User login

Weekly Report -- 16/09/2016




Kept tinkering with my mock skeptic install. I was a little concerned about the memory usage of anomaly_ts so I went back over some previous work I did to work out relative accuracy rates of each detector under a variety of different parameter settings to try and find good settings for each detector that used a minimal amount of stored history.

Spent a bit of time reading over some papers on mining temporal properties from sequences of function calls. The algorithms that these people are using are a bit tricky to decipher -- the explanation is a bit terse and I don't really have the background in the area to fill in the gaps -- so hopefully Harris will be able to get further than I did.

Continued building FSMs for common syscall patterns. Started working with the user study data which is not at all well covered by my existing FSMs. This appears to be mostly because of various Gnome / X processes and widgets that are continuously polling and receiving events. The syscalls generated by these processes drowns out everything else, so it is hard to find the actions that the users actually performed during the study.

Arranged travel and accommodation for my upcoming trip to IMC.