GView: A versatile assistant for security researchers

IF 2.4 4区计算机科学 Q2 COMPUTER SCIENCE, SOFTWARE ENGINEERING

SoftwareX Pub Date : 2024-10-30 DOI:10.1016/j.softx.2024.101940

Raul Zaharia , Dragoş Gavriluţ , Gheorghiţă Mutu , Dorel Lucanu

引用次数: 0

Abstract

We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using automatic artifact identification, extraction, inference & coherent correlation, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics.

查看原文本刊更多论文

GView：安全研究人员的多功能助手

我们提出了一种名为 GView（通用视图）的工具，该工具专为协助调查可能的攻击载体而量身定制，通过使用自动人工制品识别、提取、推理&连贯相关性和有意义&直观的视图，在不同粒度水平上对所揭示的信息进行指导性分析。GView 简化了对复杂攻击中每个有效载荷的分析，简化了安全研究人员的工作流程，提高了分析的准确性。其 "通用 "的一面源于它可容纳各种文件类型，还具有多种可视化模式（可针对每种特定文件类型自动配置）。我们的研究结果表明，与取证领域使用的传统工具相比，GView 能显著缩短攻击分析时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SoftwareX COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

5.50

自引率

2.90%

发文量

184

审稿时长

9 weeks

期刊介绍： SoftwareX aims to acknowledge the impact of software on today''s research practice, and on new scientific discoveries in almost all research domains. SoftwareX also aims to stress the importance of the software developers who are, in part, responsible for this impact. To this end, SoftwareX aims to support publication of research software in such a way that: The software is given a stamp of scientific relevance, and provided with a peer-reviewed recognition of scientific impact; The software developers are given the credits they deserve; The software is citable, allowing traditional metrics of scientific excellence to apply; The academic career paths of software developers are supported rather than hindered; The software is publicly available for inspection, validation, and re-use. Above all, SoftwareX aims to inform researchers about software applications, tools and libraries with a (proven) potential to impact the process of scientific discovery in various domains. The journal is multidisciplinary and accepts submissions from within and across subject domains such as those represented within the broad thematic areas below: Mathematical and Physical Sciences; Environmental Sciences; Medical and Biological Sciences; Humanities, Arts and Social Sciences. Originating from these broad thematic areas, the journal also welcomes submissions of software that works in cross cutting thematic areas, such as citizen science, cybersecurity, digital economy, energy, global resource stewardship, health and wellbeing, etcetera. SoftwareX specifically aims to accept submissions representing domain-independent software that may impact more than one research domain.