The CLUE project develops an infrastructure to detect and diagnose system anomalies in enterprise and cloud systems. These anomalies include stealthy malware and other types of hidden system anomalies. CLUE provides a diverse set of tools to find and understand such anomalies with minimal disruption to the target system.
- FMS: an enterprise analysis tool to find outdated programs and computers (paper)
- PDNS: a malware detection agent based on program DNS behaviors (paper)
- TBQL: a domain-specific language for system-behavioral queries (stream-processing paper, progressive-processing paper)
- IntroSec: a low-overhead security audit logging tool for Windows (paper)
- PerfGuard: a binary instrumentation tool for self-triggered performance diagnosis (paper)
- IntroPerf: a performance diagnosis tool using system event logs (paper)