Abstract: A computer-implemented method for facilitating automatic malware signature generation may comprise disassembling a malware program, identifying one or more byte sequences within the disassembled malware program that have a likelihood of being representative of one or more library functions contained within the malware program, and preventing the one or more byte sequences from being included within one or more malware signatures. Corresponding systems and computer-readable storage media are also disclosed.

Abstract: A load balancing routing method for networks is disclosed. The routing method includes following steps. A network topology graph and a plurality of expected bandwidth demands corresponding to a plurality of source-destination pairs are received by a network server. A plurality of link criticalities of a plurality of links established according to the source-destination pairs is calculated by the network server according to the network topology graph and the expected bandwidth demands. A plurality of expected loads of the links is calculated by the network server according to the link criticalities. A plurality of cost values is calculated according to a plurality of residual capacities of the links and the corresponding expected loads. A better transmission path corresponding to each of the source-destination pairs is selected by the network server according to the weighted sum of the cost values corresponding to the links in the source-destination pair.

Abstract: The present disclosure proposes a disk logging method configured for an electronic device comprising a temporary non-volatile storage medium to log data from a volatile memory to said first storage medium, and the method includes the elements of aggregating data from applications of the electronic device in a queue, transferring the aggregated data to a per device queue targeted toward a native queue of the storage medium, writing the data stored in the native queue of the storage medium into a disk platter of the storage medium, and transmitting an interrupt in response to the completion of the writing of the data to the disk platter, wherein the first batch size is dynamically adjusted such that the step of writing the data to the platter takes more time than the step of transferring the data from the per device queue to the native queue of the storage medium.

Abstract: A document processing method and system divides a document into document pages, and encrypts the document pages by first key to obtain a plurality of encrypted pages; picks a part of words from the document pages and encrypts them by second key to obtain a Significant Word Set (SWS); picks a part of words from the picked part of words and encrypts them by third key to obtain a Most Relevant Word Set (MRWS). The encrypted pages, the SWS and the MRWS are transmits to a remote server for storage. When user search a keyword in the document, the keyword is encrypted by the second and third keys for performing two query. The first query result is decrypted to obtain the search result. The second query result is decrypted and then checked whether it is a subset of the first decrypted query result for detecting unfaithful execution.

Abstract: A data center network system and a packet forwarding method thereof are provided. The data center network system includes a virtual bridge and an address resolution protocol (ARP) server. The virtual bridge intercepts an ARP request having an identification field and a destination IP address field and adds a corresponding virtual data center identification to the identification field of the ARP request and redirecting the ARP request to the ARP server. Additionally, the ARP server queries a corresponding MAC address according to an IP address recorded in the destination IP address field of the ARP request and the corresponding VDCID recorded in the identification field of the ARP request, and transmits the corresponding MAC address in response to the ARP request. Accordingly, the same private IP address can be reused in the data center network system.

Abstract: A method for accessing files on a storage system is provided. A hash memory table including a plurality of hash buckets respectively corresponding to a plurality of index hash codes is built. Each of the hash buckets has a pointer pointing towards at least one entry. Each of the entries has a physical address field and a hash code field. The physical address fields respectively record physical addresses storing the files, and the hash code fields respectively record verification hash codes corresponding to the files. The index hash codes are generated by inputting keys of the files to an index hash function and the verification hash codes are generated by inputting keys of the files to a verification hash function. Then, the hash memory table is loaded into the buffer with a bucket-based replacement policy so that the files are able to be accessed according to the hash memory table.

Abstract: According to one exemplary embodiment, a method for analyzing root causes applies an application-level dependency discovery and anomaly detection to find application-level dependencies in one or more virtual machines (VMs), and generate an application-level topology with anomaly, and then transfers the application-level topology with anomaly to a VM-level dependency, and transfers the VM-level dependency to a physical machine level (PM-level) dependency via a physical and virtual resource mapping, and eventually generates a group of event sets. A prioritized event list is generated by prioritizing the group of event sets.

Abstract: A power management method for electro-chemical batteries in low capacity state is provided, including: obtaining battery information based on device hardware, to know in advance the maximum allowable current and maximum allowable power when the battery power is low; by detecting the changes in the voltage versus current, updating BCC curve; using BCC curve as power budget to control the ON/OFF of device function thread; and determining whether the minimum battery capacity and the control restriction are reached, and when the minimum battery capacity and the control restriction are reached, turn off the battery through normal shutdown process; otherwise, return to the step of obtaining battery information.

Abstract: A method and a manager physical machine (PM) for virtual machine (VM) consolidation are provided. The method is performed by the manager PM. A network connects the manager PM and a plurality of server PMs. A plurality of VMs is running on the server PMs. The method includes the following steps. The manager PM classifies the server PMs into redundant PMs and surviving PMs. The manager PM determines migration paths of the VMs running on the redundant PMs to the surviving PMs. The manager PM determines a parallel migration sequence of the VMs running on the redundant PMs based on the migration paths. The manager PM migrates the VMs running on the redundant PMs to the surviving PMs in parallel according to the parallel migration sequence.

Abstract: A method of converting a routing mode of a network is provided, wherein a plurality of first routes connected a central controller to a plurality of nodes are established in the network through a spanning tree protocol and a plurality of second routes between the nodes in the network through the spanning tree protocol. The method includes enabling a firewall of each of the nodes to block the second routes; disabling a spanning tree protocol function of each of the nodes; populating a forwarding table of each of the nodes with a plurality of predetermined routing paths; and flushing the firewall of each of the nodes, wherein a plurality of third routes between the central controller and the plurality of nodes are established according to the predetermined routing paths without the spanning tree protocol, after the firewall of each of the nodes is flushed.

