eAUDIT: A Fast, Scalable and Deployable Audit Data Collection System
R. Sekar, Hanke Kimm, Rohit Aich
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
In the realm of cybersecurity, **Advanced Persistent Threats (APTs)** represent a formidable challenge. These sophisticated attack campaigns are characterized by their ability to bypass preventative security measures, establish long-term presence within enterprise systems, and remain undetected for extended periods, often weeks or months. Effectively combating APTs necessitates robust post-attack detection and forensic analysis capabilities. The talk "eAUDIT: A Fast, Scalable and Deployable Audit Data Collection System," presented by Hanke Kimm, R. Sekar, and Rohit Aich from the Secure Systems Lab at Stony Brook University, addresses a critical gap in this defense strategy: the inadequacy of existing audit data collection systems.
AI review
This research delivers a groundbreaking eBPF-based audit system, eAUDIT, that finally solves the critical problems of syscall logging: eliminating data loss, achieving minimal 3% overhead, and drastically shrinking the log tampering window to hundreds of records. Its novel two-level buffering and analytical model provide unprecedented fidelity and resilience for APT detection and forensics.