Collapsar: A VM-based architecture for network attack detention center

Proceedings of the 13th USENIX Security Symposium

Volumn , Issue , 2004, Pages

  Jiang, Xuxian ^a   Xu, Dongyan ^a  

^a Purdue University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; COMPUTER CRIME; NETWORK ARCHITECTURE; VIRTUAL ADDRESSES; VIRTUAL MACHINE;

CENTRALIZED OPERATIONS; DEDICATED NETWORKS; EVENT CORRELATION; GLOBAL NETWORKS; NETWORK ANOMALY DETECTION; NETWORK DOMAINS; PRODUCTION NETWORK; REAL-WORLD ATTACK;

NETWORK SECURITY;

EID: 85084164812     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (43)

1. Internet Storm Center. http://isc.sans.org.
2. Iroffer. http://iroffer.org/.
3. Napster. http://www.napster.com/.
4. psyBNC. http://www.psychoid.net/psybnc.html.
5. Sebek. http://www.honeynet.org/tools/sebek/.
6. Snort. http://www.snort.org.
7. Snort-inline. http://sourceforge.net/projects/snort-inline/.
8. Tcpdump. http://www.tcpdump.org.
9. The Honeynet Project. http://www.honeynet.org.
10. Virtual PC http://www.microsoft.com/windowsxp/virtualpc/.
11. VMware. http://www.vmware.com/.
12. VMWare FootPrinting. http://chitchat.at.infoseek.co.jp/vmware/vmtools.html.
13. CERT Advisory CA-2002-01 Exploitation of Vulnerability in CDE Subprocess Control Service. http://www.cert.org/advisories/CA-2002-01.html, Jan. 2002.
14. CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability. http://www.cert.org/advisories/CA-2002-17.html, Mar. 2003.
15. CERT Advisory CA-2003-20 W32/Blaster Worm. http://www.cert.org/advisories/CA-2003-20.html, Aug. 2003.
16. CERT/CC Overview Incident and Vulnerability Trends, CERT Coordination Center. http://www.cert.org/present/cert-overview-trends/, May 2003.
17. CERT/CC Vulnerability Note VU-298233. http://www.kb.cert.org/vuls/id/298233, Mar. 2003.
18. Collapsar. http://www.cs.purdue.edu/homes/jiangx/collapsar, Dec. 2003.
19. Linux Kernel Ptrace Privilege Escalation Vulnerability. http://www.secunia.com/advisories/8337/, Mar. 2003.
20. MA-055.082003: W32. Nachi Worm. http://www.mycert.org.my/advisory/MA-055.082003.html, Aug. 2003.
21. Microsoft Security Bulletin MS03-026. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp, 2003.
22. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, R. N. Alex Ho, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. Proceedings of ACM Symposium on Operating Systems Principles (SOSP 2003), Oct. 2003.
23. B. N. Chun, J. Lee, and H. Weatherspoon. Netbait: a Distributed Worm Detection Service. Intel Research Berkeley Technical Report IRB-TR-03-033, Sept. 2003.
24. J. Dike. User Mode Linux. http://user-mode-linux.sourceforge.net.
25. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay. Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI 2002), Dec. 2002.
26. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of Internet Society Symposium on Network and Distributed System Security (NDSS 2003), Feb. 2003.
27. A. Goel, M. Shea, S. Ahuja, W.-C. Feng, W.-C. Feng, D. Maier, and J. Walpole. Forensix: A Robust, HighPerformance Reconstruction System. The 19th Symposium on Operating Systems Principles (SOSP) (poster session), Oct. 2003.
28. S. Hanks, T. Li, D. Farinacci, and P. Traina. Generic Routing Encapsulation (GRE). RFC 1701, Oct. 1994.
29. S. Hanks, T. Li, D. Farinacci, and P. Traina. Generic Routing Encapsulation over IPv4 networks. RFC 1702, Oct. 1994.
30. H. J. Hoxer, K. Buchacker, and V. Sieh. Implementing a User-Mode Linux with Minimal Changes from Original Kernel. Linux-Kongress 2002, Koln, Germany, Sept. 2002.
31. X. Jiang, D. Xu, and R. Eigenmann. Protection Mechanisms for Application Service Hosting Platforms. Proceedings of IEEE/ACM Symposium on Cluster Computing and the Grid (CCGrid 2004), Apr. 2004.
32. S. T. King and P. M. Chen. Backtracking Intrusions. Proceedings of ACM Symposium on Operating Systems Principles (SOSP 2003), Oct. 2003.
33. K. Kortchinsky. Honeypots: Counter measures to VMware fingerprinting. http://seclists.org/lists/honeypots/2004/Jan-Mar/0015.html, Jan. 2004.
34. J. V. Miller. SHV4 Rootkit Analysis. https://tms.symantec.com/members/AnalystReports/030929-Analysis-SHV4Rootkit.pdf, Oct. 2003.
35. D. Moore. Network Telescopes: Observing Small or Distant Security Events. Proceedings of the 11th USENIX Security Symposium, Aug. 2002.
36. N. Provos. A Virtual Honeypot Framework. Proceedings of the 13th USENIX Security Symposium, Aug. 2004.
37. L. Spitzner. Honeypots: Tracking Hackers. Addison-Wesley, 2003 ISBN: 0-321-10895-7.
38. L. Spitzner. Dynamic Honeypots. http://www.securityfocus.com/infocus/1731, Sept. 2003.
39. L. Spitzner. Honeypot Farms. http://www.securityfocus.com/infocus/1720, Aug. 2003.
40. L. Spitzner. Honeytokens: The Other Honeypot. http://www.securityfocus.com/infocus/1713, July 2003.
41. J. Twycross and M. M. Williamson. Implementing and testing a virus throttle. Proceedings of the 12th USENIX Security Symposium, Aug. 2003.
42. Y. Zhang and V. Paxson. Detecting Stepping Stones. Proceedings of the 9th USENIX Security Symposium, Aug. 2000.
43. C. C. Zou, L. Gao, W. Gong, and D. Towsley. Monitoring and Early Warning for Internet Worms. Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003), Washington DC, USA, Oct. 2003.