beat365在线登录系列讲座 菁英论坛第13期——Bridging the Gap in System Provenance Analysis
报告题目(Title)：Bridging the Gap in System Provenance Analysis
时间(Date & Time)：2023.7.25 ; 11-12am
地点(Location)：理科一号楼1131（燕园校区） Room 1131, Science Building #1 (Yanyuan)
Endpoint monitoring solutions are widely deployed in today’s enterprise environments to support advanced attack detection and investigation. These monitors continuously record system-level activities as audit logs and provide deep visibility into security incidents. Unfortunately, to recognize behaviors of interest and detect potential threats, cyber analysts face a semantic gap between low-level audit events and high-level system behaviors. To bridge this gap, existing work matches streams of audit logs against a knowledge base of rules that describe behaviors. However, specifying such rules heavily relies on expert knowledge. In this talk, we introduce our recent work on abstracting behaviors and analyzing cyber threats by inferring and aggregating the semantics of audit events. It uncovers the semantics of events through their usage context in audit logs and identifies semantically similar behaviors. Furthermore, by mapping security concepts of system entity interactions to recommendation concepts of user-item interactions, we identify cyber threats by predicting the preferences of a system entity on its interactive entities. We develop a solution, ShadeWatcher, that uses the high-order connections among system audit events as the basis to recommend possible threats.
Zhenkai Liang is an Associate Professor in the Department of Computer Science at National University of Singapore. He is also a co-Lead Principal Investigator of National Security R&D Lab of Singapore. His research interests are in system and software security, such as binary program analysis, security in Web, mobile, and Internet-of-things (IoT) platforms. He has been publishing high-impact papers in top security and software engineering conferences, and has won several best paper awards in security and software engineering conference, including Annual Computer Security Applications Conference (ACSAC), USENIX Security Symposium, and ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE). He has also won the Annual Teaching Excellence Award of NUS in 2014 and 2015. He is a current member of the Steering Group of NDSS and has served as technical committee members and editorial board members of main security conferences and journals, including ACM Conference on Computer and Communications Security (CCS), USENIX Security Symposium, Network and Distributed System Security Symposium (NDSS), and IEEE Transactions on Dependable and Secure Computing (TDSC) and ACM Transaction on Privacy and Security (TOPS). He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, and B.S. degrees in Computer Science and Economics from Peking University in 1999.