• DocumentCode
    3458097
  • Title

    A complete framework for kernel trace analysis

  • Author

    Waly, H. ; Ktari, B.

  • Author_Institution
    Dept. d´Inf. et de Genie Logiciel, Univ. Laval, Quebec City, QC, Canada
  • fYear
    2011
  • fDate
    8-11 May 2011
  • Abstract
    This paper presents a complete framework for the specification and the detection of patterns as well as the abstraction of kernel traces. We propose a declarative, and easy-to-use scripting language, for the pattern specification. The compiled patterns are then fed-to a detection engine which analyzes the traces, and gradually communicates with an output module to warn the administrator about the underlying problems executing on the system. We consider that our approach is general enough to be used with any kind of traces (net work or host-based) or even combined traces. Moreover, the proposed language can describe efficiently patterns related to different types of domains like security, performance, and abstraction.
  • Keywords
    authoring languages; formal specification; security of data; complete framework; host-based trace; kernel trace abstraction; kernel trace analysis; network trace; pattern detection; pattern specification; scripting language; Engines; Intrusion detection; Kernel; Linux; Probes; Pattern recognition; intrusion detection; trace analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Electrical and Computer Engineering (CCECE), 2011 24th Canadian Conference on
  • Conference_Location
    Niagara Falls, ON
  • ISSN
    0840-7789
  • Print_ISBN
    978-1-4244-9788-1
  • Electronic_ISBN
    0840-7789
  • Type

    conf

  • DOI
    10.1109/CCECE.2011.6030698
  • Filename
    6030698
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3458097