Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SETC: A Vulnerability Telemetry Collection Framework

Ryan Holeman, John Hastings, Varghese Mathew Vaidyan

TL;DR

The paper addresses the challenge of generating rich, repeatable vulnerability-exploit telemetry for defensive security research, which is hampered by non-reproducible real-world data and manual experimental workflows. It introduces SETC, a Docker/Kubernetes-based framework that automates end-to-end vulnerability exploitation within isolated containers, with modular vulnerable-services, exploits, telemetry sources, and a logging pipeline. The framework uses JSON configuration to define multi-container deployments, exploit orchestration, telemetry collection, and data sinks, enabling scalable data generation and standard-format logging (CIM, OCSF, CEF) for analysis. An example scenario with HTTP vulnerabilities demonstrates repeatability and the ability to evaluate detection methods, while the paper discusses limitations (Docker-only sidecars, Windows containers) and plans for Kubernetes migration and future work.

Abstract

As emerging software vulnerabilities continuously threaten enterprises and Internet services, there is a critical need for improved security research capabilities. This paper introduces the Security Exploit Telemetry Collection (SETC) framework - an automated framework to generate reproducible vulnerability exploit data at scale for robust defensive security research. SETC deploys configurable environments to execute and record rich telemetry of vulnerability exploits within isolated containers. Exploits, vulnerable services, monitoring tools, and logging pipelines are defined via modular JSON configurations and deployed on demand. Compared to current manual processes, SETC enables automated, customizable, and repeatable vulnerability testing to produce diverse security telemetry. This research enables scalable exploit data generation to drive innovations in threat modeling, detection methods, analysis techniques, and remediation strategies. The capabilities of the framework are demonstrated through an example scenario. By addressing key barriers in security data generation, SETC represents a valuable platform to support impactful vulnerability and defensive security research.

SETC: A Vulnerability Telemetry Collection Framework

TL;DR

The paper addresses the challenge of generating rich, repeatable vulnerability-exploit telemetry for defensive security research, which is hampered by non-reproducible real-world data and manual experimental workflows. It introduces SETC, a Docker/Kubernetes-based framework that automates end-to-end vulnerability exploitation within isolated containers, with modular vulnerable-services, exploits, telemetry sources, and a logging pipeline. The framework uses JSON configuration to define multi-container deployments, exploit orchestration, telemetry collection, and data sinks, enabling scalable data generation and standard-format logging (CIM, OCSF, CEF) for analysis. An example scenario with HTTP vulnerabilities demonstrates repeatability and the ability to evaluate detection methods, while the paper discusses limitations (Docker-only sidecars, Windows containers) and plans for Kubernetes migration and future work.

Abstract

As emerging software vulnerabilities continuously threaten enterprises and Internet services, there is a critical need for improved security research capabilities. This paper introduces the Security Exploit Telemetry Collection (SETC) framework - an automated framework to generate reproducible vulnerability exploit data at scale for robust defensive security research. SETC deploys configurable environments to execute and record rich telemetry of vulnerability exploits within isolated containers. Exploits, vulnerable services, monitoring tools, and logging pipelines are defined via modular JSON configurations and deployed on demand. Compared to current manual processes, SETC enables automated, customizable, and repeatable vulnerability testing to produce diverse security telemetry. This research enables scalable exploit data generation to drive innovations in threat modeling, detection methods, analysis techniques, and remediation strategies. The capabilities of the framework are demonstrated through an example scenario. By addressing key barriers in security data generation, SETC represents a valuable platform to support impactful vulnerability and defensive security research.
Paper Structure (10 sections, 4 figures, 2 tables)

This paper contains 10 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background & Motivation
  3. System Overview
  4. System Design
  5. Tests & Evaluation
  6. Limitations
  7. Future Work
  8. Related Work
  9. Conclusion
  10. Availability

Figures (4)

  • Figure 1: SETC framework design.
  • Figure 2: Example SETC configuration entry.
  • Figure 3: SETC workflow.
  • Figure 4: Example CIM log entry.