2014 | OriginalPaper | Buchkapitel
PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging
verfasst von : Kevin D. Bowers, Catherine Hart, Ari Juels, Nikos Triandopoulos
Erschienen in: Research in Attacks, Intrusions and Defenses
Verlag: Springer International Publishing
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Security analytics
is a catchall term for vulnerability assessment and intrusion detection leveraging security logs from a wide array of
Security Analytics Sources (SASs)
, which include firewalls, VPNs, and endpoint instrumentation. Today, nearly all security analytics systems suffer from a lack of even basic data protections. An adversary can
eavesdrop
on SAS outputs and advanced malware can
undetectably suppress
or
tamper
with SAS messages to conceal attacks.
We introduce
PillarBox
, a tool that enforces
integrity
for SAS data even when such data is buffered on a compromised host within an adversarially controlled network. Additionally, PillarBox (optionally) offers
stealth
, concealing SAS data and potentially even alerting rules on a compromised host. Using data from a large enterprise and on-host performance measurements, we show experimentally that PillarBox has minimal overhead and is practical for real-world systems.