政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/77178
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113656/144643 (79%)
Visitors : 51763676      Online Users : 514
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/77178
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/77178


    Title: 用虛擬機內省技術強化OpenStack雲端安全機制
    Enhancing OpenStack Cloud Security with Virtual Machine Introspection
    Authors: 李彥亨
    Lee, Yen Heng
    Contributors: 蔡瑞煌
    郁方

    Tsaih, Rua Huan
    Yu, Fang

    李彥亨
    Lee, Yen Heng
    Keywords: 虛擬機內省
    雲端安全
    惡意程式行為
    VMI
    Cloud Security
    Malware behavior
    Date: 2015
    Issue Date: 2015-08-03 13:21:02 (UTC+8)
    Abstract: 如今,我們能夠受益於各式各樣的雲端服務(如Google及Amazon)全歸功於虛擬化技術的成熟。隨著雲端服務使用量的劇增,雲端安全的議題也不容忽視。傳統上使用網路型及主機型的入侵防衛系統來作雲端安全防護,但隨著虛擬化技術的發展,虛擬機內省機制為基底的防禦機制有著絕對於傳統入侵防衛系統優越的獨立性及可見度並逐漸成為主流的防禦機制。
    我們研究提倡的雲端防禦系統框架(VISO)便是以虛擬機內省機制為基底以及透過行為模式辨識的方式作惡意行為偵測且富有可擴增性,並強調所有的解決方案皆為開源的,也是為何我們以OpenStack作為我們的雲端環境防護系統的實驗環境。
    關於我們的實驗研究方法,我們採用監督式與非監督式的神經網路來作惡意程式行為分析。而所有惡意程式皆從官方OWL網站取得,並以防毒軟體作標籤的動作。目的是想要確認是否能夠透過同種類且已知的惡意程式行為模式去辨識出未知的同種類惡意程式行為。
    Today, we attributes it to virtualization technology that the application of cloud computing is so well-developed that the world-wide famous company can make use of this technique to reap the profits, just likes Google and Amazon etc. While cloud service bringing kinds of benefit to system vendors and cloud tenants, cloud security is exposed to many threats. Traditionally, two main kinds of intrusion detection system (IDS) are host-based IDS (HIDS) and network-based IDS (NIDS). With virtualization technology development, virtual machine monitor (VMM) based IDS is superior to HIDS and NIDS both on isolation and visibility properties as far as cloud security concerned.
    We address a cloud security protection framework, called Virtualization Introspection System for OpenStack (VISO), to strengthen OpenStack security defensive mechanism. VISO has some following characteristics. (1) VMI based monitoring mechanism (2) behavior-based analysis (3) elastic to expand system functionality and easy to operate (4) all apparatuses in VISO are free on Internet that is why we also choose the most famous private cloud solution, OpenStack, to deploying cloud environment.
    About our experiment method, we using supervised and unsupervised artificial technology algorithm to analyze behaviors monitored in a sandbox environment. All malwares are downloaded from OWL Taiwan official malware knowledge base and labeled by anti-virus scanner. The purpose is to see how effective the features of behaviors collected by VISO can recognize the same family malwares. Detecting unknown malware variants previously not recognized by commercial anti-virus software by training the same family known malware samples.
    Reference: [1] Albayrak, S., Scheel, C., Milosevic, D., & Muller, A. (2005, November). Combining self-organizing map algorithms for robust and scalable intrusion detection. In Computational Intelligence for Modelling, Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, International Conference on (Vol. 2, pp. 123-130). IEEE.
    [2] Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., & Kirda, E. (2009, February). Scalable, Behavior-Based Malware Clustering. In NDSS (Vol. 9, pp. 8-11).
    [3] Bayer, U., Moser, A., Kruegel, C., & Kirda, E. (2006). Dynamic analysis of malicious code. Journal in Computer Virology, 2(1), 67-77.
    [4] Chen, S., & Zhang, Y. Malware Process Detecting Via Hypervisor.
    [5] Dinaburg, A., Royal, P., Sharif, M., & Lee, W. (2008, October). Ether: malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 51-62). ACM.
    [6] Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., & Lee, W. (2011, May). Virtuoso: Narrowing the semantic gap in virtual machine introspection. In Security and Privacy (SP), 2011 IEEE Symposium on (pp. 297-312). IEEE.
    [7] Dynamic-link library (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Dynamic-link library
    [8] Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2), 6.
    [9] European Union Agency for Network and Information Security (n.d.). Cloud Computing Security Risk Assessment Retrieved March 24, 2015, from http://www.enisa.europa.eu/activities/riskmanagement/files/deliverables/cloud-computing-risk-assessment
    [10] Feyereisl, J., & Aickelin, U. (2009). Self-Organising Maps in Computer Security. Computer Security: Intrusion, Detection and Prevention, Ed. Ronald D. Hopkins, Wesley P. Tokere, 1-30.
    [11] Fu, Y., & Lin, Z. (2012, May). Space traveling across vm: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In Security and Privacy (SP), 2012 IEEE Symposium on (pp. 586-600). IEEE.
    [12] Garfinkel, T., & Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).
    [13] Growing self-organizing map (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Growing_self-organizing_map
    [14] Hofmeyr, S. A., Forrest, S., & Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of computer security, 6(3), 151-180.
    [15] Hsiao, S. W., Chen, Y. N., Sun, Y. S., & Chen, M. C. (2013, October). A cooperative botnet profiling and detection in virtualized environment. In Communications and Network Security (CNS), 2013 IEEE Conference on (pp. 154-162). IEEE.
