Table of Contents
Advances in Software Engineering
Volume 2012, Article ID 140368, 12 pages
Research Article

A Stateful Approach to Generate Synthetic Events from Kernel Traces

Department of Computer and Software Engineering, Ecole Polytechnique de Montreal, C.P. 6079, Station Downtown, Montreal, Quebec, Canada H3C 3A7

Received 15 December 2011; Accepted 13 April 2012

Academic Editor: Antonella Di Stefano

Copyright © 2012 Naser Ezzati-Jivan and Michel R. Dagenais. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. M. Desnoyers and M. R. Dagenais, “The LTTng tracer: a low impact performance and behavior monitor for GNU/Linux,” in Proceedings of the Ottawa Linux Symposium, 2006.
  2. W. Fadel, Techniques for the abstraction of system call traces [M.Sc.A. dissertation], Concordia University, 2010.
  3. H. Waly and B. Ktari, “A complete framework for kernel trace analysis,” in Proceedings of the Canadian Conference on Electrical and Computer Engineering (CCECE '11), pp. 001426–001430, Niagara Falls, Canada, May 2011. View at Publisher · View at Google Scholar
  4. J. P. Black, M. H. Coffin, D. J. Taylor, T. Kunz, and T. Basten, “Linking specification, abstraction, and debugging,” CCNG Technical Report E-232, Computer Communications and Networks Group, University of Waterloo, 1993. View at Google Scholar
  5. M. Auguston, A. Gates, and M. Lujan, “Defining a program behavior model for dynamic analyzers,” in Proceedings of the 9th International Conference on Software Engineering and Knowledge Engineering (SEKE '97), pp. 257–262, Madrid, Spain, June 1997.
  6. G. Matni and M. Dagenais, “Automata-based approach for kernel trace analysis,” in Proceedings of the Canadian Conference on Electrical and Computer Engineering (CCECE '09), pp. 970–973, May 2009. View at Publisher · View at Google Scholar · View at Scopus
  7. L. Fu, Exploration and visualization of large execution traces [M.Sc.A. dissertation], University of Ottawa, 2005.
  8. A. Hamou-Lhadj and T. Lethbridge, “Survey of trace exploration tools and techniques,” in Proceedings of the 14th IBM Conference of the Centre for Advanced Studies on Collaborative Research, pp. 42–55, IBM Press, 2004.
  9. W. D. Pauw, R. Helm, D. Kimelman, and J. M. Vlissides, “Visualizing the behavior of object-oriented systems,” in Proceedings of the 8th Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA '93), pp. 326–337, ACM, 1993.
  10. D. B. Lange and Y. Nakamura, “Object-oriented program tracing and visualization,” Computer, vol. 30, no. 5, pp. 63–70, 1997. View at Google Scholar · View at Scopus
  11. D. F. Jerding, J. T. Stasko, and T. Ball, “Visualizing interactions in program executions,” in Proceedings of the 19th IEEE International Conference on Software Engineering, pp. 360–370, May 1997. View at Scopus
  12. A. Chan, R. Holmes, G. C. Murphy, and A. T. T. Ying, “Scaling an Object-oriented system execution visualizer through sampling,” in Proceedings of the IEEE International Workshop on Program Comprehension (ICPC '03), 2003.
  13. S. P. Reiss, “Visualizing Java in action,” in Proceedings of the ACM Symposium on Software Visualization (SoftVis '03), pp. 57–65, ACM, June 2003. View at Scopus
  14. T. Systä, K. Koskimies, and H. Müller, “Shimba—an environment for reverse engineering Java software systems,” Software—Practice and Experience, vol. 31, no. 4, pp. 371–394, 2001. View at Publisher · View at Google Scholar · View at Scopus
  15. S. T. Eckmann, G. Vigna, and R. A. Kemmerer, “STATL: an attack language for state-based intrusion detection,” Journal of Computer Security, vol. 10, no. 1-2, pp. 71–103, 2002. View at Google Scholar · View at Scopus
  16. P. Uppuluri, Intrusion detection/prevention using behavior specifications [Ph.D. dissertation], State University of New York at Stony Brook, New York, NY, USA, 2003.
  17. S. Kumar, Classification and detection of computer intrusions [Ph.D. thesis], CERIAS lab, Purdue University, 1995.
  18. J. L. Lin, X. S. Wang, and S. Jajodia, “Abstraction-based misuse detection: high-level specifications and adaptable strategies,” in Proceedings of the 11th IEEE Computer Security Foundations Workshop (CSFW '98), pp. 190–201, Rockport, Mass, USA, June 1998. View at Scopus
  19. P. Beaucamps, I. Gnaedig, and J. Y. Marion, “Behavior abstraction in malware analysis,” in Proceedings of the Runtime Verification Conference (RV '10), pp. 168–182, 2010. View at Publisher · View at Google Scholar · View at Scopus
  20. A. Montplaisi and M. R. Dagenais, Stockage sur disque pour accs rapide dattributs avec intervalles de temps [M.Sc.A. dissertation], Dorsal lab, Ecole Polytechnique de Montreal, Montreal, Canada, 2011.
  21. M. M. Sebring, E. Shellhouse, M. Hanna, and R. A. Whitehurst, “Expert systems in intrusion detection: a case study,” in Proceedings of the National Computer Security Conference, pp. 74–81, 1988.
  22. 2011,
  23. RFC 793: Transmission Control Protocol, 2011,