The proliferation of technology has dramatically changed the security threat landscape, and preventing security breaches in such heterogeneous and diverse environments is nontrivial as the attack surface is simply too broad. The frequency of cyber attacks is increasing dramatically and organizations from both public and private sectors are struggling to identify and respond to security breaches. One should expect that a number of security parameter penetration attempts as well as insider attacks will be successful, and the bet will be on how quickly the security breach is detected. This chapter presents System Monitoring and Anomaly Detection (SMAD), a novel framework that monitors kernel and system resources data (e.g., system calls, network connections, process info) based on user-defined configurations that initiate nonintrusive actions when alerts are triggered. SMAD is a security monitoring tool using Sysdig as its foundation building block. Unlike existing Sysdig commercial tools, the proposed system is open source in its entirety, welcoming new contributions to the existing source repository.
|Title of host publication||Innovations in Cybersecurity Education|
|Editors||Kevin Daimi, Guillermo Francia III|
|Place of Publication||Cham|
|Publisher||Springer International Publishing AG|
|Number of pages||20|
|Publication status||Published - 22 Nov 2020|
- System monitoring, Kernel, Sysdig, System commands, Open source, Monitors, Alerts, Postmortem attack analysis, Attack visualization, User-centric