Constructing a Cloud-Based IDS by Merging VMI with FMA
Trust, Security and Privacy in Computing and Communications(2012)
摘要
Cloud computing has emerged in recent years as a major segment of the IT industry; however, security concerns remain the primary impediment to full-scale adoption. Leveraging properties of virtualization, virtual machine introspection (VMI) has yielded promising research for cloud security yet adoption of these approaches in production environments remains minimal due to a semantic gap: the extraction of high-level knowledge of the guest operating system's state from low-level artifacts collected out-of-VM. Within the field of forensic memory analysis (FMA), a similar semantic gap exists from the reconstruction of physical memory dumps. We implement a production oriented prototype utilizing designs that combines and narrows these semantic gaps in a modular framework to function as an intrusion detection system (IDS) detecting and defeating post-exploitation activity.
更多查看译文
关键词
cloud computing,computer forensics,invasive software,knowledge acquisition,virtual machines,virtualisation,FMA,IT industry,VMI,cloud computing-based IDS construction,cloud security,forensic memory analysis,high-level knowledge extraction,intrusion detection system,leveraging properties,low-level artifacts,modular framework,operating system state,physical memory dump reconstruction,postexploitation activity,production environments,production oriented prototype,semantic gap,virtual machine introspection,virtualization,cloud,malware,secure monitoring,virtual machines,
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要