Thumbnail
Access Restriction
Subscribed

Author Xuxian Jiang ♦ Walters, A. ♦ Dongyan Xu ♦ Spafford, E.H. ♦ Buchholz, F. ♦ Yi-Min Wang
Source IEEE Xplore Digital Library
Content type Text
Publisher Institute of Electrical and Electronics Engineers, Inc. (IEEE)
File Format PDF
Copyright Year ©2006
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Contamination ♦ Computer worms ♦ Color ♦ Computer science ♦ Forensics ♦ Face detection ♦ Internet ♦ Inspection ♦ Virtual machining ♦ Performance analysis
Abstract To investigate the exploitation and contamination by self-propagating Internet worms, a provenance-aware tracing mechanism is highly desirable. Provenance unawareness causes difficulties in fast, accurate identification of a worm’s break-in point, and incurs significant log inspection overhead. This paper presents the design, implementation, and evaluation of process coloring, an efficient provenance-aware approach to worm break-in and contamination tracing. More specifically, process coloring assigns a "color", a unique system-wide identifier, to each remotely-accessible server or process. The color will then be either inherited by spawned child processes or diffused indirectly through process actions (e.g., read/write operations). Process coloring brings two major advantages: (1) It enables fast color-based identification of a worm’s break-in point even before detailed log analysis; (2) It naturally partitions log data based on their colors, effectively reducing the volume of log data that need to be examined for worm investigation. A tamper-resistant log collection method is developed based on the virtual machine introspection technique. Our experiments with a number of real-world worms demonstrate the advantages of processing coloring.
Description Author affiliation: Purdue University, W. Lafayette, IN (Xuxian Jiang)
ISBN 0769525407
ISSN 10636927
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research ♦ Reading
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2006-07-04
Publisher Place Portugal
Rights Holder Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Size (in Bytes) 611.23 kB
Page Count 1
Starting Page 38
Ending Page 38


Source: IEEE Xplore Digital Library