By Topic

PEDA: Comprehensive Damage Assessment for Production Environment Server Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Shengzhi Zhang ; Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA, USA ; Xiaoqi Jia ; Peng Liu ; Jiwu Jing

Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the “has-been-infected” execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques.

Published in:

IEEE Transactions on Information Forensics and Security  (Volume:6 ,  Issue: 4 )