PANDAcap: A framework for streamlining collection of full-system traces

Manolis Stamatogiannakis, Herbert Bos, Paul Groth

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

153 Downloads (Pure)


Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters to the streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming to study the actions of brute-force ssh attacks.

Original languageEnglish
Title of host publicationEuroSec '20
Subtitle of host publicationProceedings of the 13th European Workshop on Systems Security
PublisherAssociation for Computing Machinery, Inc
Number of pages6
ISBN (Electronic)9781450375238
Publication statusPublished - 27 Apr 2020
Event13th European Workshop on Systems Security, EuroSec 2020 - Heraklion, Greece
Duration: 27 Apr 2020 → …


Conference13th European Workshop on Systems Security, EuroSec 2020
Period27/04/20 → …


  • Dataset
  • Docker
  • Framework
  • Honeypot
  • Record and replay


Dive into the research topics of 'PANDAcap: A framework for streamlining collection of full-system traces'. Together they form a unique fingerprint.

Cite this