SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3093538749> ?p ?o ?g. }

Showing items 1 to 88 of 88 with 100 items per page.

W3093538749 endingPage "1638" @default.
W3093538749 startingPage "1621" @default.
W3093538749 abstract "Remote Access Trojan (RAT) attacks have become an extensively prevailing and serious threat to enterprise security. A forensic system targeting RAT attacks is needed to record and reconstruct fine-grained semantic behaviors of RATs. However, existing forensic systems suffer from various issues such as intrusive instrumentation, nontrivial recording overhead, and RAT behavior blindness. In this article, we first conduct a large-scale study of a representative set of real-world RAT families active from 1999 to 2016. This is the first study to understand the landscape of RATs in the literature. Based on the study, we then propose <sc xmlns:mml=http://www.w3.org/1998/Math/MathML xmlns:xlink=http://www.w3.org/1999/xlink>RATScope</small> , an instrumentation-free RAT forensic system targeting Windows platform. Specifically, <sc xmlns:mml=http://www.w3.org/1998/Math/MathML xmlns:xlink=http://www.w3.org/1999/xlink>RATScope</small> offers an audit logging module to efficiently record system logs by leveraging Event Tracing for Windows (ETW), and provides a novel program behavior modeling technique to reconstruct semantic behaviors of RATs accurately. We implement a prototype of <sc xmlns:mml=http://www.w3.org/1998/Math/MathML xmlns:xlink=http://www.w3.org/1999/xlink>RATScope</small> and evaluate the recording overhead and the behavior identification accuracy. The results show that the audit logging module only incurs 3.7 percent runtime overhead on average. Our system can achieve around 90 percent true positive rate in the cross-family experiment, around 80 percent true positive rate in the two-year spanning temporal experiment, and near <italic xmlns:mml=http://www.w3.org/1998/Math/MathML xmlns:xlink=http://www.w3.org/1999/xlink>zero</i> false positive rate." @default.
W3093538749 created "2020-10-29" @default.
W3093538749 creator A5003672136 @default.
W3093538749 creator A5010057779 @default.
W3093538749 creator A5016872681 @default.
W3093538749 creator A5024324179 @default.
W3093538749 creator A5035753317 @default.
W3093538749 creator A5037458498 @default.
W3093538749 creator A5047799795 @default.
W3093538749 creator A5050925843 @default.
W3093538749 creator A5055561370 @default.
W3093538749 creator A5074492926 @default.
W3093538749 date "2022-05-01" @default.
W3093538749 modified "2023-10-16" @default.
W3093538749 title "RATScope: Recording and Reconstructing Missing RAT Semantic Behaviors for Forensic Analysis on Windows" @default.
W3093538749 cites W2091682045 @default.
W3093538749 cites W2112127916 @default.
W3093538749 cites W2131523719 @default.
W3093538749 cites W2135143063 @default.
W3093538749 cites W2213728018 @default.
W3093538749 cites W2295705535 @default.
W3093538749 cites W2548593421 @default.
W3093538749 cites W2560810941 @default.
W3093538749 cites W2579106964 @default.
W3093538749 cites W2635012095 @default.
W3093538749 cites W2790316935 @default.
W3093538749 cites W2790557990 @default.
W3093538749 cites W2792591096 @default.
W3093538749 cites W2947745012 @default.
W3093538749 cites W2962703433 @default.
W3093538749 doi "https://doi.org/10.1109/tdsc.2020.3032570" @default.
W3093538749 hasPublicationYear "2022" @default.
W3093538749 type Work @default.
W3093538749 sameAs 3093538749 @default.
W3093538749 citedByCount "5" @default.
W3093538749 countsByYear W30935387492020 @default.
W3093538749 countsByYear W30935387492021 @default.
W3093538749 countsByYear W30935387492022 @default.
W3093538749 countsByYear W30935387492023 @default.
W3093538749 crossrefType "journal-article" @default.
W3093538749 hasAuthorship W3093538749A5003672136 @default.
W3093538749 hasAuthorship W3093538749A5010057779 @default.
W3093538749 hasAuthorship W3093538749A5016872681 @default.
W3093538749 hasAuthorship W3093538749A5024324179 @default.
W3093538749 hasAuthorship W3093538749A5035753317 @default.
W3093538749 hasAuthorship W3093538749A5037458498 @default.
W3093538749 hasAuthorship W3093538749A5047799795 @default.
W3093538749 hasAuthorship W3093538749A5050925843 @default.
W3093538749 hasAuthorship W3093538749A5055561370 @default.
W3093538749 hasAuthorship W3093538749A5074492926 @default.
W3093538749 hasConcept C111919701 @default.
W3093538749 hasConcept C124101348 @default.
W3093538749 hasConcept C154945302 @default.
W3093538749 hasConcept C177264268 @default.
W3093538749 hasConcept C199360897 @default.
W3093538749 hasConcept C23123220 @default.
W3093538749 hasConcept C2779960059 @default.
W3093538749 hasConcept C41008148 @default.
W3093538749 hasConceptScore W3093538749C111919701 @default.
W3093538749 hasConceptScore W3093538749C124101348 @default.
W3093538749 hasConceptScore W3093538749C154945302 @default.
W3093538749 hasConceptScore W3093538749C177264268 @default.
W3093538749 hasConceptScore W3093538749C199360897 @default.
W3093538749 hasConceptScore W3093538749C23123220 @default.
W3093538749 hasConceptScore W3093538749C2779960059 @default.
W3093538749 hasConceptScore W3093538749C41008148 @default.
W3093538749 hasFunder F4320321001 @default.
W3093538749 hasIssue "3" @default.
W3093538749 hasLocation W30935387491 @default.
W3093538749 hasOpenAccess W3093538749 @default.
W3093538749 hasPrimaryLocation W30935387491 @default.
W3093538749 hasRelatedWork W1509467138 @default.
W3093538749 hasRelatedWork W2028024605 @default.
W3093538749 hasRelatedWork W2115485936 @default.
W3093538749 hasRelatedWork W2128719260 @default.
W3093538749 hasRelatedWork W2144190808 @default.
W3093538749 hasRelatedWork W2357241418 @default.
W3093538749 hasRelatedWork W2366644548 @default.
W3093538749 hasRelatedWork W2376314740 @default.
W3093538749 hasRelatedWork W2384888906 @default.
W3093538749 hasRelatedWork W4242263690 @default.
W3093538749 hasVolume "19" @default.
W3093538749 isParatext "false" @default.
W3093538749 isRetracted "false" @default.
W3093538749 magId "3093538749" @default.
W3093538749 workType "article" @default.