You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1021 B
Markdown
44 lines
1021 B
Markdown
# Introduction
|
|
|
|
This program is designed to monitor processes running on a linux/osx machine. It assumes logging hasn't been properly done.
|
|
The program answers basic questions:
|
|
|
|
- Is a given program still running
|
|
- How much resource (memory/cpu) a program is using up
|
|
- The number of processes found
|
|
- Folder monitoring ...
|
|
|
|
#Architecture
|
|
|
|
The architecture of the system is distributed with a central master node,
|
|
{
|
|
"id":"",
|
|
"key":"",
|
|
"apps":[],
|
|
"sandbox":[{"path":"","requirements":""}],
|
|
"folders":["path-1"],
|
|
"store":{}
|
|
"actions":{}
|
|
}
|
|
|
|
The agent will perform three basic functions :
|
|
|
|
- data collection (building up the dataset)
|
|
- classification of status for a given process:
|
|
|
|
x y z
|
|
0 0 1 idle
|
|
1 1 1 running
|
|
0 0 0 crash
|
|
|
|
with x : memory used
|
|
y : cpu usage
|
|
z : number of processes found
|
|
|
|
- Prediction of crashes using multivariate anomaly detection
|
|
This allows the learner to determine if something unusual is happening.
|
|
|
|
|
|
|
|
|