作者
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee
发表日期
2017/10
研讨会论文
24th ACM SIGSAC Conference on Computer and Communications Security (CCS)
简介
As modern attacks become more stealthy and persistent, detecting or preventing them at their early stages becomes virtually impossible. Instead, an attack investigation or provenance system aims to continuously monitor and log interesting system events with minimal overhead. Later, if the system observes any anomalous behavior, it analyzes the log to identify who initiated the attack and which resources were affected by the attack and then assess and recover from any damage incurred. However, because of a fundamental tradeoff between log granularity and system performance, existing systems typically record system-call events without detailed program-level activities (e.g., memory operation) required for accurately reconstructing attack causality or demand that every monitored program be instrumented to provide program-level information.
To address this issue, we propose RAIN, a Refinable Attack …
学术搜索中的文章
Y Ji, S Lee, E Downing, W Wang, M Fazzini, T Kim… - Proceedings of the 2017 ACM SIGSAC conference on …, 2017