Papers from David Kotz and his research group, about Kerf (security-log visualization tool). en-us Thu, 09 Apr 2026 16:28:48 +0000 https://www.cs.dartmouth.edu/~kotz/research/project/kerf/index.html https://validator.w3.org/feed/docs/rss2.html aslam:kerf-news Fri, 01 Jul 2005 00:00:00 Javed Aslam, Sergey Bratus, David Kotz, Ronald Peterson, and Daniela Rus. <b>The Kerf toolkit for intrusion analysis.</b> <i>IAnewsletter</i>, volume 8, number 2, pages 12–16. Information Assurance Technology Analysis Center (IATAC), Summer 2005. https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-news/index.html aslam:toolkit Mon, 01 Nov 2004 00:00:00 Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Brett Tofel, and Daniela Rus. <b>The Kerf toolkit for intrusion analysis.</b> <i>IEEE Security & Privacy</i>, volume 2, number 6, pages 42–52. IEEE, November 2004. doi:10.1109/MSP.2004.113. <p><b>Abstract:</b> <p>We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.</p></p> https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit/index.html aslam:kerf-WIP Sun, 01 Aug 2004 00:00:00 Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, and Daniela Rus. <b>Kerf: Machine Learning to Aid Intrusion Analysts.</b> <i>Proceedings of the USENIX Security Symposium</i>, 1 page. USENIX Association, August 2004. Work-in-progress report. https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-WIP/index.html aslam:toolkit-tr Mon, 01 Mar 2004 00:00:00 Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, and Brett Tofel. <b>The Kerf toolkit for intrusion analysis.</b> Technical Report number TR2004-493, Dartmouth Computer Science, March 2004. <p><b>Abstract:</b> <p>We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.</p></p> https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-tr/index.html aslam:toolkit-p Sun, 01 Jun 2003 00:00:00 Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, and Brett Tofel. <b>The Kerf toolkit for intrusion analysis (Poster abstract).</b> <i>Proceedings of the IEEE Workshop on Information Assurance</i>, pages 301–303. IEEE, West Point, NY, June 2003. doi:10.1109/SMCSIA.2003.1232441. <p><b>Abstract:</b> <p>We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.</p></p> https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-p/index.html