Paper Info
Title
Xanthus: Push-button Orchestration of Host Provenance Data Collection
Abstract
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publicly-available audit logs, and there are no pre-existing frameworks that enable push-button creation of realistic system traces. To make trace generation easier, we created Xanthus, an automated tool that orchestrates virtual machines to generate realistic audit logs. Using Xanthus' simple management interface, administrators select a base VM image, configure a particular tracing framework to use within that VM, and define post-launch scripts that collect and save trace data. Once data collection is finished, Xanthus~creates a self-describing archive, which contains the VM, its configuration parameters, and the collected trace data. We demonstrate that Xanthus~hides many of the tedious (yet subtle) orchestration tasks that humans often get wrong; Xanthus~avoids mistakes that lead to non-replicable experiments.
Year
DOI
Venue
2020
10.1145/3391800.3398175
HPDC '20: The 29th International Symposium on High-Performance Parallel and Distributed Computing Stockholm Sweden June, 2020
DocType
ISBN
Citations 
Conference
978-1-4503-7977-9
0
PageRank 
References 
Authors
0.34
0
5
Name
Order
Citations
PageRank
Xueyuan Han1334.52
James Mickens242437.89
Ashish Gehani328930.30
Margo Seltzer43423623.54
Thomas F. J.-M. Pasquier521417.09