TWC: Medium: Collaborative: Towards a Binary-Centric Framework for Cyber Forensics in Enterprise Environments

TWC:媒介:协作:迈向企业环境中以二进制为中心的网络取证框架

基本信息

  • 批准号:
    1409668
  • 负责人:
  • 金额:
    $ 80万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2014
  • 资助国家:
    美国
  • 起止时间:
    2014-09-01 至 2019-08-31
  • 项目状态:
    已结题

项目摘要

Emerging attacks such as Advanced Persistent Threats pose significant threat to cyberspace. These attacks are often stealthy, low-and-slow, and disguised via deceptive campaigns. This research focuses on the forensics of cyber attacks targeting enterprise environments, with the goals of (1) understanding an attack's intent, strategy, steps, and targets, (2) collecting digital evidence for legal proceedings, (3) revealing hidden attack behaviors to prevent or minimize damage.To achieve these goals, an integrated framework is being developed which covers three key aspects - temporal, spatial, and malware-behavioral forensics. All three aspects face the common challenge of analyzing binary executables. More specifically, temporal forensics requires finer-grain program logging for identifying attack provenance and ramifications. The solution is to partition a binary program's execution and data for high-accuracy causal analysis. Malware forensics involves revealing malware behaviors that are multi-stage, condition-guarded, and environment-specific. The solution is a new binary analysis approach that force-executes an unknown binary without input or environment setup and exposes the malware's behavior along the execution paths forced into. Temporal forensics requires understanding unknown file formats and in-memory data structure contents. The solution is to identify and reuse the file parsing/generation and data structure rendering logic in the corresponding binary programs.This research will advance the state-of-the-art in cyber forensics, a critical need as our nation and society become increasingly dependent on cyberinfrastructures. It will help train next-generation cybersecurity experts by exposing students to real case investigations. Under-represented students are being involved in research activities and cyber forensics exercises.
高级持续性威胁等新出现的攻击对网络空间构成了重大威胁。这些攻击往往是隐蔽的、低速的,并通过欺骗性的行动进行伪装。本研究致力于针对企业环境的网络攻击取证,目的是(1)了解攻击的意图、策略、步骤和目标,(2)为法律诉讼收集数字证据,(3)揭示隐藏的攻击行为,以防止或最大限度地减少损害。为了实现这些目标,正在开发一个涵盖时间、空间和恶意软件行为取证三个关键方面的集成框架。这三个方面都面临着分析二进制可执行文件的共同挑战。更具体地说,时态取证需要更细粒度的程序日志记录来识别攻击来源和后果。解决方案是对二进制程序的执行和数据进行划分,以便进行高精度的因果分析。恶意软件取证涉及揭示多阶段、受条件保护和特定于环境的恶意软件行为。解决方案是一种新的二进制分析方法,它在没有输入或环境设置的情况下强制执行未知的二进制文件,并沿着强制进入的执行路径暴露恶意软件的行为。时态取证需要了解未知的文件格式和内存中的数据结构内容。解决方案是在相应的二进制程序中识别和重用文件解析/生成和数据结构呈现逻辑。这项研究将推动网络取证的最新发展,随着我们的国家和社会越来越依赖网络基础设施,这是一项关键需求。它将通过让学生接触真实的案件调查来帮助培训下一代网络安全专家。代表不足的学生正在参与研究活动和网络取证练习。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Dongyan Xu其他文献

Towards an integrated multimedia service hosting overlay
迈向集成多媒体服务托管覆盖
PGPatch: Policy-Guided Logic Bug Patching for Robotic Vehicles
PGPatch:针对机器人车辆的策略引导逻辑错误修补
Experimental Evidence of Superdiffusive Thermal Transport in Si0.4Ge0.6 Thin Films
Si0.4Ge0.6 薄膜中超扩散热传输的实验证据
  • DOI:
    10.1021/acs.nanolett.2c01050
  • 发表时间:
    2022
  • 期刊:
  • 影响因子:
    10.8
  • 作者:
    Fengju Yao;Shunji Xia;Haoxiang Wei;Jiongzhi Zheng;Ziyuan Yuan;Yusheng Wang;Baoling Huang;Deyu Li;Hong Lu;Dongyan Xu
  • 通讯作者:
    Dongyan Xu
Exposing New Vulnerabilities of Error Handling Mechanism in CAN
暴露CAN错误处理机制的新漏洞
  • DOI:
  • 发表时间:
    2021
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Khaled Serag;R. Bhatia;Vireshwar Kumar;Z. B. Celik;Dongyan Xu
  • 通讯作者:
    Dongyan Xu
Facile preparation of sulfonated biochar derived from spent coffee grounds for efficient hydrogen production from methanolysis of sodium borohydride
由用过的咖啡渣制备磺化生物炭用于高效硼氢化钠甲醇分解制氢的简便方法
  • DOI:
    10.1016/j.ijhydene.2025.03.108
  • 发表时间:
    2025-04-04
  • 期刊:
  • 影响因子:
    8.300
  • 作者:
    Enzheng Hu;Kang Xu;Dongyan Xu;Danyang Liu;Lin Zhao
  • 通讯作者:
    Lin Zhao

