, status execve_argc:2 exit:0 inode0:1037415 inode1:10192 inode2:23451 path0:/usr/lib/cgi-bin/status path1:/bin/bash path2:/lib64/ld-linux, _source:audit.log comm:status
, _source:audit.log exe:/usr/sbin/apache2 exit:8 pid:5815 ppid:5813 saddr:0100 success:yes syscall:43 type, orig_bytes:123 orig_ip_bytes:435 orig_pkts:6 proto:tcp resp_bytes:141 resp_ip_bytes:461 resp_pkts:6 service:http uid:C2Y2q7DC004BDktp3, p.42
, Bro network security monitor
,
, Linux audit framework
,
,
Trustworthy wholesystem provenance for the linux kernel, Proceedings of the USENIX Security Symposium. USENIX Association, 2015. ,
Mining temporal invariants from partially ordered logs, ACM SIGOPS Operating Systems Review, vol.45, issue.3, 2012. ,
Decoupling dynamic program analysis from execution in virtual environments, Proceedings of the USENIX Annual Technical Conference (ATC). USENIX Association, 2008. ,
Lambda: A language to model a database for detection of attacks, Proceedings of the International Workshop on Recent Advances in Intrusion Detection (RAID), 2000. ,
Implementing secure dependencies over a network by designing a distributed security subsystem, Proceedings of the European Symposium on Research in Computer Security (ESORICS) ,
, , 1994.
Eidetic systems, Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), vol.14, 2014. ,
Statl: An attack language for state-based intrusion detection, Journal of Computer Security, vol.10, issue.1-2, 2002. ,
, Standard on logging and monitoring, European Commission, 2010.
Timestamps in Message-Passing Systems that Preserve the Partial Ordering, Proceedings of the Australian Computer Science Conference, 1988. ,
A sense of self for unix processes, Proceedings of the IEEE Symposium on Security and Privacy (S&P), 1996. ,
Spade: support for provenance auditing in distributed environments, Proceedings of the International Middleware Conference, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01555544
Information flow tracking for linux handling concurrent system calls and shared memory, Proceedings of the International Conference on Software Engineering and Formal Methods (SEFM), 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01535949
Generation and assessment of correlation rules to detect complex attack scenarios, Proceedings of the IEEE Conference on Communications and Network Security (CNS), 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01241813
A smell of orchids, International Workshop on Runtime Verification, 2008. ,
Intrusion detection in distributed systems, an approach based on taint marking, Proceedings of the IEEE International Conference on Communications (ICC), 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00840338
Sleuth: real-time attack scenario reconstruction from cots audit data, Proceedings of the USENIX Security Symposium. USENIX Association, 2017. ,
Advanced cyber attack modeling analysis and visualization, 2010. ,
Rain: Refinable attack investigation with on-demand interprocess information flow tracking, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017. ,
Backtracking intrusions, ACM SIGOPS Operating Systems Review, vol.37, issue.5, 2003. ,
Mci: Modeling-based causality inference in audit logging for attack investigation, Proceedings of the Network and Distributed System Security Symposium (NDSS). Internet Society, 2018. ,
Time, clocks, and the ordering of events in a distributed system, Communications of the ACM, vol.21, issue.7, 1978. ,
A scalable and efficient correlation engine to detect multi-step attacks in distributed systems, Proceedings of the IEEE International Symposium on Reliable Distributed Systems (SRDS), 2018. ,
High Accuracy Attack Provenance via Binary-based Execution Partition, Proceedings of the Network and Distributed Systems Security Symposium (NDSS). Internet Society, 2013. ,
, Loggc: garbage collecting audit log, Proceedings of the ACM SIGSAC Conference on Computer & Communications Security (CCS)
Towards a timely causality analysis for enterprise security, Proceedings of the Network and Distributed System Security Symposium (NDSS), 2018. ,
Accurate, low cost and instrumentation-free security audit logging for windows, Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2015. ,
Mpi: Multiple perspective attack investigation with semantics aware execution partitioning, Proceedings of the USENIX Security Symposium. USENIX Association, 2017. ,
ProTracer: towards practical provenance tracing by alternating between logging and tainting, Proceedings of the Network and Distributed Systems Security Symposium (NDSS). Internet Society, 2016. ,
Virtual time and global states of distributed systems, 1988. ,
The open provenance model core specification (v1. 1), Future Generation Computer Systems, vol.27, issue.6, 2011. ,
A logic-based model to support alert correlation in intrusion detection, Information Fusion, vol.10, issue.4, 2009. ,
URL : https://hal.archives-ouvertes.fr/hal-00353059
Layering in provenance systems, Proceedings of the USENIX Annual Technical Conference (ATC). USENIX Association, 2009. ,
Provenance-aware storage systems, Proceedings of the USENIX Annual Technical Conference (ATC). USENIX Association, 2006. ,
Practical whole-system provenance capture, Proceedings of the Symposium on Cloud Computing (SoCC), 2017. ,
Hercule: Attack story reconstruction via community discovery on correlated log graph, Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2016. ,
Hi-fi: collecting high-fidelity whole-system provenance, Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2012. ,
Detecting causal relationships in distributed computations: In search of the holy grail, Distributed Computing, vol.7, issue.3, 1994. ,
A language driven intrusion detection system for event and alert correlation, Security and Protection in Information Processing Systems, 2004. ,
Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots, Proceedings of the Network and Distributed Systems Security Symposium (NDSS). Internet Society, 2017. ,
A Comprehensive Approach to Intrusion Detection Alert Correlation, IEEE Transactions on Dependable and Secure Computing (TDSC), vol.1, issue.3, 2004. ,
High fidelity data reduction for big data security dependency analyses, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2016. ,