政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/112487
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113318/144297 (79%)
造访人次 : 51046004      在线人数 : 975
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 商學院 > 資訊管理學系 > 會議論文 >  Item 140.119/112487


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/112487


    题名: VISO: Characterizing malicious behaviors of virtual machines with unsupervised clustering
    作者: 曾宇瑞
    郁方
    Li, Yen Han
    Tzeng, Yeu Ruey
    Yu, Fang
    贡献者: 資管系
    关键词: Computer crime;Intrusion detection;Java programming language;Malware;Personal computers;Semantics;Cloud securities;Clustering;Detecting malicious behaviors;Intrusion Detection Systems;On-line monitoring system;Supervised classification;Virtual machine introspection;Virtual machine management;Cloud computing
    日期: 2016-02
    上传时间: 2017-09-01 10:06:43 (UTC+8)
    摘要: Cloud computing has become one of the most dominant computation platforms in recent years. Security threats could be one of the major stunning blocks on this evolution road. While system vendors and cloud tenants benefit much from sharing resources in the cloud environment, security breaches can cause more significant damages of the cloud ecosystem than personal computers. Virtualization techniques facilitate the movement of intrusion detection system to cloud-host operating systems with virtual machine management by observing behaviors of virtual machines (VMs). However, a VM-based detection system inherits the semantic gap problem: it is needed the ability to reveal (malicious) behaviors of VMs from observed data. We propose an automatic and systematic analysis framework for charactering malware behaviors using unsupervised clustering. This framework consists of three phases: (1) unsupervised clustering on behaviors of VMs, (2) supervised classification rule derivation, and (3) online system detection. Specifically, we collect and cluster system call distributions of VMs within a small period as samples, identify clusters that contain only samples from malicious VMs, and derive detection rules by extracting features of these malicious clusters. VMs that have been observed their system call distributions falling into a malicious cluster are considered to be malicious. We have integrated the presented framework with OpenStack and develop a prototype online monitoring system, called VISO. We conduct several experiments against common attacks, showing the effectiveness of VISO on clustering, classifying and detecting malicious behaviors of VMs.
    關聯: Proceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015 , 34-41
    数据类型: conference
    DOI 連結: http://dx.doi.org/10.1109/CloudCom.2015.19
    DOI: 10.1109/CloudCom.2015.19
    显示于类别:[資訊管理學系] 會議論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML2655检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