Online Surveillance of Critical Computer Systems Through Advanced Host-Based Detection.


Computer applications are becoming more and more complex, which leads to higher presence of faults in information systems. Many of these faults remain undetected and can be exploited for malicious purposes. Traditional system monitoring tools concentrate on a single source of information and consequently have a very limited detection coverage, efficiency, accuracy and timeliness. They either detect only a small portion of errors or generate a lot of false positives.

The objective of the proposed project is to improve significantly the efficiency, accuracy and timeliness of both online anomaly detection and mechanisms lowering false alarm rates. The expected outcomes of this proposed project are: 1-a scalable integrative Observation infrastructure allowing the capture and merging into an enhanced data of the best system data, and the saving of this enhanced data in memory for anomaly detection purposes; 2-a scalable integrative Detection infrastructure able to run concurrently the best complementary specialized detection techniques in parallel and a specialized Linux kernel Knowledge base.

Full project description