CLUE : S3 Lab - Software & Systems Security Laboratory

CLUE

The CLUE project develops an infrastructure to detect and diagnose system anomalies in enterprise and cloud systems. These anomalies include stealthy malware and other types of hidden system anomalies. CLUE provides a diverse set of tools to find and understand such anomalies with minimal disruption to the target system.

Recent News

Oct. 21, 2020: FMS conference talk at DIMVA 2021
Apr. 20, 2021: FMS paper is accepted to DIMVA 2021

Available Work

FMS: an enterprise analysis tool to find outdated programs and computers (paper)
PDNS: a malware detection agent based on program DNS behaviors (paper)
TBQL: a domain-specific language for system-behavioral queries (stream-processing paper, progressive-processing paper)
IntroSec: a low-overhead security audit logging tool for Windows (paper)
PerfGuard: a binary instrumentation tool for self-triggered performance diagnosis (paper)
IntroPerf: a performance diagnosis tool using system event logs (paper)

Acknowledgments

This project is supported in part by Sandia National Laboratories.

current people

Chung Hwan Kim
Faculty

Minkyung Park
Post-doctoral associate

Mary Grace Dhooghe
PhD student

alumni

Swathi Kote
Nokia

Shiven Pandya
Dell Technologies

publications

Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update Races
Omid Setayeshfar, Junghwan Rhee, Chung Hwan Kim, and Kyu Hyung Lee
In DIMVA 2021 [ pdf :: slides :: bibtex ]

Detecting Malware Injection with Program-DNS Behavior
Yixin Sun, Kangkook Jee, Suphannee Sivakorn, Zhichun Li, Cristian Lumezanu, Lauri Korts-Pärn, Zhenyu Wu, Junghwan Rhee, Chung Hwan Kim, Mung Chiang, and Prateek Mittal
In EuroS&P 2020 [ pdf :: bibtex ]

Progressive Processing of System Behavioral Query
Jiaping Gui, Xusheng Xiao, Ding Li, Chung Hwan Kim, and Haifeng Chen
In ACSAC 2019 [ pdf :: slides :: bibtex ]

SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal
In USENIX Security 2018 (award paper) [ pdf :: slides :: bibtex ]

PerfGuard: Binary-Centric Application Performance Monitoring in Production Environments
Chung Hwan Kim, Junghwan Rhee, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu
In FSE 2016 [ pdf :: slides :: bibtex ]

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows
Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu
In ACSAC 2015 [ pdf :: slides :: bibtex ]

IntroPerf: Transparent Context-Sensitive Multi-Layer Performance Inference using System Stack Traces
Chung Hwan Kim, Junghwan Rhee, Hui Zhang, Nipun Arora, Guofei Jiang, Xiangyu Zhang, and Dongyan Xu
In SIGMETRICS 2014 [ pdf :: slides :: bibtex ]