peda: comprehensive damage assessment for production environment server systems
文献类型:期刊论文
| 作者 | Zhang Shengzhi ; Jia Xiaoqi ; Liu Peng ; Jing Jiwu |
| 刊名 | IEEE Transactions on Information Forensics and Security
 |
| 出版日期 | 2011 |
| 卷号 | 6期号:4页码:1323-1334 |
| 关键词 | Computer simulation |
| ISSN号 | 1556-6013 |
| 中文摘要 | Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE. |
| 英文摘要 | Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE. |
| 学科主题 | Computer Science ; Engineering |
| 收录类别 | EI ; SCI |
| 资助信息 | AFOSRFA9550-07-1-0527; AROW911NF-09-1-0525; NSFCNS-0905131; AFRLFA8750-08-C-0137; NSFC61073179 |
| 语种 | 英语 |
| WOS记录号 | WOS:000297344200012 |
| 公开日期 | 2013-10-08 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16067]  |
| 专题 | 软件研究所_软件所图书馆_期刊论文 |
| 推荐引用方式 GB/T 7714 | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. peda: comprehensive damage assessment for production environment server systems[J]. IEEE Transactions on Information Forensics and Security,2011,6(4):1323-1334. |
| APA | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,&Jing Jiwu.(2011).peda: comprehensive damage assessment for production environment server systems.IEEE Transactions on Information Forensics and Security,6(4),1323-1334. |
| MLA | Zhang Shengzhi,et al."peda: comprehensive damage assessment for production environment server systems".IEEE Transactions on Information Forensics and Security 6.4(2011):1323-1334. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。