Institutional Repository
| peda: comprehensive damage assessment for production environment server systems | |
| Zhang Shengzhi; Jia Xiaoqi; Liu Peng; Jing Jiwu | |
| 2011 | |
| 发表期刊 | IEEE Transactions on Information Forensics and Security
![]() |
| ISSN | 1556-6013 |
| 卷号 | 6期号:4页码:1323-1334 |
| 摘要 | Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.; Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE. |
| 收录类别 | EI ; SCI |
| 关键词 | Computer Simulation |
| 部门归属 | (1) Department of Computer Science and Engineering Pennsylvania State University University Park PA 16802 United States; (2) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China; (3) College of Information Sciences and Technology Pennsylvania State University University Park PA 16802 United States; (4) State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China |
| 学科领域 | Computer Science ; Engineering |
| 资助者 | AFOSRFA9550-07-1-0527; AROW911NF-09-1-0525; NSFCNS-0905131; AFRLFA8750-08-C-0137; NSFC61073179 |
| 语种 | 英语 |
| WOS记录号 | WOS:000297344200012 |
| 引用统计 | |
| 内容类型 | 期刊论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/16067 |
| 专题 | 中国科学院软件研究所 |
| 推荐引用方式 GB/T 7714 | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. peda: comprehensive damage assessment for production environment server systems[J]. IEEE Transactions on Information Forensics and Security,2011,6(4):1323-1334. |
| APA | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,&Jing Jiwu.(2011).peda: comprehensive damage assessment for production environment server systems.IEEE Transactions on Information Forensics and Security,6(4),1323-1334. |
| MLA | Zhang Shengzhi,et al."peda: comprehensive damage assessment for production environment server systems".IEEE Transactions on Information Forensics and Security 6.4(2011):1323-1334. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论