Xanthus: Push-button Orchestration of Host Provenance Data Collection

Xueyuan Han, James Mickens, Ashish Gehani, Margo Seltzer, Thomas Pasquier

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

4 Citations (Scopus)
174 Downloads (Pure)

Abstract

Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publiclyavailable audit logs, and there are no pre-existing frameworks that enable push-button creation of realistic system traces. To make trace generation easier, we created Xanthus, an automated tool that orchestrates virtual machines to generate realistic audit logs. Using Xanthus’ simple management interface, administrators select a base VM image, configure a particular tracing framework to use within that VM, and define post-launch scripts that collect and save trace data. Once data collection is finished, Xanthus creates a self-describing archive, which contains the VM, its configuration parameters, and the collected trace data. We demonstrate that Xanthus hides many of the tedious (yet subtle) orchestration tasks that humans often get wrong; Xanthus avoids mistakes that lead to non-replicable experiments.
Original languageEnglish
Title of host publicationACM International Workshop on Practical Reproducible Evaluation of Systems
PublisherAssociation for Computing Machinery (ACM)
Pages27-32
Number of pages6
ISBN (Print)978-1-4503-7977-9
DOIs
Publication statusPublished - 23 Jun 2020
EventACM International Workshop on Practical Reproducible Evaluation of Systems - Stockholm, Sweden
Duration: 23 Jun 2020 → …
https://p-recs.github.io/2020/

Conference

ConferenceACM International Workshop on Practical Reproducible Evaluation of Systems
Abbreviated titleP-RECS
Country/TerritorySweden
CityStockholm
Period23/06/20 → …
Internet address

Fingerprint

Dive into the research topics of 'Xanthus: Push-button Orchestration of Host Provenance Data Collection'. Together they form a unique fingerprint.

Cite this