2023-7-17 12:44:23 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏
演讲主题:Bridging the Gap in System Provenance Analysis
演讲人:梁振凯 新加坡国立大学教授
时间:2023年7月20日(周四)16:00-17:00
地址:清华大学FIT楼3-230会议室
注:本次学术报告为线下交流会,如未能参加本次讲座,8月8日上午InForSec夏令营“导师面对面”专题活动中,梁老师将在线与大家再次进行交流。(现场参会请扫描文末的二维码进行报名,清华大学入校需要报备信息。)
内容摘要
Endpoint monitoring solutions are widely deployed in today’s enterprise environments to support advanced attack detection and investigation. These monitors continuously record system-level activities as audit logs and provide deep visibility into security incidents. Unfortunately, to recognize behaviors of interest and detect potential threats, cyber analysts face a semantic gap between low-level audit events and high-level system behaviors. To bridge this gap, existing work matches streams of audit logs against a knowledge base of rules that describe behaviors. However, specifying such rules heavily relies on expert knowledge. In this talk, we introduce our recent work on abstracting behaviors and analyzing cyber threats by inferring and aggregating the semantics of audit events. It uncovers the semantics of events through their usage context in audit logs and identifies semantically similar behaviors. Furthermore, by mapping security concepts of system entity interactions to recommendation concepts of user-item interactions, we identify cyber threats by predicting the preferences of a system entity on its interactive entities. We develop a solution, ShadeWatcher, that uses the high-order connections among system audit events as the basis to recommend possible threats.
演讲人简介
Zhenkai Liang is an Associate Professor in the Department of Computer Science at National University of Singapore. He is also a co-Lead Principal Investigator of National Security R&D Lab of Singapore. His research interests are in system and software security, such as binary program analysis, security in Web, mobile, and Internet-of-things (IoT) platforms. He has been publishing high-impact papers in top security and software engineering conferences, and has won several best paper awards in security and software engineering conference, including Annual Computer Security Applications Conference (ACSAC), USENIX Security Symposium, and ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE). He has also won the Annual Teaching Excellence Award of NUS in 2014 and 2015. He is a current member of the Steering Group of NDSS and has served as technical committee members and editorial board members of main security conferences and journals, including ACM Conference on Computer and Communications Security (CCS), USENIX Security Symposium, Network and Distributed System Security Symposium (NDSS), and IEEE Transactions on Dependable and Secure Computing (TDSC) and ACM Transaction on Privacy and Security (TOPS). He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, and B.S. degrees in Computer Science and Economics from Peking University in 1999.
扫描下方二维码报名现场参会
如有侵权请联系:admin#unsafe.sh