Mireille Ducassé

Learn More
At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used(More)
Traces of program executions are a helpful source of information for program debugging. They, however, give a picture of program executions at such a low level that users often have diiculties to interpret the information. Opium, our extendable trace analyzer, is connected to a \standard" Prolog tracer. Opium is programmable and extendable. It provides a(More)
We present Coca, an automated debugger for C, where the breakpoint mechanism is based on events related to language constructs. Events have semantics whereas source lines used by most debuggers do not have any. A trace is a sequence of events. It can be seen as an ordered relation in a database. Users can specify precisely which events they want to see by(More)
In many existing misuse intrusion detection systems, intrusion signatures are very close to the detection algorithms. As a consequence , they contain too many cumbersome details. Recent work have proposed declarative signature languages that raise the level of abstraction when writing signatures. However, these languages do not always come with operational(More)
Combining an "anomaly" and a "misuse" IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (i.e. not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied(More)
This article proposes a structuring view of the area of automated debugging. Nineteen automated debugging systems are analyzed. Thirteen existing automated debugging techniques are brieey evaluated from a pragmatic point of view. The three underlying strategies are identiied, namely veriication with respect to speciication, checking with respect to language(More)
Our review is based on descriptions of 18 existing automated systems on program debugging and of a dozen cognitive studies on debugging. We propose a classification of debugging knowledge, and a description of the corresponding knowledge representation in the systems. Then we propose a classification of global debugging strategies used in the systems, and a(More)