A stateful approach to generate synthetic events from Kernel traces

Authors:
Naser Ezzati-Jivan;Michel R. Dagenais
Affiliations:
Department of Computer and Software Engineering, Ecole Polytechnique de Montreal, Montreal, Quebec, Canada;Department of Computer and Software Engineering, Ecole Polytechnique de Montreal, Montreal, Quebec, Canada
Venue:
Advances in Software Engineering
Year:
2012

Citing 12
Cited 1

Visualizing the behavior of object-oriented systems

OOPSLA '93 Proceedings of the eighth annual conference on Object-oriented programming systems, languages, and applications
Classification and detection of computer intrusions

Classification and detection of computer intrusions
Visualizing interactions in program executions

ICSE '97 Proceedings of the 19th international conference on Software engineering
Shimba—an environment for reverse engineering Java software systems

Software—Practice & Experience
STATL: an attack language for state-based intrusion detection

Journal of Computer Security
Object-Oriented Program Tracing and Visualization

Computer
Visualizing Java in action

Proceedings of the 2003 ACM symposium on Software visualization
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Scaling an Object-Oriented System Execution Visualizer through Sampling

IWPC '03 Proceedings of the 11th IEEE International Workshop on Program Comprehension
Intrusion detection/prevention using behavior specifications

Intrusion detection/prevention using behavior specifications
A survey of trace exploration tools and techniques

CASCON '04 Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research
Behavior abstraction in malware analysis

RV'10 Proceedings of the First international conference on Runtime verification

A framework to compute statistics of system parameters from very large trace files

ACM SIGOPS Operating Systems Review

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a generic synthetic event generator from kernel trace events. The proposed method makes use of patterns of system states and environment-independent semantic events rather than platform-specific raw events. This method can be applied to different kernel and user level trace formats. We use a state model to store intermediate states and events. This stateful method supports partial trace abstraction and enables users to seek and navigate through the trace events and to abstract out the desired part. Since it uses the current and previous values of the systemstates and hasmore knowledge of the underlying system execution, it can generate a wide range of synthetic events. One of the obvious applications of this method is the identification of system faults and problems that will appear later in this paper. We will discuss the architecture of the method, its implementation, and the performance results.