Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and
concolic execution by combining both approaches. The hybrid approach has shown its …

ProTracer: towards practical provenance tracing by alternating between logging and
tainting Page 1 Please do not remove this page ProTracer: towards practical provenance …

Dynamic data flow tracking (DFT) deals with tagging and tracking data of interest as they
propagate during program execution. DFT has been repeatedly implemented by a variety of …

An important aspect of cyber attack forensics is to understand the provenance of suspicious
events, as it discloses the root cause and ramifications of cyber attacks. Traditionally, this is …

In this paper, we develop a model based causality inference technique for audit logging that
does not require any application instrumentation or kernel modification. It leverages a recent …

Dynamic binary analysis is a prevalent and indispensable technique in program analysis.
While several dynamic binary analysis tools and frameworks have been proposed, all suffer …

Dynamic binary instrumentation (DBI) techniques allow for monitoring and possibly altering
the execution of a running program up to the instruction level granularity. The ease of use …

Taint analysis has a wide variety of compelling applications in security tasks, from software
attack detection to data lifetime analysis. Static taint analysis propagates taint values …

Existing attack investigation solutions for GUI applications suffer from a few limitations such
as inaccuracy (because of the dependence explosion problem), requiring instrumentation …

Audit logging is an important approach to cyber attack investigation. However, traditional
audit logging either lacks accuracy or requires expensive and complex binary …