SMAD: A Configurable and Extensible Low-Level System Monitoring and Anomaly Detection Framework

Basel Sababa, Karlen Avogian, Ioanna Dionysiou, Harald Gjermundrod

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

The proliferation of technology has dramatically changed the security threat landscape, and preventing security breaches in such heterogeneous and diverse environments is nontrivial as the attack surface is simply too broad. The frequency of cyber attacks is increasing dramatically and organizations from both public and private sectors are struggling to identify and respond to security breaches. One should expect that a number of security parameter penetration attempts as well as insider attacks will be successful, and the bet will be on how quickly the security breach is detected. This chapter presents System Monitoring and Anomaly Detection (SMAD), a novel framework that monitors kernel and system resources data (e.g., system calls, network connections, process info) based on user-defined configurations that initiate nonintrusive actions when alerts are triggered. SMAD is a security monitoring tool using Sysdig as its foundation building block. Unlike existing Sysdig commercial tools, the proposed system is open source in its entirety, welcoming new contributions to the existing source repository.
Original languageEnglish
Title of host publicationInnovations in Cybersecurity Education
EditorsKevin Daimi, Guillermo Francia III
Place of PublicationCham
PublisherSpringer International Publishing AG
Pages19-38
Number of pages20
ISBN (Print)978-3-030-50244-7
DOIs
Publication statusPublished - 22 Nov 2020

Keywords

  • System monitoring, Kernel, Sysdig, System commands, Open source, Monitors, Alerts, Postmortem attack analysis, Attack visualization, User-centric

Fingerprint

Dive into the research topics of 'SMAD: A Configurable and Extensible Low-Level System Monitoring and Anomaly Detection Framework'. Together they form a unique fingerprint.

Cite this