User profiles for "author:Wajih Ul Hassan"

Wajih Ul Hassan

Assistant Professor, University of Virginia
Verified email at virginia.edu
Cited by 1429

Tactical provenance analysis for endpoint detection and response systems

WU Hassan, A Bates, D Marino - 2020 IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …

Fear and logging in the internet of things

Q Wang, WU Hassan, A Bates, C Gunter - Network and Distributed …, 2018 - par.nsf.gov
As the Internet of Things (IoT) continues to proliferate, diagnosing incorrect behavior within
increasingly-automated homes becomes considerably more difficult. Devices and apps may …

Nodoze: Combatting threat alert fatigue with automated provenance triage

WU Hassan, S Guo, D Li, Z Chen, K Jee, Z Li… - network and distributed …, 2019 - par.nsf.gov
Large enterprises are increasingly relying on threat detection softwares (eg, Intrusion
Detection Systems) to allow them to spot suspicious activities. These softwares generate …

[PDF][PDF] You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.

Q Wang, WU Hassan, D Li, K Jee, X Yu, K Zou, J Rhee… - NDSS, 2020 - kangkookjee.io
To subvert recent advances in perimeter and host security, the attacker community has
developed and employed various attack vectors to make a malware much stealthier than …

Towards scalable cluster auditing through grammatical inference over provenance graphs

WU Hassan, L Aguse, N Aguse, A Bates… - Network and Distributed …, 2018 - par.nsf.gov
Investigating the nature of system intrusions in large distributed systems remains a
notoriously difficult challenge. While monitoring tools (eg, Firewalls, IDS) provide preliminary …

OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis

WU Hassan, MA Noureddine, P Datta… - Network and distributed …, 2020 - par.nsf.gov
Recent advances in causality analysis have enabled investigators to trace multi-stage
attacks using whole-system provenance graphs. Based on system-layer audit logs (eg …

Sok: History is a vast early warning system: Auditing the provenance of system intrusions

MA Inam, Y Chen, A Goyal, J Liu, J Mink… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …

Custos: Practical tamper-evident auditing of operating systems using trusted execution

R Paccagnella, P Datta, WU Hassan, A Bates… - Network and distributed …, 2020 - par.nsf.gov
System auditing is a central concern when investigating and responding to security
incidents. Unfortunately, attackers regularly engage in anti-forensic activities after a break-in …

How good are the specs? A study of the bug-finding effectiveness of existing Java API specifications

O Legunsen, WU Hassan, X Xu, G Roşu… - Proceedings of the 31st …, 2016 - dl.acm.org
Runtime verification can be used to find bugs early, during software development, by
monitoring test executions against formal specifications (specs). The quality of runtime …

On the forensic validity of approximated audit logs

N Michael, J Mink, J Liu, S Gaur, WU Hassan… - Proceedings of the 36th …, 2020 - dl.acm.org
Auditing is an increasingly essential tool for the defense of computing systems, but the
unwieldy nature of log data imposes significant burdens on administrators and analysts. To …