GrAALF: Supporting graphical analysis of audit logs for forensics

被引:7
作者
Setayeshfar, Omid [1 ]
Adkins, Christian [1 ]
Jones, Matthew [2 ]
Lee, Kyu Hyung [1 ]
Doshi, Prashant [1 ]
机构
[1] Univ Georgia, Athens, GA 30602 USA
[2] GTRI, Atlanta, GA 30332 USA
来源
SOFTWARE IMPACTS | 2021年 / 8卷
关键词
Cyber forensics; Provenance tracking; Graphical analysis;
D O I
10.1016/j.simpa.2021.100068
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
System-level logs play a critical role in computer forensics. They capture interactions between programs and users in detail. However, a typical computer generates more than 2.5 million system events hourly, making finding malicious activities in such logs compute and time-intensive. We introduce GrAALF a graphical system for efficiently loading, storing, processing, querying, and displaying system events for computer forensics. In comparison to similar systems, GrAALF offers the flexibility of storage, intuitive querying, and the tracing power for longer sequences of events in real-time to help identify attacks. GrAALF is a robust solution for analysis to support computer forensics.
引用
收藏
页数:4
相关论文
共 32 条
[1]  
AbuOdeh M., IAAI 2021
[2]  
[Anonymous], 2016, P 2016 ACM SIGSAC C
[3]  
[Anonymous], 2013, P 2013 ACM SIGSAC C
[4]  
[Anonymous], 2019, EVENT TRACING WINDOW
[5]  
[Anonymous], 2013, P NETW DISTR SYST SE
[6]  
[Anonymous], P 19 ACM S OP SYST P
[7]  
Bates A, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P319
[8]  
Carbon Black Inc., 2019, CB LIVEOPS
[9]   LogLens: A Real-time Log Analysis System [J].
Debnath, Biplob ;
Solaimani, Mohiuddin ;
Gulzar, Muhammad Ali ;
Arora, Nipun ;
Lumezanu, Cristian ;
Xu, Jianwu ;
Zong, Bo ;
Zhang, Hui ;
Jiang, Guofei ;
Khan, Latifur .
2018 IEEE 38TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS), 2018, :1052-1062
[10]  
DTrace, 2019, DTRACE
1234