Title :
A complete framework for kernel trace analysis
Author :
Waly, H. ; Ktari, B.
Author_Institution :
Dept. d´Inf. et de Genie Logiciel, Univ. Laval, Quebec City, QC, Canada
Abstract :
This paper presents a complete framework for the specification and the detection of patterns as well as the abstraction of kernel traces. We propose a declarative, and easy-to-use scripting language, for the pattern specification. The compiled patterns are then fed-to a detection engine which analyzes the traces, and gradually communicates with an output module to warn the administrator about the underlying problems executing on the system. We consider that our approach is general enough to be used with any kind of traces (net work or host-based) or even combined traces. Moreover, the proposed language can describe efficiently patterns related to different types of domains like security, performance, and abstraction.
Keywords :
authoring languages; formal specification; security of data; complete framework; host-based trace; kernel trace abstraction; kernel trace analysis; network trace; pattern detection; pattern specification; scripting language; Engines; Intrusion detection; Kernel; Linux; Probes; Pattern recognition; intrusion detection; trace analysis;
Conference_Titel :
Electrical and Computer Engineering (CCECE), 2011 24th Canadian Conference on
Conference_Location :
Niagara Falls, ON
Print_ISBN :
978-1-4244-9788-1
Electronic_ISBN :
0840-7789
DOI :
10.1109/CCECE.2011.6030698
