PANDAcap: A framework for streamlining collection of full-system traces
| Authors | |
|---|---|
| Publication date | 2020 |
| Book title | EuroSec 2020 |
| Book subtitle | proceedings of the 13th European Workshop on Systems Security : April 27, 2020, Heraklion, Crete, Greece |
| ISBN (electronic) |
|
| Event | 13th European Workshop on Systems Security, EuroSec 2020 |
| Pages (from-to) | 1-6 |
| Number of pages | 6 |
| Publisher | New York, NY: The Association for Computing Machinery |
| Organisations |
|
| Abstract |
Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters to the streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming to study the actions of brute-force ssh attacks. |
| Document type | Conference contribution |
| Language | English |
| Related dataset | PANDAcap SSH Honeypot Dataset |
| Published at | https://doi.org/10.1145/3380786.3391396 |
| Other links | https://www.scopus.com/pages/publications/85088301724 |
| Downloads |
3380786.3391396
(Final published version)
|
| Permalink to this page | |
