Efficient Surveillance of Information Systems Online

PDF

Authors
  1. Dagenais, M.
  2. Hamou-Lhadj, A.
  3. Couture, M.
  4. Toupin, D.
Corporate Authors
Defence R&D Canada - Valcartier, Valcartier QUE (CAN);Ecole Polytechnique, Montreal QUE (CAN);Concordia Univ, Montreal QUE (CAN)
Abstract
Cyber attacks are rapidly becoming a major threat to proper secure government and military operations. From deployed wireless systems subjected to jamming, denial of service attacks and intrusion attempts, to in-house computers connected to secure networks infiltrated by malicious software, numerous serious computer incidents are increasingly encountered. Low level system tracing, traditionally used for debugging, may be used for host based surveillance. We have developed a framework for detecting abnormal behavior, reacting to the threat, and monitoring the effectiveness of the response before escalation. The main advantage of the new system is the combination of low level tracing information with powerful abstraction and anomaly detection techniques. Our tracing mechanisms extract very detailed execution traces with minimal overhead, increasing the detection capability without affecting operation or alerting the attackers.
Keywords
Poly-tracing project;LTTng;Zero day
Report Number
DRDC-VALCARTIER-SL-2011-504 — Scientific Literature
Date of publication
01 Nov 2011
Number of Pages
7
DSTKIM No
CA036842
CANDIS No
536515
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: