Computer Science ›› 2016, Vol. 43 ›› Issue (3): 1-7.doi: 10.11896/j.issn.1002-137X.2016.03.001

    Next Articles

Review of Defense Methods Against Advanced Persistent Threat in Cloud Environment

ZHANG Hao, WANG Li-na, TAN Cheng and LIU Wei-jie   

  • Online:2018-12-01 Published:2018-12-01

Abstract: A large number of organizations and institutions have been attracted to use the cloud platform for its features,such as rapid deployment,flexible configurations.However,compared to traditional network attack persistent,the emerging attack mode advanced persistent threat(APT for short) is more persistent,high hidden and long-term buried,which makes the protection to protect security and privacy challenging.Therefore,how to protect the cloud platform from APT effectively becomes an urgent problem.The basic concepts,attack procedures and attack methods of APT were introduced ,and then we analyzed the multiple security challenges brought by APT new features,and introduced the research progress in APT protection aspects.To address the security challenges,we presented a proposal framework to protect cloud platform from APT,which includes the strategies before attack and during attack,and takes advantage of the data mining of big data to analyze the potential APT attack comprehensively and to position and track the threats.Finally,the research progress of some key technologies in our framework was introduced,the advantages and disadvantages were pointed out respectively,and some future research directions were given at the end.

Key words: Cloud computing,Advanced persistent threat,Data mining of big data,Positioning threat

