| 摘要 |
PROBLEM TO BE SOLVED: To analyze unauthorized intrusion into a computer network.SOLUTION: Access is allowed through a virtualized decoy OS running on a hypervisor OS hosted on a decoy network device. This may be done by opening a port on the virtualized decoy OS. An attack on the virtualized OS is intercepted by an introspection module running on the hypervisor OS. The attack-identifying information is communicated through a private network interface channel and stored on a database as forensic data. A signature-generation engine uses the forensic data to generate a signature of the attack and an intrusion prevention system uses the signature to identify and prevent subsequent attacks. A web-based virtualization interface facilitates configuration of the system and analysis of forensic data generated by the introspection module and the signature generation engine, as well as data stored in the processing module's relational databases. |
