a clue database, and ending the algorithm; according to the method, clue data can be collected based on the outside of the VMware Vshpere virtual platform, clue coverage cannot be generated in the virtual platform, and the clue data cannot be deceived by threatening software; full-automatic analysis is peformed on the threat clues through the K-nearest algorithm, and the analysis efficiency of the threat behaviors is improved. 本发明公开了一种基于KNN的虚拟平台威胁行为分析方法及系统,