[1] Toosi A N,Calheiros R N,Buyya R.Interconnected Cloud Computing Environments:Challenges,Taxonomy,and Survey[J].ACM Computing Surveys (CSUR),2014,47(1):1-47
[2] Bencsáth B,Pék G,Buttyán L,et al.Duqu:Analysis,detection,and lessons learned[C]∥ACM European Workshop on System Security (EuroSec 2012).2012
[3] Zeng Jin,Sun Hai-long,Liu Xu-dong,et al.Dynamic Evolution Mechanism for Trustworthy Software Based on Service Composition[J].Journal of Software,2010,21(2):261-276 (in Chinese) 曾晋,孙海龙,刘旭东,等.基于服务组合的可信软件动态演化机制[J].软件学报,2010,21(2):261-276
[4] Wen Jing,Wang Huai-min,Ying Shi,et al.Toward a Software Architectural Design Approach for Trusted Software Based on Monitoring[J].Chinese Journal of Computers,2010,3(12):2321-2334(in Chinese) 文静,王怀民,应时,等.支持运行监控的可信软件体系结构设计方法[J].计算机学报,2010,33(12):2321-2334
[5] Xiang Guo-fu,Jin Hai,Zou De-qing,et al.Virtualization-Based Security Monitoring[J].Journal of Software,2012,3(8):2173-2187(in Chinese) 项国富,金海,邹德清,等.基于虚拟化的安全监控[J].软件学报,2012,23(8):2173-2187
[6] Sharif M,Lee W,Cui W,et al.Secure In-VM Monitoring Using Hardware Virtualization[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.2009:477-487
[7] Payne B,Carbone M,Sharif M,et al.Lares:An architecture for secure active monitoring using virtualization[C]∥Proceedings of the IEEE Symposium on Security and Privacy.2008:233-247
[8] Butler J.DKOM (Direct Kernel Object Manipulation)[EB/OL].http://www.blackhat.com/presentations/win-usa-04/bh-win-04-butler.pdf
[9] Payne B D,Carbone M A,Lee W.Secure and flexible monitoring of virtual machines[C]∥ The 23rd Annual Computer Security Applications Conf.New York:ACM Press,2007:385-397
[10] Xiang G,Jin H,Zou D,et al.VMDriver:A driver-based monitoring mechanism for virtualization[C]∥Proc.of the 29th Int’l Symp on Reliable Distributed Systems.Washington:IEEE Computer Society,2010:72-81
[11] Team P X.Documentation for the PaX project-overall description[EB/OL].http://pax.Grsecurity.net/docs/pax.txt
[12] Microsoft.A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2.http://support.microsoft.com/kb/875352
[13] Riley R,Jiang Xu-xian,Xu Dong-yan.Guest-Transparent Pre-vention of Kernel Rootkits with VMM-Based Memory Sha-dowing[C]∥Proceedings of the 11th Symposium on Recent Advances in Intrusion Detection (RAID).2008:1-20
[14] Seshadri A,Luk M,Qu Ning,et al.SecVisor:A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes[C]∥Proceedings of 21st ACM SIGOPS Symposium on Opera-ting Systems Principles.2007:335-350
[15] Riley R,Jiang Xu-xian,Xu Dong-yan.An Architectural Ap-proach to Preventing Code Injection Attacks[C]∥DSN.2007:30-40
[16] Crandau J,Chon F.Minos:Control Data Attack Prevention Orthogonal to Memory Model[C]∥ 37th International Sympcsium on Microarchitecture.2004:221-232
[17] Suh G,Lee J,Zhang D,et al.Secure Program Execution via Dynamic Information flow Tracking[C]∥Proceeding of International Conference on Architectural Support for Programming Languages and Operating Systems.2004:85-96
[18] Chen H,Wu X,Yuan L,et al.From Speculation to Security:Practical and Efficient Information Flow Tracking Using Speculative Hardware[C]∥Proceeding of the 35th International Symposium on Computer Architecture(ISCA’08).Washington DC,USA: IEEE Computer Society,2008:401-412
[19] Chen H,Wu X,Yuan L,et al.Binary Obfuscation Using Taint Tracking[C]∥International Conference on Architectural Support on Programming Language and Operating System.2008
[20] Petroni N L,Hicks M .Automated Detection of Persistent Kernel Control-Flow Attacks[C]∥Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:103-115
[21] Wang Z,Jiang X,Cui W,et al.Countering Kernel Rootkits with Lightweight Hook Protection[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.2009:545-554
[22] Joyce R,et al.MEGA:A tool for Mac OS X operating system and application forensics[J].Digital Investigation,2008,5(suppl):83-90
[23] Roussev V,et al.A cloud computing platform for large-scale forensic computing[M]∥Advances in Digital Forensics V.2009:201-214
[24] Wang Li-na,Gao Han-jun,et al.Detecting and Managing Hidden Processvia Hypervisor[J].Journal of Computer Research and Development,2011,8(8):1534-1541(in Chinese) 王丽娜,高汉军,等.利用虚拟机监视器检测及管理隐藏进程[J].计算机研究及发展,2011,8(8):1534-1541
[25] Pollitt M,et al.Virtualization and digital forensics:A research and teaching agenda[J].Journal of Digital Forensic Practice,2008,2(2):66-73
[26] Beebe N,et al.Clark.Dealing with terabyte data sets in digital investigations[M]∥Advances in Digital Forensics.2006:3-16
[27] Mell P,Grance T.Draft nist workingd efinition of cloud computing[EB/OL].(2009-4-24)[2011-09-10].www.csrc.nist.gov/groups/SNS/cloud-computing/index.html
[28] Solomon J,et al.User data persistence in physical memory[J].Digital Investigation,2007,4(2):199-211
[29] Dorn G,et al.Analyzing the impact of a virtual machine on a host machine[M]∥Advances in Digital Forensics V.2009:69-82
[30] Lin Chuang,Su Wen-bo,Meng Kun,et al.Cloud Computing Security:Architecture,Mechanism and Modeling[J].Chinese Journal of Computers,2013,6(9):32-37(in Chinese) 林闯,苏文博,孟坤,等.云计算安全:架构、机制与模型评价[J].计算机学报,2013,6(9):32-37
[31] Lu Dun.Modeling and Reasoning of the Software Component Based System Recovery Basedon Survivability Specfication[J].Journal of Software,2007,8(12):3031-3047(in Chinese) 卢暾.基于可生存性规范的软件构建系统恢复的建模与推理[J].软件学报,2007,8(12):3031-3047
[32] Qin F,Tucek J,Sundaresan J,et al.Rx:treating bugs as allergies-A safe method to survive software failures[J].ACMSIGOPS,2005,9(5):235-248
