Availability-sensitive intrusion recovery

Shengzhi Zhang; Xi Xiong; Xiaoqi Jia; Peng Liu

doi:10.1145/1655148.1655156

Availability-sensitive intrusion recovery

Shengzhi Zhang, Xi Xiong, Xiaoqi Jia, Peng Liu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of attacks. In this paper, we propose a VM-based intrusion recovery architecture with more concerns on service availability and continuity. Integrating the state of art techniques such as backtracking, cross-layer damage assessment and heterogeneous VM migration, our system can comprehensively sweep out the footprint of intrusion while providing desired service availability and continuity.

Original language	English (US)
Title of host publication	Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Pages	43-48
Number of pages	6
DOIs	https://doi.org/10.1145/1655148.1655156
State	Published - 2009
Event	1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 - Chicago, IL, United States Duration: Nov 9 2009 → Nov 13 2009

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Country/Territory	United States
City	Chicago, IL
Period	11/9/09 → 11/13/09

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/1655148.1655156

Cite this

Zhang, S., Xiong, X., Jia, X., & Liu, P. (2009). Availability-sensitive intrusion recovery. In Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 (pp. 43-48). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1655148.1655156

@inproceedings{4c03afcfa89a48de9b69aafd09d95605,

title = "Availability-sensitive intrusion recovery",

abstract = "A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of attacks. In this paper, we propose a VM-based intrusion recovery architecture with more concerns on service availability and continuity. Integrating the state of art techniques such as backtracking, cross-layer damage assessment and heterogeneous VM migration, our system can comprehensively sweep out the footprint of intrusion while providing desired service availability and continuity.",

author = "Shengzhi Zhang and Xi Xiong and Xiaoqi Jia and Peng Liu",

year = "2009",

doi = "10.1145/1655148.1655156",

language = "English (US)",

isbn = "9781605587806",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "43--48",

booktitle = "Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09",

note = "1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 ; Conference date: 09-11-2009 Through 13-11-2009",

}

Zhang, S, Xiong, X, Jia, X & Liu, P 2009, Availability-sensitive intrusion recovery. in Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09. Proceedings of the ACM Conference on Computer and Communications Security, pp. 43-48, 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09, Chicago, IL, United States, 11/9/09. https://doi.org/10.1145/1655148.1655156

Availability-sensitive intrusion recovery. / Zhang, Shengzhi; Xiong, Xi; Jia, Xiaoqi et al.
Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09. 2009. p. 43-48 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Availability-sensitive intrusion recovery

AU - Zhang, Shengzhi

AU - Xiong, Xi

AU - Jia, Xiaoqi

AU - Liu, Peng

PY - 2009

Y1 - 2009

N2 - A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of attacks. In this paper, we propose a VM-based intrusion recovery architecture with more concerns on service availability and continuity. Integrating the state of art techniques such as backtracking, cross-layer damage assessment and heterogeneous VM migration, our system can comprehensively sweep out the footprint of intrusion while providing desired service availability and continuity.

AB - A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of attacks. In this paper, we propose a VM-based intrusion recovery architecture with more concerns on service availability and continuity. Integrating the state of art techniques such as backtracking, cross-layer damage assessment and heterogeneous VM migration, our system can comprehensively sweep out the footprint of intrusion while providing desired service availability and continuity.

UR - http://www.scopus.com/inward/record.url?scp=74049161880&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=74049161880&partnerID=8YFLogxK

U2 - 10.1145/1655148.1655156

DO - 10.1145/1655148.1655156

M3 - Conference contribution

AN - SCOPUS:74049161880

SN - 9781605587806

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 43

EP - 48

BT - Proceedings of the 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09

T2 - 1st ACM Workshop on Virtual Machine Security, VMSec '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09

Y2 - 9 November 2009 through 13 November 2009

ER -

Availability-sensitive intrusion recovery

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this