Visualizing the behavior of object-oriented systems
OOPSLA '93 Proceedings of the eighth annual conference on Object-oriented programming systems, languages, and applications
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Visualizing interactions in program executions
ICSE '97 Proceedings of the 19th international conference on Software engineering
Shimba—an environment for reverse engineering Java software systems
Software—Practice & Experience
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Proceedings of the 2003 ACM symposium on Software visualization
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Scaling an Object-Oriented System Execution Visualizer through Sampling
IWPC '03 Proceedings of the 11th IEEE International Workshop on Program Comprehension
Intrusion detection/prevention using behavior specifications
Intrusion detection/prevention using behavior specifications
A survey of trace exploration tools and techniques
CASCON '04 Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research
Behavior abstraction in malware analysis
RV'10 Proceedings of the First international conference on Runtime verification
A framework to compute statistics of system parameters from very large trace files
ACM SIGOPS Operating Systems Review
Hi-index | 0.00 |
We propose a generic synthetic event generator from kernel trace events. The proposed method makes use of patterns of system states and environment-independent semantic events rather than platform-specific raw events. This method can be applied to different kernel and user level trace formats. We use a state model to store intermediate states and events. This stateful method supports partial trace abstraction and enables users to seek and navigate through the trace events and to abstract out the desired part. Since it uses the current and previous values of the systemstates and hasmore knowledge of the underlying system execution, it can generate a wide range of synthetic events. One of the obvious applications of this method is the identification of system faults and problems that will appear later in this paper. We will discuss the architecture of the method, its implementation, and the performance results.