Abstract
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publiclyavailable audit logs, and there are no pre-existing frameworks that enable push-button creation of realistic system traces. To make trace generation easier, we created Xanthus, an automated tool that orchestrates virtual machines to generate realistic audit logs. Using Xanthus’ simple management interface, administrators select a base VM image, configure a particular tracing framework to use within that VM, and define post-launch scripts that collect and save trace data. Once data collection is finished, Xanthus creates a self-describing archive, which contains the VM, its configuration parameters, and the collected trace data. We demonstrate that Xanthus hides many of the tedious (yet subtle) orchestration tasks that humans often get wrong; Xanthus avoids mistakes that lead to non-replicable experiments.
Original language | English |
---|---|
Title of host publication | ACM International Workshop on Practical Reproducible Evaluation of Systems |
Publisher | Association for Computing Machinery (ACM) |
Pages | 27-32 |
Number of pages | 6 |
ISBN (Print) | 978-1-4503-7977-9 |
DOIs | |
Publication status | Published - 23 Jun 2020 |
Event | ACM International Workshop on Practical Reproducible Evaluation of Systems - Stockholm, Sweden Duration: 23 Jun 2020 → … https://p-recs.github.io/2020/ |
Conference
Conference | ACM International Workshop on Practical Reproducible Evaluation of Systems |
---|---|
Abbreviated title | P-RECS |
Country/Territory | Sweden |
City | Stockholm |
Period | 23/06/20 → … |
Internet address |