Publications
Detailed Information
A Fast Data Anomaly Detection Engine for Kernel Integrity Monitoring : 커널 무결성 감시를 위한 고속 이상 징후 탐지
Cited 0 time in
Web of Science
Cited 0 time in Scopus
- Authors
- Advisor
- 백윤흥
- Major
- 공과대학 전기·정보공학부
- Issue Date
- 2016-02
- Publisher
- 서울대학교 대학원
- Keywords
- Kernel Integrity ; Memory Introspection ; Data anomaly Detection
- Description
- 학위논문 (석사)-- 서울대학교 대학원 : 전기·정보공학부, 2016. 2. 백윤흥.
- Abstract
- In computer systems, ensuring the integrity of the kernel assumes importance as attacks against the kernel allow an adversary to obtain the highest privilege within a compromised system. For this task, typically, an external monitor would perform memory introspection and verify whether certain integrity specifications, which were commonly written by hand in the past, hold or not. However, as adversaries turned their eyes to attacking a system through non-control kernel data, the need arose for verifying non-control kernel data
unfortunately, it is nontrivial to do manually.
Acknowledging this, prior work suggested a framework leveraging machine learning to generate integrity specifications for both control and non-control data across the entire kernel with little human involvement. Unfortunately, there is a problem in the original design of this framework in regards to its practicality for deployment in real-world systems.
This thesis proposes a new design that accelerates the overall introspection process by virtually eliminating the booting delay that was needed in prior work and evaluates the effectiveness of the design by means of implementing
a prototype engine, DADE.
- Language
- English
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.