FloTracker: Log-free and instantaneous host-based intrusion root-cause analysis

Saman Zonouz, Ahmad Seyfi, Alejandro Mesa, Gabriel Salles-Loustau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Preserving the availability and integrity of security-critical computer systems in a fast-spreading sophisticated intrusions environment, requires advance algorithms, accurate and efficient intrusion diagnosis, along side with root-cause analysis techniques. In this paper we introduce FloTracker that is an online log-free host-based root-cause analysis detection engine, with instantaneous forensics capabilities. FloTracker presents security administrators as well as automated response systems, with immediate forensics information. For instance, it will identify a system's entry point of intrusion as soon as a critical security incident occurs, e.g., a sensitive system file modification is detected within the target system. To this end, FloTracker automatically defines an access control policy set (possibly with no access restriction) for the target system that facilitates real-time backtracking of an intrusion, given a detection point. Our experimental results on a real-world SE-Linux test-bed showed that the FloTracker could efficiently update the system's configuration thus modifications will not affect the functionalities of the system, yet providing a log-free and instantaneous root-cause analysis capability.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013
PublisherIEEE Computer Society
Pages246-255
Number of pages10
ISBN (Print)9780769551302
DOIs
StatePublished - Jan 1 2013
Event19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013 - Vancouver, BC, Canada
Duration: Dec 2 2013Dec 4 2013

Publication series

NameProceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
ISSN (Print)1541-0110

Other

Other19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013
CountryCanada
CityVancouver, BC
Period12/2/1312/4/13

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Hardware and Architecture
  • Software

Fingerprint Dive into the research topics of 'FloTracker: Log-free and instantaneous host-based intrusion root-cause analysis'. Together they form a unique fingerprint.

  • Cite this

    Zonouz, S., Seyfi, A., Mesa, A., & Salles-Loustau, G. (2013). FloTracker: Log-free and instantaneous host-based intrusion root-cause analysis. In Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013 (pp. 246-255). [6820872] (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC). IEEE Computer Society. https://doi.org/10.1109/PRDC.2013.46