CaSolver

Overview

The CaSolver module is responsible for analyzing the content of each event, which can either be signatures (hash sums) or full data buffers.

Components

It is composed of two submodules:

Signature Computation (SigComp): used the MinHash algorithm to compute hash sums of the full data buffers. Only used in case events signatures are not provided.
Data Analysis (DataAnalysis): applies data similarity estimation algorithms (LSH) to find events with a high probability of operating over the same data flow.

The CaSolver adds the inferred similarity information (i.e., a list of similar events) to the original trace data (provided by Falcon-Solver), and output a new file to fed to Falcon-Visualizer.

Implementations

CaSolver has two implementations:

casolver-go: CaSolver implemented in Go. To use with traces collected by the CatBpf tracer.
casolver-py: CaSolver implemented in Python. To use with traces collected by the CatStrace tracer.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CaSolver

Overview

Components

Implementations

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Contents

Clone this wiki locally