BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2004-493
ENTRY:: March 31, 2004
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: The Kerf toolkit for intrusion analysis
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Aslam, Javed
AUTHOR:: Bratus, Sergey
AUTHOR:: Kotz, David
AUTHOR:: Peterson, Ron
AUTHOR:: Rus, Daniela
AUTHOR:: Tofel, Brett
DATE:: March 2004
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2004-493.pdf
ABSTRACT:: 
We consider the problem of intrusion analysis and present the
Kerf Toolkit, whose purpose is to provide an efficient and
flexible infrastructure for the analysis of attacks.  The Kerf Toolkit
includes a mechanism for securely recording host and network logging
information for a network of workstations, a domain-specific language
for querying this stored data, and an interface for viewing the
results of such a query, providing feedback on these results, and
generating new queries in an iterative fashion.  We describe the
architecture of Kerf, present examples to demonstrate the
power of our query language, and discuss the performance of our
implementation of this system.
END:: ncstrl.dartmouthcs//TR2004-493