By carefully examining execution traces of an information system, experts can detect problematic behaviors that are related to software design defects, ineficiencies as well as malicious activities. Examples of such faulty behaviors may include: excessive swapping, lock contention, undue latency, ineficient task scheduling, attempts to erase system logs, modification of system les, etc.
Mechanisms allowing fault detection already exist in Intrusion Detection Systems (IDS). Among others, they analyze network packet traces and look for attack patterns. Many of these use specialized languages to represent faulty conditions, scenarios, patterns, etc. These languages have different flavors, some are: domain specific (Panoptis, Snort, NeVO), imperative languages (ASAX, BRO), nite states (STAT, IDIOT, BSML), expert systems (P-BEST, LAMBDA), temporal logic (LogWeaver, Monid, Chronicles).
A similar approach is chosen in this project to provide an online flexible automated fault identication mechanism for execution traces. The main goal is to allow systems to trigger alarms during operations when specied problematic conditions, scenarios or patterns are detected in execution traces. Such detection system will signicantly improve the decision making process as well as thoughtful analysis and response, while maximizing time for risk mitigation.