Skip to Main Content
This paper presents a complete framework for the specification and the detection of patterns as well as the abstraction of kernel traces. We propose a declarative, and easy-to-use scripting language, for the pattern specification. The compiled patterns are then fed-to a detection engine which analyzes the traces, and gradually communicates with an output module to warn the administrator about the underlying problems executing on the system. We consider that our approach is general enough to be used with any kind of traces (net work or host-based) or even combined traces. Moreover, the proposed language can describe efficiently patterns related to different types of domains like security, performance, and abstraction.