The Kerf Toolkit for Intrusion Analysis (Poster Abstract)

Authors

Javed Aslam, Dartmouth CollegeFollow
Sergey Bratus, Dartmouth CollegeFollow
David Kotz, Dartmouth CollegeFollow
Ron Peterson, Dartmouth College
Daniela Rus, Dartmouth College
Brett Tofel, Dartmouth College

Document Type

Conference Paper

Publication Date

6-2003

Publication Title

Proceedings of the 2003 IEEE Workshop on Information Assurance

Department

Department of Computer Science

Abstract

We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.

Original Citation

Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, and Brett Tofel. The Kerf Toolkit for Intrusion Analysis. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), June 2003.

Dartmouth Digital Commons Citation

Aslam, Javed; Bratus, Sergey; Kotz, David; Peterson, Ron; Rus, Daniela; and Tofel, Brett, "The Kerf Toolkit for Intrusion Analysis (Poster Abstract)" (2003). Dartmouth Scholarship. 3084.
https://digitalcommons.dartmouth.edu/facoa/3084