Mining Event Tracing for Windows (ETW)

As cyber adversaries are becoming more creative, analysts are required to figure out more innovative ways to detect them to be able to respond before it’s too late. To detect any underlying threat inside a system, data logs are collected showing events and activities occurring inside the system. Adversaries nowadays are capable of evading detection and doing activities that do not always get recorded. Event Tracing for Windows (ETW) offers new data sources to collect logs from that can be of great benefit in detecting adversaries and their movement inside computer systems. ETW is quite flexible and spans many different log providers that can cover a huge deal of logs. This project will work on mining data obtained from ETW logs to create a tool that detects malicious patterns that indicate that a system is compromised or if it’s under attack.

Faculty Supervisor:

Charlie Obimbo

Student:

Partner:

eSentire

Discipline:

Computer science

Sector:

Cyber Security; Information and Communications Technology; Technology

University:

University of Guelph

Program:

Accelerate

Related projects

Discover more projects across a range of sectors and discipline — from AI to cleantech to social innovation.

View all
Current openings

Find the perfect opportunity to put your academic skills and knowledge into practice!

Find Projects

Mitacs Partners

The strong support from governments across Canada, international partners, universities, colleges, companies, and community organizations has enabled Mitacs to focus on the core idea that talent and partnerships power innovation — and innovation creates a better future.

Government
Academic
Industry
Innovation
International

International

Load More

International

Load More

Join a thriving innovation ecosystem.

Subscribe to our newsletter now!

Subscribe