[33] Srinivasan S M,Kandula S,Andrews C R,et al.Flashback:Alightweight extension for rollback and deterministic replay for software debugging[D].USA:University of Illinois at Urbana,Champaign,2004
[34] Dunlap G W,King S T,Cinar S,et al.ReVirt:enabling intrusion analysis through virtual-machine logging and replay[J].ACM Sigops Operating System Review,2002,6(S1):211-224
[35] Prabhakaran V,Arpaci-Dusseau A C,Arpaci-Dusseau R H.Analysis and evolution of journaling file system[C]∥USENIX.Anaheim,USA,2005:105-120
[36] Grizzard J B,Gardner R W.Analysis of Virtual Machine Record and Replay for Trustworthy Computing[J].Johns Hopkins APL Technical Digest,2013,2(2):528-535
[37] Xu M,Malyugin V,Sheldon J,et al.ReTrace:Collecting execution trace with virtual machine deterministic replay[C]∥Proceedings of the Third Annual Workshop on Modeling,Benchmarking and Simulation(MoBS’07).California,USA,2007
[38] de Oliveira D A S,Crandall J R,Wassermann G,et al.ExecRecorder:VM-based full-system replay for attack analysis and system recovery[C]∥Proceedings of the First Workshopon Architectural and System Support for Improving Software Dependability(ASID’06).SanJose,Caiifornia,ACM Press,2006:66-71
[39] Barham P,Dragovic B,Fraser K,et al.Xen and the art of vir-tuaiization[C]∥Proceedings of the 19th ACM Symposium on Operating Systems Principies(SOSP’03).LakeGeorge,NewYork,USA:ACM Press,2003:164-177
[40] Cui Y,Widom J,Wiener J L.Tracing the lineage of view data in a warehousing environment[J].ACM Transactions on Database System(TODS),2000,5(2):179-227
[41] Cui Y,Widom J.Practical lineage tracing in data warehouses[C]∥International Conference on Data Engineering(ICDE).SanDiego,USA,2000:367-378
[42] Cui Y,Widom J.Lineage tracing for general data warehousetransformation[J].The International Journal on Very Large Data Bases,2003,2(1):41-58
[43] Buneman P,Khanna S, Tan W C.Why and where:A characterization of data provenance[C]∥8th International Conference on Database Theory(ICDT).London,UK,2001:316-330
[44] Muniswamy-Reddy K K,Holland D A,Braun U,et al.Provenance-aware storage systems[C]∥USENIX Annual Technical Conference.Boston,USA,2006:43-56
[45] Muniswamy-Reddy K K,Macko P,Seltzer M.Provenance forthe cloud[C]∥The 8th USENIX Conference on Fileand Storage Technologies.SanJose,USA,2010:15-28
[46] Gao Ming,Jin Che-qing,Wang Xiao-ling,et al.A Survey onManagement of Data Provenance[J].Chinese Journal of Computers,2010,3(3):374-389(in Chinese) 高明,金澈清,王晓玲,等.数据世系管理技术研究综述[J].计算机学报,2010,3(3):374-389
[47] Asrigo K,Litty L,Lie D.Using VMM-based sensors to monitor honeypots[C]∥Proceedings of the 2nd International Conference on Virtual Execution Environments(VEE’06).2006:13-23
[48] Phua C,Lee V,Smith K,et al.A comprehensive survey of data mining-based fraud detection research[J].arXivpreprintarXiv:1009.6119,0
[49] Schultz M G,Eskin E,Zadok E,et al.Data mining methods for detection of new malicious executables[C]∥ Proceedings of 2001 IEEE Symposium on Security and Privacy(S&P2001).IEEE,2001:38-49
[50] He Y,Lee R,Huai Y,et al.RCFile:A fast and space-efficient data placement structure in MapReduce-based warehouse systems[C]∥2011 IEEE 27th International Conference on Data Engineering(ICDE).IEEE,2011:1199-1208
[51] Floratou A,Patel J M,Shekita E J,et al.Column-oriented sto-rage techniques for MapReduce[J].Proceedings of the VLDB Endowment,2011,4(7):419-429
[52] Li Bo-duo,Edward M,Diao Yan-lei,et al.A platformf or scalable one-pass analytics using MapReduce[C]∥Proceedings of the ACM SIGMOD International Conference on Management of Data(SIGMOD’11).Athens,Greece,2011:985-996
[53] Blanas S,Jignesh P,Ercegovac V,et al.A comparison of join algorithms for log processing in MaPreduce[C]∥Proceedings of the ACMSIGMOD International Conferenceon Management of Data(SIGMOD’10).Indianapolis,Indiana,USA,2010:975-986
[54] Qin Xiong-pai,Wang Hui-ju,Du Xiao-yong,et al.Big Data Ana-lysis-Competition and Symbiosis of RDBMS and MapReduce[J].Journal of Software,2012,3(1):32-45(in Chinese) 覃雄派,王会举,杜小勇,等.大数据分析-RDBMS与MapReduce的竞争与共生[J].软件学报,2012,3(1):32-45
[55] Meng Xiao-feng,Ci Xiang.Big Data Management:Concepts,Techniques and Challenges[J].Journal of Computer Research and Development,2013,0(1):146-169(in Chinese) 孟小峰,慈祥.大数据管理:概念,技术与挑战[J].计算机研究与发展,2013,0(1):146-169
[56] Guo J,Li Y,Du L,et al.Research on Distributed Data Mining System Based on Hadoop Platform[C]∥Proceedings of International Conference on Computer Science and Information Technology.SpringerIndia,2014:629-636
[57] Skillicorn D,Talia D.Mining large data sets on grids:Issues and prospects[J].Computing and Informatics,2012,1(4):347-362
[58] Sakaeda T,Kadoyama K,Yabuuchi H,et al.Data mining of the public version of the FDA adverse event reporting system [J].International Journal of Medicalsciences,2013,0(7):796-803
[59] Tong Y,Chen L,Yu P S.UFIMT:an uncertain frequent itemsetmining toolbox[C]∥Proceedings of the 18th ACMSIGKDD International Conferenceon Knowledge Discovery and Datamining.ACM,2012:1508-1511
[60] Weisrock D W,Smith S D,Chan L M,et al.Concatenation and concordance in the reconstruction of mouse lemur phylogeny:an empirical demonstration of the effect of allele sampling in phylogenetics[J].Molecular Biology and Evolution,2012,9(6):1615-1630
[61] Koren Y.Collaborative filtering with temporaldynamics[J].Communications of the ACM,2010,3(4):89-97
[62] Feng Deng-guo,Zhang Min,Li Hao,et al.Big Data Security and Privacy Protection[J].Chinese Journal of Computers,2014,7(1):246-258(in Chinese) 冯登国,张敏,李昊,等.大数据安全与隐私保护[J].计算机学报,2014,7(1):246-258

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!