Abstract
Existing attack investigation solutions for GUI applications suffer from a few limitations such as inaccuracy (because of the dependence explosion problem), requiring instrumentation, and providing very low visibility. Such limitations have hindered their widespread and practical deployment. In this paper, we present UISCOPE, a novel accurate, instrumentation-free, and visible attack investigation system for GUI applications. The core idea of UISCOPE is to perform causality analysis on both UI elements/events which represent users' perspective and low-level system events which provide detailed information of what happens under the hood, and then correlate system events with UI events to provide high accuracy and visibility. Long running processes are partitioned to individual UI transitions, to which low-level system events are attributed, making the results accurate. The produced graphs contain (causally related) UI elements with which users are very familiar, making them easily accessible. We deployed UISCOPE on 7 machines for a week, and also utilized UISCOPE to conduct an investigation of 6 real-world attacks. Our evaluation shows that compared to existing works, UISCOPE introduces neglibible overhead (less than 1% runtime overhead and 3.05 MB event logs per hour on average) while UISCOPE can precisely identify attack provenance while offering users thorough visibility into the attack context.
| Original language | English (US) |
|---|---|
| Title of host publication | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 |
| Publisher | The Internet Society |
| ISBN (Electronic) | 1891562614, 9781891562617 |
| DOIs | |
| State | Published - 2020 |
| Event | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 - San Diego, United States Duration: Feb 23 2020 → Feb 26 2020 |
Publication series
| Name | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 |
|---|
Conference
| Conference | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 |
|---|---|
| Country/Territory | United States |
| City | San Diego |
| Period | 2/23/20 → 2/26/20 |
Funding
The authors would like to thank anonymous reviewers and our shepherd, Prof. Adam Bates, for their feedback in finalizing this paper. We would also like to thank Xue Leng and Jiuyuan Wang for informative discussions on the submitted manuscript. This work is supported, in part, by NSFC under U1936215, DARPA under FA8650-15-C-7562, NSF under 1748764, 1901242 and 1910300, ONR under N000141410468 and N000141712947, and Sandia National Lab under award 1701331. Any opinions, findings, and conclusions in this paper are those of the authors only and do not necessarily reflect the views of our sponsors.
ASJC Scopus subject areas
- Computer Networks and Communications
- Control and Systems Engineering
- Safety, Risk, Reliability and Quality