High Accuracy Attack Provenance via Binary-based Execution Partition
Download: Paper (PDF)
Date: 23 Apr 2013
Document Type: Presentations
Additional Documents: Slides
Associated Event: NDSS Symposium 2013
To trace the provenance of cyber attacks, audit log analysis faces the challenge of input-output dependence explosion. We develop a binary analysis/hardening technique that partitions the execution of an event-driven process into multiple “units” so that logging can be performed with units — not processes — as subjects. Our evaluation shows significant improvement in attack provenance accuracy with low overhead.