一种IaaS模式下的实时监控取证方法
发布时间:2018-11-17 07:46
【摘要】:为了保证云中虚拟机的安全和从云中寻找完整可靠的犯罪证据,提出了基于物理内存分析的实时监控取证方法,设计开发了相应的云监控取证系统,并给出了具体的设计及实现。此系统的代理端只需要在物理主机上运行,通过获取分析主机的物理内存,分析提取IaaS基础设施层一台或者多台物理主机上安装的虚拟机系统内的关键信息。最后在KVM/Xen虚拟化环境中进行了信息的分析提取和异常检测,结果表明该方法能够获取到云平台中虚拟机的关键证据信息,能对虚拟机中的异常行为进行检测,可有效防止虚拟主机运行恶意软件、违法犯罪等问题。
[Abstract]:In order to ensure the security of virtual machine in the cloud and to find the complete and reliable evidence from the cloud, a method of real-time monitoring and forensics based on physical memory analysis is proposed, and the corresponding cloud monitoring and forensics system is designed and developed. The specific design and implementation are also given. The agent of this system only needs to run on the physical host. By obtaining the physical memory of the analysis host, the key information in the virtual machine system installed on one or more physical hosts in the IaaS infrastructure layer is analyzed and extracted. Finally, the information analysis and anomaly detection are carried out in KVM/Xen virtualization environment. The results show that the method can obtain the key evidence information of virtual machine in cloud platform, and can detect the abnormal behavior of virtual machine. Can effectively prevent the virtual host running malware, illegal crime and other problems.
【作者单位】: 山东省计算中心(国家超级计算济南中心);山东省计算机网络重点实验室;
【基金】:山东省自然科学基金资助项目(ZR2014FM003,ZR2015YL018,ZR2016YL011,ZR2016YL014,ZR2013FQ001) 山东省优秀中青年科学家科研奖励基金资助项目(BS2014DX007,BS2015DX006) 山东省科学院青年基金资助项目(2014QN011,2015QN003) 国家自然科学基金资助项目(61602281)
【分类号】:D918.2;TP309
本文编号:2337011
[Abstract]:In order to ensure the security of virtual machine in the cloud and to find the complete and reliable evidence from the cloud, a method of real-time monitoring and forensics based on physical memory analysis is proposed, and the corresponding cloud monitoring and forensics system is designed and developed. The specific design and implementation are also given. The agent of this system only needs to run on the physical host. By obtaining the physical memory of the analysis host, the key information in the virtual machine system installed on one or more physical hosts in the IaaS infrastructure layer is analyzed and extracted. Finally, the information analysis and anomaly detection are carried out in KVM/Xen virtualization environment. The results show that the method can obtain the key evidence information of virtual machine in cloud platform, and can detect the abnormal behavior of virtual machine. Can effectively prevent the virtual host running malware, illegal crime and other problems.
【作者单位】: 山东省计算中心(国家超级计算济南中心);山东省计算机网络重点实验室;
【基金】:山东省自然科学基金资助项目(ZR2014FM003,ZR2015YL018,ZR2016YL011,ZR2016YL014,ZR2013FQ001) 山东省优秀中青年科学家科研奖励基金资助项目(BS2014DX007,BS2015DX006) 山东省科学院青年基金资助项目(2014QN011,2015QN003) 国家自然科学基金资助项目(61602281)
【分类号】:D918.2;TP309
【相似文献】
相关期刊论文 前2条
1 陈龙;敬凯;董振兴;田庆宜;;基于EPROCESS特征的物理内存查找方法[J];重庆邮电大学学报(自然科学版);2013年01期
2 ;[J];;年期
相关硕士学位论文 前1条
1 苟木理;面向Windows 8物理内存镜像文件的内存取证技术研究[D];重庆大学;2013年
,本文编号:2337011
本文链接:https://www.wllwen.com/falvlunwen/fanzuizhian/2337011.html
