High Accuracy Attack Provenance via Binary-based Execution Partition

Author(s): Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu

Download: Paper (PDF)

Date: 23 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

To trace the provenance of cyber attacks, audit log analysis faces the challenge of input-output dependence explosion. We develop a binary analysis/hardening technique that partitions the execution of an event-driven process into multiple “units” so that logging can be performed with units — not processes — as subjects. Our evaluation shows significant improvement in attack provenance accuracy with low overhead.