Morphence: Moving Target Defense Against Adversarial Examples
Robustness to adversarial examples of machine learning models remains an open topic of research. Attacks often succeed by repeatedly probing a fixed target model with adversarial …
Explanation-Guided Diagnosis of Machine Learning Evasion Attacks
Machine Learning (ML) models are susceptible to evasion attacks. Evasion accuracy is typically assessed using aggregate evasion rate, and it is an open question whether aggregate …
Best-Effort Adversarial Approximation of Black-Box Malware Classifiers
An adversary who aims to steal a black-box model repeatedly queries the model via a prediction API to learn a function that approximates its decision boundary. Adversarial …
Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might have compromised an enterprise network for a long time without being discovered. To …
HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
In this paper, we present a new approach for the detection of Advanced and Persistent Threats (APTs). Our approach is inspired by several case studies of real-world APTs that …
ProPatrol: Attack Investigation via Extracted High-Level Tasks
Kernel audit logs are a valuable source of information in the forensic investigation of a cyber attack. However, the coarse gran- ularity of dependency information available in …
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
Modern multi-tier web applications are composed of several dynamic features, which make their vulnerability analysis challenging from a purely static analysis perspective. We …
SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data
We present an approach and system for real-time recon- struction of attack scenarios on an enterprise host. To meet the scalability and real-time needs of the problem, we develop a …
DYNAMINER: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection
Web-borne malware continues to be a major threat on the Web. At the core of malware infection are for-crime toolkits that exploit vulnerabilities in browsers and their extensions. …
Chainsaw: Chained Automated Workflow-based Exploit Generation
We tackle the problem of automated exploit generation for web applications. In this regard, we present an approach that significantly improves the state-of-art in web injection …