Correlation of System Events: High Performance Classification of Selinux Activities and Scenarios
نویسنده
چکیده
This paper presents an architecture for the characterization and the classification of activities occurring in a computer. These activities are considered from a system point of view, currently dealing with information coming from SELinux system logs. Starting from system events, and following an incremental approach, this paper shows how to characterize high-level and macro activities occuring on the system and how to classify those activities. It gives the formal basics of the approach and presents our implementation. The results of experiments uses real samples taken from our honeypot. Correlation results are obtained using a grid computation. Our high performance architecture enables to compute a large amount of events captured during one year on a high interaction honeypot.
منابع مشابه
Classification of Malicious Distributed SELinux Activities
This paper deals with the classification of malicious activities occurring on a network of SELinux hosts. SELinux system logs come from a high interaction distributed honeypot. An architecture is proposed to compute those events in order to assemble system sessions, such as malicious ones. Afterwards, recognition mechanisms are proposed to classify those activities. The paper presents the class...
متن کاملOptimal Strategy of State Lands allocation in Islamic Economics: Game Theory Approach
In the Islamic legal and economic system, a precise mechanism for land use is defined. The classification of lands, along with the flexible methods available to the government for the allocation of land, raises the question of what is the most desirable method for state lands allocation based on the Islamic legal and economic system? Accordingly, the purpose of the present study is to find a fa...
متن کاملPredictors of Interest in Performing Activities Among Iranian Adolescents With Cerebral Palsy
Objectives: Generally, adolescents who are interested in performing activities experience positive emotions and report high levels of well-being. However, adolescents with Cerebral Palsy (CP) encounter various issues affecting their interests. The present research was planned to investigate the predictor factors that affect the interest in performing activities in Iranian adolescents with CP. ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملActive Distribution Networks Restoration after Extreme Events
After extreme events such as floods, thunderstorms, blizzards and hurricanes there will be devastating effects in the distribution networks which may cause a partial or complete blackout. Then, the major concern for the system operators is to restore the maximum critical loads as soon as possible by available generation units. In order to solve this problem, this paper provides a restoration s...
متن کامل