Enabling Worm and Malware Investigation Using Virtualization
1. Enabling Worm and Malware Investigation Using Virtualization (Demo and poster this afternoon) Dongyan Xu , Xuxian Jiang CERIAS and Department of Computer Science Purdue University
2.
3.
4.
5.
6. The Big Picture Proxy ARP Domain A Domain B GRE Worm Analysis Worm Analysis Worm Capture
7. Front-End: Collapsar Enabling Worm/Malware Capture * X. Jiang, D. Xu, “Collapsar: a VM-Based Architecture for Network Attack Detention Center”, 13 th USENIX Security Symposium (Security’04), 2004. Part I
8.
9.
10.
11. Collapsar Architecture VM-based Honeypot Redirector Redirector Redirector Correlation Engine Management Station Production Network Production Network Production Network Collapsar Center Attacker Front-End
12.
13.
14.
15.
16.
17.
18.
19.
20. Back-End: vGround Enabling Worm/Malware Analysis Part II * X. Jiang, D. Xu, H. J. Wang, E. H. Spafford, “Virtual Playgrounds for Worm Behavior Investigation”, 8 th International Symposium on Recent Advances in Intrusion Detection (RAID’05), 2005.
45. Combining Collapsar and vGround Domain A Domain B GRE Worm Analysis Worm Analysis Worm Capture
46.
47.
48. Thank you. Stop by our poster and demo this afternoon! For more information: Email: d [email_address] URL: http://www.cs.purdue.edu/~dxu Google: “ Purdue Collapsar Friends ”