Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Improving the reliability of commodity operating systems
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Siren: Catching Evasive Malware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Provenance-Aware Tracing ofWorm Break-in and Contaminations: A Process Coloring Approach
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Flexible OS support and applications for trusted computing
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Constructing services with interposable virtual hardware
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Tracing Worm Break-In and Contaminations via Process Coloring: A Provenance-Preserving Approach
IEEE Transactions on Parallel and Distributed Systems
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Using every part of the buffalo in Windows memory analysis
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Finite state machine approach to digital event reconstruction
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
Internet-connected computer systems face ongoing software attacks. Existing defensive solutions, such as intrusion detection systems, rely on the ability to identify malicious software (malware) in order to prevent its installation. This approach remains imperfect, resulting in widespread, persistent malware infections, malicious execution, and transmission of undesirable Internet traffic. Over the past several years, we have begun to develop solutions that help computer systems automatically recover from unknown malicious software infections by identifying and disabling the software. Our work departs from previous malware analysis because it employs strict post-infection analysis matching real-world environments: it assumes that security monitoring does not exist during the critical malware installation time and identifies potentially malicious software infecting a system given only observations of the infected system's execution. This paper reports on our progress attributing undesirable network behavior to malicious code and highlights upcoming research challenges we expect to face as we begin to automatically excise that code from infected systems.