Volume 4 Number 5 (May 2009)
Home > Archive > 2009 > Volume 4 Number 5 (May 2009) >
JCP 2009 Vol.4(5): 423-432 ISSN: 1796-203X
doi: 10.4304/jcp.4.5.423-432

Classification of Malicious Distributed SELinux Activities

Mathieu Blanc, Patrice Clemente, Jonathan Rouzaud-Cornabas, Christian Toinard
ENSI de Bourges, LIFO EA 40 22, 88 Bld Lahitolle, 18020 Bourges Cedex, France CEA, DAM, DIF F-91297 Arpajon, France
Abstract—This paper deals with the classification of malicious activities occurring on a network of SELinux hosts. SELinux system logs come from a high interaction distributed honeypot. An architecture is proposed to compute those events in order to assemble system sessions, such as malicious ones. Afterwards, recognition mechanisms are proposed to classify those activities. The paper presents the classification architecture using comprehensive examples. It is the first solution that supports SELinux sessions. In contrast with previous works, distributed sessions are better addressed using only SELinux logs. The results of experiments use real samples taken from our honeypot. A high performance architecture enables to compute a large amount of events captured during one year on our high interaction honeypot. Our approach enables the real-time reconstruction of system sessions. Moreover, sessions are compared to patterns in order to classify them according to specific attacks. The paper shows that the classification can be done in a linear time. An automatic recognition of new patterns is proposed.

Index Terms—SELinux sessions, classification of attacks, distributed sessions.

[PDF]

Cite: Mathieu Blanc, Patrice Clemente, Jonathan Rouzaud-Cornabas, Christian Toinard, "Classification of Malicious Distributed SELinux Activities," Journal of Computers vol. 4, no. 5, pp. 423-432, 2009.

General Information

ISSN: 1796-203X
Frequency: Monthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Sep 13, 2018 News!

    Vol 13, No 10 has been published with online version   [Click]

  • Apr 28, 2019 News!

    Vol 14, No 4 has been published with online version 8 papers are published in this issue after peer review   [Click]

  • Mar 20, 2019 News!

    Vol 14, No 3 has been published with online version   [Click]

  • Feb 22, 2019 News!

    Vol 14, No 2 has been published with online version 8 papers are published in this issue after peer review   [Click]

  • Jan 04, 2019 News!

    Vol 14, No 1 has been published with online version   [Click]

  • Read more>>