Debugging Parallel Programs with Instant Replay
IEEE Transactions on Computers
Neural Networks for Optimization and Signal Processing
Neural Networks for Optimization and Signal Processing
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Migratory TCP: Connection Migration for Service Continuity in the Internet
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
A "flight data recorder" for enabling full-system multiprocessor deterministic replay
Proceedings of the 30th annual international symposium on Computer architecture
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Journal of Network and Systems Management
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging
Proceedings of the 32nd annual international symposium on Computer Architecture
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
Comprehensively and efficiently protecting the heap
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
ExecRecorder: VM-based full-system replay for attack analysis and system recovery
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Fine-grained failover using connection migration
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
lmbench: portable tools for performance analysis
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Execution replay of multiprocessor virtual machines
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
| Hi-index | 0.00 |
Network intrusions become a signification threat to network servers and its availability. A simple intrusion can suspend the organization's network services and can lead to a financial disaster. In this paper, we propose a framework called TimeVM to mitigate, or even eliminate, the infection of a network intrusion on-line as fast as possible. The framework is based on the virtual machine technology and traffic-replay-based recovery. TimeVM gives the illusion of "time machine". TimeVM logs only the network traffic to a server and replays the logged traffic to multiple "shadow" virtual machines (Shadow VM) after different time delays (time lags). Consequently, each Shadow VM will represent the server at different time in history. When attack/infection is detected, TimeVM enables navigating through the traffic history (logs), picking uninfected Shadow VM, removing the attack traffic, and then fast-replaying the entire traffic history to this Shadow VM. As a result, a typical up-to-date uninfected version of the original system can be constructed. The paper shows the implementation details for TimeVM. It also addresses many practical challenges related to how to configure and deploy TimeVM in a system in order to minimize the recovery time. We present analytical framework and extensive evaluation to validate our approach in different environments.