Abstract: A data center network system and a packet forwarding method are provided. The data center network includes a management server and a plurality of machines containing physical machines and virtual machines. The management server configures a logical media access control (MAC) address for each of the machines, wherein most significant bytes of each of the logical MAC addresses are set as 0. When a data packet is about to be sent from a physical machine, the physical machine executes an encapsulation procedure on the data packet for forwarding the data packet to an intermediate node between a transmitter and a receiver of the data packet, and the intermediate node executes a decapsulation procedure on the data packet for forwarding the data packet to the true receiver. Accordingly, the number of virtual machines exposed to the forwarding table of Ethernet switches can be effectively reduced.

Abstract: A method and a computer system for memory management on a virtual machine system are provided. The memory management method includes the following steps. A least recently used (LRU) list is maintained by at least one processor according to a last access time, wherein the LRU list includes a plurality of memory pages. A first portion of the memory pages are stored in a virtual memory, a second portion of the memory pages are stored in a zram driver, and a third portion of the memory pages are stored in at least one swap disk. A space in the zram driver is set by the at least one processor. The space in the zram driver is adjusted by the processor according to a plurality of access probabilities of the memory pages in the zram driver, an overhead of a pseudo page fault, and an overhead of a true page fault.

Abstract: A memory management method for a virtual machine system is provided. First, a first threshold value is set by a processor. A balloon target is then set to an allocated virtual memory size and decremented by a first decrement value stepwise by the processor according to a swapin/refault detecting result in a first adjustment state. The swapin/refault detecting result is generated by detecting at least one swapin or refault events by the processor. The balloon target stops being decremented by the processor according to the swapin/refault detecting result in a cool-down state. The balloon target is decremented by a second decrement value stepwise by the processor in a second adjustment state which is after the cool-down state. The second decrement value is less than the first decrement value, and the balloon target is not less than the first threshold value.

Abstract: A method and a computer system for memory management on a virtual machine system are provided. The memory management method includes the following steps. First, a working set size of each of a plurality of virtual machines on the virtual machine system is obtained by at least one processor, wherein the working set size is an amount of memory required to run applications on each of the virtual machines. Then, an amount of storage memory is allocated to each of the virtual machines by the at least one processor according to the working set size of each of the virtual machines and at least one swapin or refault event, wherein the storage memory is a part of memory available from the computer system.

Abstract: A method of cloning data in a memory for a source virtual machine (VM) and at least one cloned virtual machine is proposed. A mapping relationship between a guest physical address from the source VM or the cloned VM and a host physical address of the memory is defined by a plurality of page tables configured in a plurality of hierarchical levels. In the method, metadata of the page tables in the highest level or the higher levels of the plurality of hierarchical levels is copied to the virtual machine. Remaining metadata of the page tables in the levels other than the highest level or the higher levels of the plurality of hierarchical levels is replicated to the virtual machine in response to the access operation. Data stored in the corresponding address of the memory is accessed according to the metadata and the replicated metadata.

Abstract: A method for identifying memories of virtual machines is provided. The method is adapted to a computer system executing at least one virtual machine, and an operating system is executed on the virtual machine. The method includes the following steps. A kernel file of the operating system is obtained, and the kernel file includes version information of the operation system. A source code and a configuration file of the operating system are obtained according to the version information, and the versions of the source code and the configuration file are complied with the version of the operating system. An object file is generated by compiling a fixed interface function with the source code according to the configuration file. Memory pages of the virtual machine are identified according to the object file. Furthermore, a computer system using the foregoing method is also provided.

Abstract: A network system and a method of address resolution are provided. The network system includes a network, a plurality of virtual machines, a routing module and a path directory module. Each virtual machine includes an internet protocol (IP) address and N media access control (MAC) addresses, so as to connect the network through N transmission routes. The routing module detects and calculates states of the transmission routes. The path directory module receives and decodes an address resolution protocol (ARP) request presented by at least one source virtual machine to reply path information, which includes N MAC addresses corresponding to an IP address of a destination virtual machine and states of the N transmission routes. Thus, the virtual machines present the ARP request without broadcast, so that the problem of network congestion is solved.

Abstract: To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, the software may enforce the execution exception to prevent packers from changing whether a page is executable and thereby evading the scanning of dynamically created code. The software may also include exception handlers to allow a program to write to a page that contains the code being executed, but also limit such an operation (e.g., to a single step) to avoid evasion of the antivirus software.

Abstract: A method for object tracking is provided, which is suitable for retrieving and analyzing distributed surveillance data. The method for object tracking includes the following steps: determining a set of surveillance data corresponding to at least one initial object spot in a set of initial object spots according to a location and a time of the initial object spot; retrieving segments of surveillance data in the set of surveillance data; finding at least one discovered object spot matching a target object qualification in the set of surveillance data and adding the discovered object spot into a set of discovered object spots; setting the set of initial object spots to be the set of discovered object spots and repeating the aforementioned steps when the set of discovered object spots is not empty; and outputting the discovered object spot when the set of discovered object spots is empty.

Abstract: A document processing method and system divides a document into document pages, and encrypts the document pages by first key to obtain a plurality of encrypted pages; picks a part of words from the document pages and encrypts them by second key to obtain a Significant Word Set (SWS); picks a part of words from the picked part of words and encrypts them by third key to obtain a Most Relevant Word Set (MRWS). The encrypted pages, the SWS and the MRWS are transmits to a remote server for storage. When user search a keyword in the document, the keyword is encrypted by the second and third keys for performing two query. The first query result is decrypted to obtain the search result. The second query result is decrypted and then checked whether it is a subset of the first decrypted query result for detecting unfaithful execution.