SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2909996180> ?p ?o ?g. }

Showing items 1 to 87 of 87 with 100 items per page.

W2909996180 abstract "Investigating attacks across multiple hosts is challenging. The true dependencies between security-sensitive files, network endpoints, or memory objects from different hosts can be easily concealed by dependency explosion or undefined program behavior (e.g., memory corruption). Dynamic information flow tracking (DIFT is a potential solution to this problem, but, existing DIFT techniques only track information flow within a single host and lack an efficient mechanism to maintain and synchronize the data flow tags globally across multiple hosts. In this paper, we propose RTAG, an efficient data flow tagging and tracking mechanism that enables practical cross-host attack investigations. RTAG is based on three novel techniques. First, by using a record-and-replay technique, it decouples the dependencies between different data flow tags from the analysis, enabling lazy synchronization between independent and parallel DIFT instances of different hosts. Second, it takes advantage of system call-level provenance information to calculate and allocate the optimal tag map in terms of memory consumption Third, it embeds tag information into network packets to track cross-host data flows with less than 0.05% network bandwidth overhead. Evaluation results show that RTAG is able to recover the true data flows of realistic cross-hos attack scenarios. Performance wise, RTAG reduces the memory consumption of DIFT-based analysis by up to 90% and decreases the overall analysis time by 60%–90% compared with previous investigation systems." @default.
W2909996180 created "2019-01-25" @default.
W2909996180 creator A5007487580 @default.
W2909996180 creator A5008666758 @default.
W2909996180 creator A5030961858 @default.
W2909996180 creator A5045154172 @default.
W2909996180 creator A5047140382 @default.
W2909996180 creator A5059830348 @default.
W2909996180 creator A5070652882 @default.
W2909996180 creator A5090363876 @default.
W2909996180 date "2018-08-01" @default.
W2909996180 modified "2023-09-24" @default.
W2909996180 title "Efficient Data Flow Tagging and Tracking for Refinable Cross-host Attack Investigation" @default.
W2909996180 hasPublicationYear "2018" @default.
W2909996180 type Work @default.
W2909996180 sameAs 2909996180 @default.
W2909996180 citedByCount "0" @default.
W2909996180 crossrefType "proceedings-article" @default.
W2909996180 hasAuthorship W2909996180A5007487580 @default.
W2909996180 hasAuthorship W2909996180A5008666758 @default.
W2909996180 hasAuthorship W2909996180A5030961858 @default.
W2909996180 hasAuthorship W2909996180A5045154172 @default.
W2909996180 hasAuthorship W2909996180A5047140382 @default.
W2909996180 hasAuthorship W2909996180A5059830348 @default.
W2909996180 hasAuthorship W2909996180A5070652882 @default.
W2909996180 hasAuthorship W2909996180A5090363876 @default.
W2909996180 hasConcept C111919701 @default.
W2909996180 hasConcept C120314980 @default.
W2909996180 hasConcept C124101348 @default.
W2909996180 hasConcept C126831891 @default.
W2909996180 hasConcept C127162648 @default.
W2909996180 hasConcept C138885662 @default.
W2909996180 hasConcept C154945302 @default.
W2909996180 hasConcept C158379750 @default.
W2909996180 hasConcept C18903297 @default.
W2909996180 hasConcept C19768560 @default.
W2909996180 hasConcept C2778562939 @default.
W2909996180 hasConcept C2779136372 @default.
W2909996180 hasConcept C2779960059 @default.
W2909996180 hasConcept C31258907 @default.
W2909996180 hasConcept C41008148 @default.
W2909996180 hasConcept C41895202 @default.
W2909996180 hasConcept C86803240 @default.
W2909996180 hasConceptScore W2909996180C111919701 @default.
W2909996180 hasConceptScore W2909996180C120314980 @default.
W2909996180 hasConceptScore W2909996180C124101348 @default.
W2909996180 hasConceptScore W2909996180C126831891 @default.
W2909996180 hasConceptScore W2909996180C127162648 @default.
W2909996180 hasConceptScore W2909996180C138885662 @default.
W2909996180 hasConceptScore W2909996180C154945302 @default.
W2909996180 hasConceptScore W2909996180C158379750 @default.
W2909996180 hasConceptScore W2909996180C18903297 @default.
W2909996180 hasConceptScore W2909996180C19768560 @default.
W2909996180 hasConceptScore W2909996180C2778562939 @default.
W2909996180 hasConceptScore W2909996180C2779136372 @default.
W2909996180 hasConceptScore W2909996180C2779960059 @default.
W2909996180 hasConceptScore W2909996180C31258907 @default.
W2909996180 hasConceptScore W2909996180C41008148 @default.
W2909996180 hasConceptScore W2909996180C41895202 @default.
W2909996180 hasConceptScore W2909996180C86803240 @default.
W2909996180 hasLocation W29099961801 @default.
W2909996180 hasOpenAccess W2909996180 @default.
W2909996180 hasPrimaryLocation W29099961801 @default.
W2909996180 hasRelatedWork W1525658994 @default.
W2909996180 hasRelatedWork W1595529160 @default.
W2909996180 hasRelatedWork W2097665649 @default.
W2909996180 hasRelatedWork W2139354170 @default.
W2909996180 hasRelatedWork W2142367133 @default.
W2909996180 hasRelatedWork W2186408277 @default.
W2909996180 hasRelatedWork W2401472080 @default.
W2909996180 hasRelatedWork W2889245788 @default.
W2909996180 hasRelatedWork W2893632805 @default.
W2909996180 hasRelatedWork W2912262279 @default.
W2909996180 hasRelatedWork W2920840071 @default.
W2909996180 hasRelatedWork W2946133807 @default.
W2909996180 hasRelatedWork W2971773748 @default.
W2909996180 hasRelatedWork W3006883344 @default.
W2909996180 hasRelatedWork W3012486662 @default.
W2909996180 hasRelatedWork W3193366590 @default.
W2909996180 hasRelatedWork W3208013833 @default.
W2909996180 hasRelatedWork W614858908 @default.
W2909996180 hasRelatedWork W2186265681 @default.
W2909996180 hasRelatedWork W2187854411 @default.
W2909996180 isParatext "false" @default.
W2909996180 isRetracted "false" @default.
W2909996180 magId "2909996180" @default.
W2909996180 workType "article" @default.