摘要
对位于客户机层次的虚拟机蜜罐进行监测能让安全人员全面掌控攻击者的行为,而位于客户机层次的监测系统容易被识别,为此提出基于虚拟机管理器层次的客户机行为监测系统,对系统进行设计、实现和实验验证,从多个维度隐蔽地,有效地跟踪客户机操作系统的执行路线和系统行为,且对客户机来说是透明的。客户机与监测环境完全隔离,客户机不能对监测环境进行修改,保证监测数据的完整性和安全性。
To monitor VM honeypot assisting security professionals with an understanding of threat intelligence and hackers’ behaviors,traditional monitor systems at the guest level can be easily detected.To address this issue,a monitor system at the hypervisor level was proposed.The design,implementation and experiments of the system were discussed.This system can effectively trace the guest’s execution route and system behaviors from multiple dimensions without being detected.This system is transparent to the guest and it is isolated to the guest,which means the guest cannot tamper this system,which ensures the integrity and security of monitoring data.
作者
银伟
杨春雷
周红建
YIN Wei, YANG Chun lei, ZHOU Hong-jian(95899 Unit, Beijing 100085, Chin)
出处
《计算机工程与设计》
北大核心
2018年第6期1516-1520,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(61702542)
中国博士后基金项目(2016M603017)