    [16] Hypervisor (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Hypervisor
    [17] Inoue, H., Adelstein, F., Donovan, M., & Brueckner, S. (2011, June). Automatically Bridging the Semantic Gap using C Interpreter. In 6th Annual Symposium on Information Assurance (ASIA’11) (p. 51).
    [18] Jiang, X., Wang, X., & Xu, D. (2007, October). Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In Proceedings of the 14th ACM conference on Computer and communications security (pp. 128-138). ACM.
    [19] Kosoresow, A. P., & Hofmeyr, S. A. (1997). Intrusion detection via system call traces. IEEE software, 14(5), 35-42.
    [20] Lee, S. W., & Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.
    [21] Lengyel, T. K., Neumann, J., Maresca, S., Payne, B. D., & Kiayias, A. (2012, August). Virtual Machine Introspection in a Hybrid Honeypot Architecture. In CSET.
    [22] LibVMI (n.d.). LibVMI. Retrieved March 24, 2015, from http://libvmi.com/
    [23] Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. John Wiley & Sons.
    [24] Macine learning (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Machine_learning
    [25] Moser, A., Kruegel, C., & Kirda, E. (2007, December). Limits of static analysis for malware detection. In Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual (pp. 421-430). IEEE.
    [26] Mukkamala, S., Janoski, G., & Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Neural Networks, 2002. IJCNN`02. Proceedings of the 2002 International Joint Conference on (Vol. 2, pp. 1702-1707). IEEE.
    [27] Nanavati, M., Colp, P., Aiello, B., & Warfield, A. (2014). Cloud security: A gathering storm. Communications of the ACM, 57(5), 70-79.
    [28] Nasab, M. R. (2012). Security functions for virtual machines via introspection.
    [29] OpenStack (n.d.). OpenStack Documentation for Havana. Retrieved March 24, 2015, from http://docs.openstack.org/havana/
    [30] OpenStack (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/OpenStack
    [31] Option Volatility (n.d.). Retrieved March 24, 2015, from http://www.investopedia.com/university/optionvolatility/
    [32] Payne, B. D. (2012). Simplifying virtual machine introspection using libvmi. Sandia Report.
    [33] Payne, B. D., Carbone, M., Sharif, M., & Lee, W. (2008, May). Lares: An architecture for secure active monitoring using virtualization. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (pp. 233-247). IEEE.
    [34] Payne, B. D., De Carbone, M. D. P., & Lee, W. (2007, December). Secure and flexible monitoring of virtual machines. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual (pp. 385-397). IEEE.
    [35] Pfoh, J., Schneider, C., & Eckert, C. (2009, November). A formal model for virtual machine introspection. In Proceedings of the 1st ACM workshop on Virtual machine security (pp. 1-10). ACM.
    [36] Pfoh, J., Schneider, C., & Eckert, C. (2011). Nitro: Hardware-based system call tracing for virtual machines. In Advances in Information and Computer Security (pp. 96-112). Springer Berlin Heidelberg.
    [37] Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.
    [38] Rieck, K., Trinius, P., Willems, C., & Holz, T. (2011). Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4), 639-668.
    [39] Sahs, J., & Khan, L. (2012, August). A machine learning approach to android malware detection. In Intelligence and Security Informatics Conference (EISIC), 2012 European (pp. 141-147). IEEE.
    [40] Schneider, C., Pfoh, J., & Eckert, C. (2011). A universal semantic bridge for virtual machine introspection. In Information Systems Security (pp. 370-373). Springer Berlin Heidelberg.
    [41] Sevilla, M. (2012). CMPS223 Final Project Virtual Machine Introspection Techniques.
    [42] Sharif, M. I., Lee, W., Cui, W., & Lanzi, A. (2009, November). Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 477-487). ACM.
    [43] Support vector machine (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Support_vector_machine
    [44] System call (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/System_call
    [45] Virtualization (n.d.). Retrieved March 24, 2015, from http://en.wikipedia.org/wiki/Virtualization
    [46] Wu, Y. S., Sun, P. K., Huang, C. C., Lu, S. J., Lai, S. F., & Chen, Y. Y. (2013, June). EagleEye: Towards mandatory security monitoring in virtualized datacenter environment. In Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on (pp. 1-12). IEEE.
    [47] Yoo, I. (2004, October). Visualizing windows executable viruses using self-organizing maps. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (pp. 82-89). ACM.
    [48] Yu, F., Huang, S. Y., Chiou, L. C., & Tsaih, R. H. (2013, August). Clustering iOS executable using self-organizing maps. In Neural Networks (IJCNN), The 2013 International Joint Conference on (pp. 1-8). IEEE.
    Description: 碩士
    國立政治大學
    資訊管理研究所
    102356044
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0102356044
    Data Type: thesis
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File SizeFormat
    604401.pdf7945KbAdobe PDF2258View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback