@inproceedings{510999b1b91745a889c793d282bc030c,
title = "PANDAcap: A framework for streamlining collection of full-system traces",
abstract = "Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters to the streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming to study the actions of brute-force ssh attacks.",
keywords = "Dataset, Docker, Framework, Honeypot, PANDA, Record and replay",
author = "Manolis Stamatogiannakis and Herbert Bos and Paul Groth",
note = "Publisher Copyright: {\textcopyright} 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 13th European Workshop on Systems Security, EuroSec 2020 ; Conference date: 27-04-2020",
year = "2020",
month = apr,
day = "27",
doi = "10.1145/3380786.3391396",
language = "Ingl{\'e}s",
series = "Proceedings of the 13th European Workshop on Systems Security, EuroSec 2020",
publisher = "Association for Computing Machinery, Inc",
pages = "1--6",
booktitle = "Proceedings of the 13th European Workshop on Systems Security, EuroSec 2020",
}