Automatiser la construction de règles de corrélation : prérequis et processus

National audienceLes systèmes d'entreprise sont aujourd'hui composés de plusieurs dizaines, centaines ou milliers d'entités communiquant potentiellement avec des machines externes inconnues. Dans ces systèmes de nombreux détecteurs, sondes et IDS sont déployés et inondent les systèmes de supervision de messages et d'alertes. La problématique d'un administrateur en charge de la supervision est alors de détecter des motifs d'attaques contre le système au sein de ce flot de notifications. Pour cela, il dispose d'outils de corrélation permettant d'identifier des scénarios complexes à partir de ces notifications de bas niveau. Cependant, la spécification de ces scénarios demande d'avoir au préalable construit les règles de corrélation adéquates. Ce papier se focalise sur une méthode de génération de règles de corrélation et des prérequis nécessaires à cette opération. Il évalue ensuite le travail requis pour obtenir de telles règles dans le cas d'un processus de génération automatisé

Efficient Distributed Detection Of Conjunctions Of Local Predicates M. Hurfin M. Mizuno M. Raynal M. Singhal

: Global predicate detection is a fundamental problem in distributed systems and finds applications in many domains such as testing and debugging distributed programs. This paper presents two efficient distributed algorithms to detect conjunctive form global predicates in distributed systems. The algorithms detect the first consistent global state that satisfies the predicate even if the predicate is unstable. The algorithms are based on complementary approaches and are dual of each other. The algorithms are distributed because the predicate detection efforts as well as the necessary information is equally distributed among the processes. We prove the correctness of the algorithms and compare their performance with those of the existing predicate detection algorithms. The proposed algorithms compare very favorably with the existing algorithms in terms of the number of messages exchanged for predicate detection. Key-words: Distributed systems, On the fly global predicate detection (R'..

On-the-Fly Replay: A Practical Paradigm and Its Implementation for Distributed Debugging

: This paper presents a practical paradigm, called on-the-fly replay. This paradigm consists of running a distributed program twice at the same time: an original computation driving a twin execution whose non-deterministic choices have not to be evaluated. This paradigm has several interesting uses. Among them, distributed debugging is particularly noteworthy. The integration of this paradigm into a distributed debugging facility, called EREBUS, is described. This implementaton was run on a distributed memory parallel machine (Intel Hypercube iPSC2) and experimental results, showing gains provided, are exhibited. Key-words: Distributed debugging, Execution replay, Probe effect, Measurements (R'esum'e : tsvp) This work has been partly supported by a cooperation grant from French and Israeli goverments. Computer Science Department - Technion Haifa 32000 ISRAEL IRISA - Email address: [email protected] Unite de recherche INRIA Rennes IRISA, Campus universitaire de Beaulieu, 35042 RENNES ..

On-the-Fly Replay: A Practical Paradigm and Its Implementation for Distributed Debugging

: This paper presents a practical paradigm, called on-the-fly replay. This paradigm consists of running a distributed program twice at the same time: an original computation driving a twin execution whose non-deterministic choices have not to be evaluated. This paradigm has several interesting uses. Among them, distributed debugging is particularly noteworthy. The integration of this paradigm into a distributed debugging facility, called EREBUS, is described. This implementaton was run on a distributed memory parallel machine (Intel Hypercube iPSC2) and experimental results, showing gains provided, are exhibited. Key-words: Distributed debugging, Execution replay, Probe effect, Measurements (R'esum'e : tsvp) This work has been partly supported by a cooperation grant from French and Israeli goverments. Computer Science Department - Technion Haifa 32000 ISRAEL IRISA - Email address: [email protected] Centre National de la Recherche Scientifique Institut National de Recherche en Informa..

Detecting atomic sequences of predicates in distributed computations

This paper deals with a class of unstable non-monotonic global predicates, called herein atomic sequences of predicates. Such global predicates are defined for distributed programs built with message-passing communication only (no shared memory) and they describe global properties by causal composition of local predicates augmented with atomicity constraints. These constraints specify forbidden properties, whose occurrence invalidate causal sequences. This paper defines formally these atomic sequences of predicates, proposes a distributed algorithm to detect their occurences and gives a sketch of a proof of correctness of this algorithm

Automatiser la construction de règles de corrélation : prérequis et processus

National audienceLes systèmes d'entreprise sont aujourd'hui composés de plusieurs dizaines, centaines ou milliers d'entités communiquant potentiellement avec des machines externes inconnues. Dans ces systèmes de nombreux détecteurs, sondes et IDS sont déployés et inondent les systèmes de supervision de messages et d'alertes. La problématique d'un administrateur en charge de la supervision est alors de détecter des motifs d'attaques contre le système au sein de ce flot de notifications. Pour cela, il dispose d'outils de corrélation permettant d'identifier des scénarios complexes à partir de ces notifications de bas niveau. Cependant, la spécification de ces scénarios demande d'avoir au préalable construit les règles de corrélation adéquates. Ce papier se focalise sur une méthode de génération de règles de corrélation et des prérequis nécessaires à cette opération. Il évalue ensuite le travail requis pour obtenir de telles règles dans le cas d'un processus de génération automatisé