Institutional Repository
| peda: comprehensive damage assessment for production environment server systems | |
| Zhang Shengzhi; Jia Xiaoqi; Liu Peng; Jing Jiwu | |
| 2011 | |
| Source | IEEE Transactions on Information Forensics and Security
 |
| ISSN | 1556-6013 |
| Volume | 6Issue:4Pages:1323-1334 |
| English Abstract | Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.; Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE. |
| Indexed Type | EI ; SCI |
| Keyword | Computer Simulation |
| Department | (1) Department of Computer Science and Engineering Pennsylvania State University University Park PA 16802 United States; (2) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China; (3) College of Information Sciences and Technology Pennsylvania State University University Park PA 16802 United States; (4) State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China |
| Subject | Computer Science ; Engineering |
| Sponsorship | AFOSRFA9550-07-1-0527; AROW911NF-09-1-0525; NSFCNS-0905131; AFRLFA8750-08-C-0137; NSFC61073179 |
| Language | 英语 |
| WOS ID | WOS:000297344200012 |
| Citation statistics | |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16067 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. peda: comprehensive damage assessment for production environment server systems[J]. IEEE Transactions on Information Forensics and Security,2011,6(4):1323-1334. |
| APA | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,&Jing Jiwu.(2011).peda: comprehensive damage assessment for production environment server systems.IEEE Transactions on Information Forensics and Security,6(4),1323-1334. |
| MLA | Zhang Shengzhi,et al."peda: comprehensive damage assessment for production environment server systems".IEEE Transactions on Information Forensics and Security 6.4(2011):1323-1334. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment