Navigation
FTSCS Home- Editorial Board
- Current Issue
- Indexing
- Forthcoming Articles
- Ethical Standards and Transparency in Publishing Standards (E-STaPS)
Archives
- Vol. 4
- Vol. 3
- Vol. 2
- Vol. 1
Archiving
Fernando Martins De Bulhão is a member of
Behavior-Aware Linux Defense: Kernel-Based Correlation of System Logs for Advanced Persistent Threat Mitigation
Authors:
S. Premkumar, Edwin Shalom Soji
Addresses:
Department of Computer Applications, Bharath Institute of Higher Education and Research, Chennai, Tamil Nadu, India. Department of Computer Science, Bharath Institute of Higher Education and Research, Chennai, Tamil Nadu, India.
These logs are fed into a two-stage hybrid model that utilizes Random Forests. The work is based on a filtered dataset containing 449 unique high-fidelity attack scenarios from the ADFA-LD. Results show significantly low false positives and high detection. For feature importance and Long Short-Term Memory networks for sequence anomaly detection. The method uses a behavior-aware engine that passively inspects system calls, file system changes, and inter-process communication. At a conceptual level, the experiment uses a series of open-source utilities. The Extended Berkeley Packet Filter (eBPF) for non-invasive kernel tracing, audited to write logs, and the ELK Stack (Elasticsearch, Logstash, Kibana) to collect data. Contrary to traditional signature-based intrusion detection systems, which are static in nature, the sensitivity to “living-off-the-land” binaries are heavily favoured by advanced persistent threat (APT) groups. Techniques at the kernel level. In this paper, researchers propose a new security framework for identifying and eliminating APTs on Linux systems through log correlation. Synthetic kernel logs, which comprise sophisticated threat vectors such as privilege escalation and persistence. The system associates diverse log events, such as abnormal shell spawning, unauthorized anode modifications, and so on, to form a comprehensive view of the attack chain.
Keywords: Kernel Tracing; System Call Analysis; Anomaly Detection; Log Correlation; Behavioral Profiling; Cloud Computing; Linux Environments; Advanced Persistent Threats.
Received on: 07/03/2025, Revised on: 02/05/2025, Accepted on: 08/08/2025, Published on: 11/01/2026
DOI: 10.69888/FTSCS.2026.000609
FMDB Transactions on Sustainable Computing Systems, 2026 Vol. 4 No. 1, Pages: 52-62
- Views : 83
- Downloads : 9