Anis Yusof (NU Singapore)

To improve the preparedness of Security Operation Center (SOC), analysts may leverage provenance graphs to deepen their understanding of existing cyberattacks. However, the unknown nature of a cyberattack may result in a provenance graph with incomplete details, thus limiting the comprehensive knowledge of the cyberattack due to partial indicators. Furthermore, using outdated provenance graphs imposes a limit on the understanding of cyberattack trends. This negatively impacts SOC operations that are responsible for detecting and responding to threats and incidents. This paper introduces PROVCON, a framework that constructs a provenance graph representative of a cyberattack. Based on documented cyberattacks, the framework reproduces the cyberattack and generates the corresponding data for attack analysis. The knowledge gained from existing cyberattacks through the constructed provenance graph is instrumental in enhancing the understanding and improving decision-making in SOC. With the use of PROVCON, SOC can improve its cybersecurity posture by aligning its operations based on insights derived from documented observations.

View More Papers

Automatic Library Fuzzing through API Relation Evolvement

Jiayi Lin (The University of Hong Kong), Qingyu Zhang (The University of Hong Kong), Junzhe Li (The University of Hong Kong), Chenxin Sun (The University of Hong Kong), Hao Zhou (The Hong Kong Polytechnic University), Changhua Luo (The University of Hong Kong), Chenxiong Qian (The University of Hong Kong)

Read More

A Formal Approach to Multi-Layered Privileges for Enclaves

Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai Jiao Tong University), Zhen Huang (Shanghai Jiao Tong University), Guoxing Chen (Shanghai Jiao Tong University), Hongfei Fu (Shanghai Jiao Tong University), Yuanyuan Zhang (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University)

Read More

Ring of Gyges: Accountable Anonymous Broadcast via Secret-Shared Shuffle

Wentao Dong (City University of Hong Kong), Peipei Jiang (Wuhan University; City University of Hong Kong), Huayi Duan (ETH Zurich), Cong Wang (City University of Hong Kong), Lingchen Zhao (Wuhan University), Qian Wang (Wuhan University)

Read More

An Empirical Study on Fingerprint API Misuse with Lifecycle...

Xin Zhang (Fudan University), Xiaohan Zhang (Fudan University), Zhichen Liu (Fudan University), Bo Zhao (Fudan University), Zhemin Yang (Fudan University), Min Yang (Fudan University)

Read More