The CLUE project develops an infrastructure to detect and diagnose system anomalies in enterprise systems. These anomalies include stealthy malware and other types of hidden system anomalies. CLUE provides a diverse set of tools to find and understand such anomalies with minimal disruption to the target system.
- PDNS: a malware detection agent based on program DNS behaviors (paper)
- TBQL: a domain-specific language for system-behavioral queries (stream-processing paper, progressive-processing paper)
- IntroSec: a low-overhead security audit logging tool for Windows (paper)
- PerfGuard: a binary instrumentation tool for self-triggered performance diagnosis (paper)
- IntroPerf: a deep performance diagnosis tool using system event logs (paper)