Active security

Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks Pub Date : 2013-11-21 DOI:10.1145/2535771.2535794

Ryan Hand, M. Ton, Eric Keller

{"title":"Active security","authors":"Ryan Hand, M. Ton, Eric Keller","doi":"10.1145/2535771.2535794","DOIUrl":null,"url":null,"abstract":"In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces to (i) protect the infrastructure under common attack scenarios (e.g., configure a firewall), (ii) sense the current state of the infrastructure through a wide variety of information, (iii) adjust the configuration of the infrastructure at run time based on sensed information, (iv) collect forensic evidence on-demand, at run-time for attribution, and (v) counter the attack through more advanced mechanisms such as migrating malicious code to a quarantined system. We built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware (which can then be used by the active security system to better secure the infrastructure).","PeriodicalId":203847,"journal":{"name":"Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"35","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2535771.2535794","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 35

Abstract

In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces to (i) protect the infrastructure under common attack scenarios (e.g., configure a firewall), (ii) sense the current state of the infrastructure through a wide variety of information, (iii) adjust the configuration of the infrastructure at run time based on sensed information, (iv) collect forensic evidence on-demand, at run-time for attribution, and (v) counter the attack through more advanced mechanisms such as migrating malicious code to a quarantined system. We built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware (which can then be used by the active security system to better secure the infrastructure).

查看原文本刊更多论文

主动安全

在本文中，我们介绍了主动安全，这是一种新的方法，它在一个新的反馈回路中引入了可编程控制到防御基础设施中。主动安全实现了一个统一的编程环境，该环境提供了以下接口:(i)在常见攻击场景下保护基础设施(例如，配置防火墙)，(ii)通过各种各样的信息感知基础设施的当前状态，(iii)在运行时根据感知的信息调整基础设施的配置，(iv)在运行时按需收集取证证据，用于归因。(v)通过更先进的机制(如将恶意代码迁移到隔离系统)来对抗攻击。我们构建了一个初始原型，扩展了FloodLight软件定义的网络控制器，使其能够自动与Snort入侵检测系统连接以检测异常，扩展了Linux Memory Extractor以在运行时收集取证证据，扩展了Volatility解析工具以从物理内存中提取可执行文件并分析有关恶意软件的信息(然后可以由主动安全系统使用，以更好地保护基础设施)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks

自引率

0.00%

发文量