Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows

Created2022-04-15|Updated2023-09-27|papersabstract

|Post Views:

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows abstract。

解决的问题

传统审计日志缺乏准确率，并且需要大量计算和分析二进制命令。
因此提出一种基于 Windows 的日志审计技术来提高准确率和降低计算消耗。

main contribution

基于 ETW 的新型无工具审计日志记录技术，可以自动识别其迭代表示自动执行单元的事件循环
基于单元的准确的因果推理，可以进行有效地数据去冗余

具体实现

基本溯源图和本文生成的精简溯源图表示：

arch

方法总体架构图下：

arch

Author: odymit

Link: http://odymit.github.io/2022/04/15/Accurate-Low-Cost-and-Instrumentation-Free-Security-Audit-Logging-for-Windows/

Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Related Articles

CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

High Accuracy Attack Provenance via Binary-based Execution Partition

MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation

MPI: Multiple Perspective Attack Investigation with Semantics Aware Execution Partitioning

OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis

Loading the Database