Dongyan Xu的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Dongyan Xu', 18)}}的其他基金

SaTC: CORE: Medium: Collaborative: Threat-Aware Defense: Evaluating Threats for Continuous Improvement
SaTC:核心:中:协作:威胁感知防御:评估威胁以持续改进
  • 批准号:
    1801601
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
NeTS: Small: Towards Exposing and Mitigating End-to-End TCP Performance and Fairness Issues in Data Center Networks
NetS:小型:致力于暴露和缓解数据中心网络中的端到端 TCP 性能和公平性问题
  • 批准号:
    1219004
  • 财政年份:
    2012
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TC: EAGER: Binary-based Data Structure Revelation for Memory Forensics
TC:EAGER:用于内存取证的基于二进制的数据结构揭示
  • 批准号:
    1049303
  • 财政年份:
    2010
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
Collaborative Research: II-New: OpenVMI: A Software Instrument for Virtual Machine Introspection
协作研究:II-新:OpenVMI:用于虚拟机自省的软件工具
  • 批准号:
    0855141
  • 财政年份:
    2009
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
CSR-EHS: Collaborative Research: H-Media: The Holistic-Multistream Environment for Distributed Immersive Applicatons
CSR-EHS:协作研究:H-Media:分布式沉浸式应用程序的整体多流环境
  • 批准号:
    0720665
  • 财政年份:
    2007
  • 资助金额:
    $ 80万
  • 项目类别:
    Continuing Grant
CT-ISG: Collaborative Proposal : Enabling Detection of Elusive Malware by Going Out of the Box with Semantically Reconstructed View (OBSERV)
CT-ISG:协作提案:通过语义重建视图 (OBSERV) 开箱即用,能够检测难以捉摸的恶意软件
  • 批准号:
    0716444
  • 财政年份:
    2007
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
CAREER: Towards Virtual Distributed Environments in a Shared Distributed Infrastructure
职业:在共享分布式基础设施中迈向虚拟分布式环境
  • 批准号:
    0546173
  • 财政年份:
    2006
  • 资助金额:
    $ 80万
  • 项目类别:
    Continuing Grant
SGER: Collaborative Research: NMI Development (CISE): Self-Managing Distributed Virtual Environments
SGER:协作研究:NMI 开发 (CISE):自我管理分布式虚拟环境
  • 批准号:
    0504261
  • 财政年份:
    2005
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
SCI: NMI DEPLOYMENT(ENG) nanoHUB
SCI:NMI 部署(ENG)nanoHUB
  • 批准号:
    0438246
  • 财政年份:
    2004
  • 资助金额:
    $ 80万
  • 项目类别:
    Cooperative Agreement

相似海外基金

TWC SBE: Medium: Collaborative: Brain Hacking: Assessing Psychological and Computational Vulnerabilities in Brain-based Biometrics
TWC SBE:媒介:协作:大脑黑客:评估基于大脑的生物识别技术中的心理和计算漏洞
  • 批准号:
    1840790
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Continuing Grant
TWC: Medium: Collaborative: Black-Box Evaluation of Cryptographic Entropy at Scale
TWC:媒介:协作:大规模密码熵的黑盒评估
  • 批准号:
    1937622
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC SBE: Medium: Collaborative: Building a Privacy-Preserving Social Networking Platform from a Technological and Sociological Perspective
TWC SBE:媒介:协作:从技术和社会学角度构建保护隐私的社交网络平台
  • 批准号:
    1855391
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs
TWC:媒介:协作:用于执行、管理和保护 SGX 程序的系统、工具和技术
  • 批准号:
    1834213
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Efficient Repair of Learning Systems via Machine Unlearning
TWC:媒介:协作:通过机器取消学习有效修复学习系统
  • 批准号:
    1854000
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Seal: Secure Engine for AnaLytics - From Secure Similarity Search to Secure Data Analytics
TWC:媒介:协作:Seal:AnaLytics 的安全引擎 - 从安全相似性搜索到安全数据分析
  • 批准号:
    1929901
  • 财政年份:
    2018
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms
TWC:TTP 选项:中:协作:马尔代夫:全面了解恶意软件传播机制
  • 批准号:
    1748127
  • 财政年份:
    2017
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC SBE: Medium: Collaborative: Dollars for Hertz: Making Trustworthy Spectrum Sharing Technically and Economically Viable
TWC SBE:媒介:协作:赫兹美元:使值得信赖的频谱共享在技术上和经济上可行
  • 批准号:
    1801986
  • 财政年份:
    2017
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: New Protocols and Systems for RAM-Based Secure Computation
TWC:媒介:协作:基于 RAM 的安全计算的新协议和系统
  • 批准号:
    1562888
  • 财政年份:
    2016
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs
TWC:媒介:协作:用于执行、管理和保护 SGX 程序的系统、工具和技术
  • 批准号:
    1563848
  • 财政年份:
    2016
  • 资助金额:
    $ 80万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了