A Virtual Machine Introspection Based Architecture for Intrusion Detection.
作者: Tal Garfinkel , Mendel Rosenblum
DOI:
关键词:
摘要: Today’s architectures for intrusion detection force the IDS designer to make a difficult choice. If resides on host, it has an excellent view of what is happening in that host’s software, but highly susceptible attack. On other hand, if network, more resistant attack, poor inside making evasion. In this paper we present architecture retains visibility host-based IDS, pulls outside host greater attack resistance. We achieve through use virtual machine monitor. Using approach allows us isolate from monitored still retain into state. The VMM also offers unique ability completely mediate interactions between software and underlying hardware. detailed study our architecture, including Livewire, prototype implementation. demonstrate Livewire by implementing suite simple policies using them detect real attacks.
ndss-symposium.org
stanford.edu
isoc.org
fit.edu
utdallas.edu 参考文章(26)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Douglas Kilpatrick, Lee Badger, Timothy Fraser, Calvin Ko, Detecting and countering system intrusions using software wrappers usenix security symposium. pp. 11- 11 ,(2000)
Yihua Liao, V. Rao Vemuri, Using Text Categorization Techniques for Intrusion Detection usenix security symposium. pp. 51- 59 ,(2002)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368
Robert P Goldberg, Architectural Principles for Virtual Computer Systems ,(1973)
P.M. Chen, B.D. Noble, When virtual is better than real [operating system relocation to virtual machines] Proceedings Eighth Workshop on Hot Topics in Operating Systems. pp. 133- 138 ,(2001) , 10.1109/HOTOS.2001.990073
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Marvin Schaefer, Barry Gold, Richard Linde, John Scheid, Program confinement in KVM/370 Proceedings of the 1977 annual conference on - ACM '77. pp. 404- 410 ,(1977) , 10.1145/800179.1124633