Title:
RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking
RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking
dc.contributor.author | Ji, Yang | |
dc.contributor.corporatename | Georgia Institute of Technology. Institute for Information Security & Privacy | en_US |
dc.contributor.corporatename | Georgia Institute of Technology. School of Computer Science | en_US |
dc.date.accessioned | 2018-05-05T17:26:36Z | |
dc.date.available | 2018-05-05T17:26:36Z | |
dc.date.issued | 2018-04-18 | |
dc.description | Presented as part of the Cybersecurity Demo Day on April 12, 2018 at 4:00 p.m. in the Krone Engineered Biosystems Building, Room 1005. | en_US |
dc.description | Yang Ji is a Research Assistant at Georgia Tech. His current research focuses on the security and privacy protection of the web and mobile operating systems. | en_US |
dc.description | Runtime: 12:56 minutes | en_US |
dc.description.abstract | As modern attacks become more stealthy and persistent, detecting or preventing them at their early stages becomes virtually impossible. Instead, an attack investigation or provenance system aims to continuously monitor and log interesting system events with minimal overhead. Later, if the system observes any anomalous behavior, it analyzes the log to identify who initiated the attack, which resources were affected by the attack, and how to recover from any damage incurred. We propose RAIN, a Refinable Attack INvestigation system based on a record-replay technology that records system-call events during runtime and performs instruction-level dynamic information flow tracking (DIFT) during on-demand process replay. Instead of replaying every process with DIFT, RAIN conducts system-call-level reachability analysis to filter out unrelated processes and minimize the number of processes to be replayed, making inter-process DIFT feasible. Evaluation results show that RAIN effectively prunes out unrelated processes and determines attack causality with negligible false positive rates. In addition, the runtime overhead of RAIN is similar to existing system-call level provenance systems and its analysis overhead is much smaller than full-system DIFT. Research by Yang Ji, with Evan Downing, Mattia Fazzini, Sangho Lee and Weiren Wang. | en_US |
dc.format.extent | 12:56 minutes | |
dc.identifier.uri | http://hdl.handle.net/1853/59659 | |
dc.language.iso | en_US | en_US |
dc.publisher | Georgia Institute of Technology | en_US |
dc.relation.ispartofseries | Cybersecurity Lecture Series | |
dc.subject | Investigation techniques | en_US |
dc.subject | Surveillance mechanisms | en_US |
dc.subject | System forensics | en_US |
dc.title | RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking | en_US |
dc.type | Moving Image | |
dc.type.genre | Lecture | |
dspace.entity.type | Publication | |
local.contributor.corporatename | School of Cybersecurity and Privacy | |
local.contributor.corporatename | College of Computing | |
local.relation.ispartofseries | Institute for Information Security & Privacy Cybersecurity Lecture Series | |
relation.isOrgUnitOfPublication | f6d1765b-8d68-42f4-97a7-fe5e2e2aefdf | |
relation.isOrgUnitOfPublication | c8892b3c-8db6-4b7b-a33a-1b67f7db2021 | |
relation.isSeriesOfPublication | 2b4a3c7a-f972-4a82-aeaa-818747ae18a7 |
Files
Original bundle
1 - 3 of 3
No Thumbnail Available
- Name:
- cyberdd18_rain.mp4
- Size:
- 102.82 MB
- Format:
- MP4 Video file
- Description:
- Download video
No Thumbnail Available
- Name:
- cyberdd18_rain_videostream.html
- Size:
- 1.01 KB
- Format:
- Hypertext Markup Language
- Description:
- Streaming video
No Thumbnail Available
- Name:
- transcription.txt
- Size:
- 6.71 KB
- Format:
- Plain Text
- Description:
- Transcription
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 3.13 KB
- Format:
- Item-specific license agreed upon to submission
- Description: