We present a common data model for representing causal events across a wide range of
platforms and granularities. The model was developed for attack provenance analysis under …

With the continuous development of network security situations, the types of attacks increase
sharply, but can be divided into symmetric attacks and asymmetric attacks. Symmetric …

In order to effectively detect APT attacks performed by well-organized adversaries, we
implemented a system to detect attacks by reconstructing attack chains of APT attacks. Our …

Knowing that a persistent attacker will eventually succeed in gaining a foothold inside the
targeted network despite prevention mechanisms, it is mandatory to perform security …

DTrace and eBPF are among the most powerful observability tools available on general-
purpose operating systems today, with which users can ask arbitrary questions and receive …

본 연구에서는 조직화된 공격 주체가 수행하는 APT 공격을 효과적으로 탐지하기 위하여,
공격체인을 구성하여 공격을 탐지하는 시스템을 구축하였다. 공격체인 기반 APT 공격 탐지 …