標題: 磁碟傷害範圍估測機制
A Storage-Layer Security Attack Damage Estimation Mechanism
作者: 鄭又瑞
Cheng, Yu-Jui
吳育松
Wu, Yu-Sung
資訊科學與工程研究所
關鍵字: 磁碟;傷害;估測;storage;disk;damage;estimate
公開日期: 2014
摘要: 利用行為比對偵測惡意程式有很高的偵測率。然而觀測行為時,惡意程式仍持續對系統造成傷害,因此在判定惡意程式後,對其造成的傷害進行估測,可以協助管理者修復造成的系統傷害。 在半虛擬化的環境下,我們設計一套傷害範圍估測機制,藉由記錄在虛擬機中程式寫入的檔案路徑以及磁區位置,估測惡意程式造成的傷害範圍。我們修改xen-blkback攔截磁碟寫入的磁區位置,修改Xen hypervisor攔截系統呼叫,將兩者的I/O資訊合併進行傷害範圍估測。
Behavior matching is a malware detection method with high detection rate. However, during the time matching behaviors, the malware is continually making damage. Thus, estimating the damaged area the detected malware made can help administrator relieve the damage. In paravirtualized environment, we design a storage-layer damage estimation mechanism. We estimate the damage that a malware made by using the disk I/O information from guest VM. We modify xen-blkback to intercept raw disk I/O information, and Xen hypervisor to intercept system calls. We combine raw disk information and system call information to estimate damaged area.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070156031
http://hdl.handle.net/11536/75789
Appears in Collections:Thesis


Files in This Item:

  1. 603101.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.