【摘要】：為了保證云中虛擬機(jī)的安全和從云中尋找完整可靠的犯罪證據(jù),提出了基于物理內(nèi)存分析的實(shí)時監(jiān)控取證方法,設(shè)計(jì)開發(fā)了相應(yīng)的云監(jiān)控取證系統(tǒng),并給出了具體的設(shè)計(jì)及實(shí)現(xiàn)。此系統(tǒng)的代理端只需要在物理主機(jī)上運(yùn)行,通過獲取分析主機(jī)的物理內(nèi)存,分析提取IaaS基礎(chǔ)設(shè)施層一臺或者多臺物理主機(jī)上安裝的虛擬機(jī)系統(tǒng)內(nèi)的關(guān)鍵信息。最后在KVM/Xen虛擬化環(huán)境中進(jìn)行了信息的分析提取和異常檢測,結(jié)果表明該方法能夠獲取到云平臺中虛擬機(jī)的關(guān)鍵證據(jù)信息,能對虛擬機(jī)中的異常行為進(jìn)行檢測,可有效防止虛擬主機(jī)運(yùn)行惡意軟件、違法犯罪等問題。
[Abstract]:In order to ensure the security of virtual machine in the cloud and to find the complete and reliable evidence from the cloud, a method of real-time monitoring and forensics based on physical memory analysis is proposed, and the corresponding cloud monitoring and forensics system is designed and developed. The specific design and implementation are also given. The agent of this system only needs to run on the physical host. By obtaining the physical memory of the analysis host, the key information in the virtual machine system installed on one or more physical hosts in the IaaS infrastructure layer is analyzed and extracted. Finally, the information analysis and anomaly detection are carried out in KVM/Xen virtualization environment. The results show that the method can obtain the key evidence information of virtual machine in cloud platform, and can detect the abnormal behavior of virtual machine. Can effectively prevent the virtual host running malware, illegal crime and other problems.
【作者單位】： 山東省計(jì)算中心(國家超級計(jì)算濟(jì)南中心);山東省計(jì)算機(jī)網(wǎng)絡(luò)重點(diǎn)實(shí)驗(yàn)室;
【基金】：山東省自然科學(xué)基金資助項(xiàng)目(ZR2014FM003,ZR2015YL018,ZR2016YL011,ZR2016YL014,ZR2013FQ001) 山東省優(yōu)秀中青年科學(xué)家科研獎勵基金資助項(xiàng)目(BS2014DX007,BS2015DX006) 山東省科學(xué)院青年基金資助項(xiàng)目(2014QN011,2015QN003) 國家自然科學(xué)基金資助項(xiàng)目(61602281)
【分類號】：D918.2;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前2條

1 陳龍;敬凱;董振興;田慶宜;;基于EPROCESS特征的物理內(nèi)存查找方法[J];重慶郵電大學(xué)學(xué)報(自然科學(xué)版);2013年01期

2 ;[J];;年期

相關(guān)碩士學(xué)位論文 前1條

1 茍木理;面向Windows 8物理內(nèi)存鏡像文件的內(nèi)存取證技術(shù)研究[D];重慶大學(xué);2013年

，

本文編號：2337011