Collapsar: a VM-based architecture for network attack detention center
作者: Xuxian Jiang , Dongyan Xu
DOI:
关键词:
摘要: The honeypot has emerged as an effective tool to provide insights into new attacks and current exploitation trends. Though effective, a single or multiple independently operated honeypots only limited local view of network attacks. Deploying managing large number coordinating in different domains will not broader more diverse view, but also create potentials global status inference, early anomaly detection, attack correlation scale. However, coordinated deployment operation require close consistent collaboration across participating domains, order mitigate potential security risks associated with each the non-uniform level expertise domains. It is challenging, yet desirable, two conflicting features decentralized presence uniform management operation. To address these challenges, this paper presents Collapsar, virtual-machine-based architecture for detention. A Collapsar center hosts manages high-interaction virtual dedicated network. These appear, intruders, typical systems their respective production networks. Decentralized logical provides wide attacks, while centralized enables administration convenient event correlation, eliminating need experts domain. We present design, implementation, evaluation testbed. Our experiments several real-world incidences demonstrate effectiveness practicality Collapsar.
参考文章(16)
Vern Paxson, Yin Zhang, Detecting stepping stones usenix security symposium. pp. 13- 13 ,(2000)
Hakim Weatherspoon, Jason Lee, Brent Chun, Brent N. Chun, Netbait: a Distributed Worm Detection Service ,(2003)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Jeff Dike, User Mode Linux ,(2006)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
P. Traina, D. Farinacci, S. Hanks, T. Li, Generic Routing Encapsulation over IPv4 networks RFC. ,vol. 1702, pp. 1- 4 ,(1994)
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
D. Farinacci, S. Hanks, T. Li, P. Traina, D. Meyer, Generic Routing Encapsulation (GRE) RFC 2784. ,vol. 1701, pp. 1- 8 ,(2000)
Matthew M. Williamson, Jamie Twycross, Implementing and testing a virus throttle usenix security symposium. pp. 20- 20 ,(2003)