1

Sometimes Simpler is Better: A Comprehensive Analysis of State-of-the-Art Provenance-Based Intrusion Detection Systems
Provenance-based intrusion detection systems (PIDSs) have garnered significant attention from the research community over the past …
T Bilot, B Jiang, Z Li, N El Madhoun, K Al Agha, A Zouaoui, S Iqbal, X Han, T Pasquier
PDF Cite Project
Sometimes Simpler is Better: A Comprehensive Analysis of State-of-the-Art Provenance-Based Intrusion Detection Systems
ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems
Past success in applying machine learning to data provenance graphs – a structured representation of the history of operating …
B Jiang, T Bilot, N El Madhoun, K Al Agha, A Zouaoui, S Iqbal, X Han, T Pasquier
PDF Cite Project
ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems
SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel Extensions
The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud …
SY Lim, T Prasad, X Han, T Pasquier
PDF Cite Project
SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel Extensions
FetchBPF: Customizable Prefetching Policies in Linux with eBPF
Monolithic operating systems are infamously complex. Linux in particular has a tendency to intermingle policy and mechanisms in a …
X Cao, S Patel , SY Lim, X Han, T Pasquier
PDF Cite Project
FetchBPF: Customizable Prefetching Policies in Linux with eBPF
Computational Experiment Comprehension using Provenance Summarization
Scientists use complex multistep workflows to analyze data. However, reproducing computational experiments is often difficult as …
N Boufford, J Wonsil, A Pocock, J Sullivan, M Seltzer, T Pasquier
PDF Cite
Computational Experiment Comprehension using Provenance Summarization
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of a system’s execution. Recent studies have explored a …
Z Cheng, Q Lv, J Liang, Y Wang, D Sun, T Pasquier, X Han
PDF Cite Project
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter …
SY Lim, X Han, T Pasquier
PDF Cite Project DOI
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
Secure Namespaced Kernel Audit for Containers
Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host …
SY Lim, B Stelea, X Han, T Pasquier
PDF Cite
Secure Namespaced Kernel Audit for Containers
SIGL: Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks …
X Han, X Yu, T Pasquier, D Li, J Rhee, J Mickens, M Seltzer, C Haifeng
PDF Cite
SIGL: Securing Software Installations Through Deep Graph Learning
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization
One of the key challenges for data analytics deployment is configuration tuning. The existing approaches for configuration tuning are …
A Fekry, L Carata, T Pasquier, A Rice
PDF Cite Slides
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization