TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Enabling Worm and Malware Investigation Using Virtualization
1. Enabling Worm and Malware Investigation Using Virtualization (Demo and poster this afternoon) Dongyan Xu , Xuxian Jiang CERIAS and Department of Computer Science Purdue University
2.
3.
4.
5.
6. The Big Picture Proxy ARP Domain A Domain B GRE Worm Analysis Worm Analysis Worm Capture
7. Front-End: Collapsar Enabling Worm/Malware Capture * X. Jiang, D. Xu, “Collapsar: a VM-Based Architecture for Network Attack Detention Center”, 13 th USENIX Security Symposium (Security’04), 2004. Part I
8.
9.
10.
11. Collapsar Architecture VM-based Honeypot Redirector Redirector Redirector Correlation Engine Management Station Production Network Production Network Production Network Collapsar Center Attacker Front-End
12.
13.
14.
15.
16.
17.
18.
19.
20. Back-End: vGround Enabling Worm/Malware Analysis Part II * X. Jiang, D. Xu, H. J. Wang, E. H. Spafford, “Virtual Playgrounds for Worm Behavior Investigation”, 8 th International Symposium on Recent Advances in Intrusion Detection (RAID’05), 2005.
45. Combining Collapsar and vGround Domain A Domain B GRE Worm Analysis Worm Analysis Worm Capture
46.
47.
48. Thank you. Stop by our poster and demo this afternoon! For more information: Email: d [email_address] URL: http://www.cs.purdue.edu/~dxu Google: “ Purdue Collapsar Friends ”