CLUE : S3 Lab - Software & Systems Security Laboratory

CLUE

The CLUE project develops an infrastructure to detect and diagnose system anomalies in enterprise systems. These anomalies include stealthy malware and other types of hidden system anomalies. CLUE provides a diverse set of tools to find and understand such anomalies with minimal disruption to the target system.

publications

2020

Detecting Malware Injection with Program-DNS Behavior
Yixin Sun, Kangkook Jee, Suphannee Sivakorn, Zhichun Li, Cristian Lumezanu, Lauri Korts-Pärn, Zhenyu Wu, John Junghwan Rhee, Chung Hwan Kim, Mung Chiang, and Prateek Mittal
In EuroS&P 2020 [ pdf :: bibtex ]

2019

Progressive Processing of System Behavioral Query
Jiaping Gui, Xusheng Xiao, Ding Li, Chung Hwan Kim, and Haifeng Chen
In ACSAC 2019 [ pdf :: slides :: bibtex ]

PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications
Yuseok Jeon, John Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathias Payer, Byungyoung Lee, and Zhenyu Wu
In CODASPY 2019 [ pdf :: slides :: bibtex ]

2018

SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal
In Security 2018 (award paper) [ pdf :: slides :: bibtex ]

2016

PerfGuard: Binary-Centric Application Performance Monitoring in Production Environments
Chung Hwan Kim, John Junghwan Rhee, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu
In FSE 2016 [ pdf :: slides :: bibtex ]

2015

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows
Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, John Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu
In ACSAC 2015 [ pdf :: slides :: bibtex ]

2014

IntroPerf: Transparent Context-Sensitive Multi-Layer Performance Inference using System Stack Traces
Chung Hwan Kim, John Junghwan Rhee, Hui Zhang, Nipun Arora, Guofei Jiang, Xiangyu Zhang, and Dongyan Xu
In SIGMETRICS 2014 [ pdf :: slides :: bibtex ]