ISCAS OpenIR
peda: comprehensive damage assessment for production environment server systems
Zhang Shengzhi; Jia Xiaoqi; Liu Peng; Jing Jiwu
2011
发表期刊IEEE Transactions on Information Forensics and Security
ISSN1556-6013
卷号6期号:4页码:1323-1334
摘要Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.; Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.
收录类别EI ; SCI
关键词Computer Simulation
部门归属(1) Department of Computer Science and Engineering Pennsylvania State University University Park PA 16802 United States; (2) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China; (3) College of Information Sciences and Technology Pennsylvania State University University Park PA 16802 United States; (4) State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China
学科领域Computer Science ; Engineering
资助者AFOSRFA9550-07-1-0527; AROW911NF-09-1-0525; NSFCNS-0905131; AFRLFA8750-08-C-0137; NSFC61073179
语种英语
WOS记录号WOS:000297344200012
引用统计
内容类型期刊论文
URI标识http://ir.iscas.ac.cn/handle/311060/16067
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. peda: comprehensive damage assessment for production environment server systems[J]. IEEE Transactions on Information Forensics and Security,2011,6(4):1323-1334.
APA Zhang Shengzhi,Jia Xiaoqi,Liu Peng,&Jing Jiwu.(2011).peda: comprehensive damage assessment for production environment server systems.IEEE Transactions on Information Forensics and Security,6(4),1323-1334.
MLA Zhang Shengzhi,et al."peda: comprehensive damage assessment for production environment server systems".IEEE Transactions on Information Forensics and Security 6.4(2011):1323-1334.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Zhang Shengzhi]的文章
[Jia Xiaoqi]的文章
[Liu Peng]的文章
百度学术
百度学术中相似的文章
[Zhang Shengzhi]的文章
[Jia Xiaoqi]的文章
[Liu Peng]的文章
必应学术
必应学术中相似的文章
[Zhang Shengzhi]的文章
[Jia Xiaoqi]的文章
[Liu Peng]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。