| As modern operating systems and software become larger and more complex, many software bugs come along with this trend, which may allow attackers to gain illegitimate access. A fast and reliable mechanism to discern and generate vaccines for such attacks is vital for the successful protection of networks and systems.Information infection and leakage in computer system are mostly caused by insecure network access.Based on the specilization of network security, this article focuses on the problem of data security in network access.With the ability of state control in virtual machine, we can make a series of access records and state control towards hostile access and attack. We implement the tool of DTAD(Dynamic Taint Analysis Detector) by modifying QEMU which is an open-source virtual machine.Our tool can track network data throughout execution to identify their invalid use as jump targets, function addresses, instructions, etc. When an attack is detected, we can perform process- or kernel-aware logging of the corresponding emulator state for further off-line processing. Once the attack with hostile codes is detected, our own forensics shellcode is injected, replacing the malevolent shellcode, to gather information about the attacked process. By correlating the data logged by the emulator with the data collected from the network, we are able to generate accurate network intrusion detection signatures for the exploits that are immune to payload mutations. The entire process can be automated and has few if any false positives, thus rapid global scale deployment of the signatures is possible.Our experiments validated the efficency of DTAD in identifying attacks and information protection and demonstrated the effectiveness of our protection system in information identification, tracing and disposal of infected data. |
PDF Full Text Request