【摘要】 提出了一种基于进程间数据流依赖关系的可信恢复方法,通过对进程系统调用的实时监控发现系统异常行为,并评估系统受到的破坏,进行系统恢复。基于该方法,实现了一个原型系统DFDTR。与传统恢复方法相比,它在恢复系统的同时保留了系统的合法操作,提高了恢复的精度和效率。实验表明,本恢复功能增加系统约10%的CPU负载,所耗费的存储开销也是合理的。更多还原

【Abstract】 To effectively recover system states under intrusion situation, an inter-process system recovery method based on data-flow dependency was presented. By real-time monitoring of system calls, abnormal behaviors were detected and damages of the protected system were evaluated. According to the evaluation, the system was recovered. Legal operations were preserved to improve the accuracy and efficiency of recovery. A prototype system was implemented by the method. Experimental results show that the method has better performance in many aspects, such as approximately 10% CPU overhead and reasonable storage expense.更多还原