GView:安全研究人员的多功能助手

IF 2.4 4区 计算机科学 Q2 COMPUTER SCIENCE, SOFTWARE ENGINEERING
Raul Zaharia , Dragoş Gavriluţ , Gheorghiţă Mutu , Dorel Lucanu
{"title":"GView:安全研究人员的多功能助手","authors":"Raul Zaharia ,&nbsp;Dragoş Gavriluţ ,&nbsp;Gheorghiţă Mutu ,&nbsp;Dorel Lucanu","doi":"10.1016/j.softx.2024.101940","DOIUrl":null,"url":null,"abstract":"<div><div>We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using <em>automatic artifact identification, extraction, inference<!--> <em>&amp;</em> <!-->coherent correlation, and meaningful<!--> <em>&amp;</em> <!-->intuitive views at different levels of granularity</em> w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics.</div></div>","PeriodicalId":21905,"journal":{"name":"SoftwareX","volume":"28 ","pages":"Article 101940"},"PeriodicalIF":2.4000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"GView: A versatile assistant for security researchers\",\"authors\":\"Raul Zaharia ,&nbsp;Dragoş Gavriluţ ,&nbsp;Gheorghiţă Mutu ,&nbsp;Dorel Lucanu\",\"doi\":\"10.1016/j.softx.2024.101940\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using <em>automatic artifact identification, extraction, inference<!--> <em>&amp;</em> <!-->coherent correlation, and meaningful<!--> <em>&amp;</em> <!-->intuitive views at different levels of granularity</em> w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics.</div></div>\",\"PeriodicalId\":21905,\"journal\":{\"name\":\"SoftwareX\",\"volume\":\"28 \",\"pages\":\"Article 101940\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SoftwareX\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2352711024003108\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SoftwareX","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2352711024003108","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

摘要

我们提出了一种名为 GView(通用视图)的工具,该工具专为协助调查可能的攻击载体而量身定制,通过使用自动人工制品识别、提取、推理&连贯相关性和有意义&直观的视图,在不同粒度水平上对所揭示的信息进行指导性分析。GView 简化了对复杂攻击中每个有效载荷的分析,简化了安全研究人员的工作流程,提高了分析的准确性。其 "通用 "的一面源于它可容纳各种文件类型,还具有多种可视化模式(可针对每种特定文件类型自动配置)。我们的研究结果表明,与取证领域使用的传统工具相比,GView 能显著缩短攻击分析时间。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
GView: A versatile assistant for security researchers
We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using automatic artifact identification, extraction, inference & coherent correlation, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
SoftwareX
SoftwareX COMPUTER SCIENCE, SOFTWARE ENGINEERING-
CiteScore
5.50
自引率
2.90%
发文量
184
审稿时长
9 weeks
期刊介绍: SoftwareX aims to acknowledge the impact of software on today''s research practice, and on new scientific discoveries in almost all research domains. SoftwareX also aims to stress the importance of the software developers who are, in part, responsible for this impact. To this end, SoftwareX aims to support publication of research software in such a way that: The software is given a stamp of scientific relevance, and provided with a peer-reviewed recognition of scientific impact; The software developers are given the credits they deserve; The software is citable, allowing traditional metrics of scientific excellence to apply; The academic career paths of software developers are supported rather than hindered; The software is publicly available for inspection, validation, and re-use. Above all, SoftwareX aims to inform researchers about software applications, tools and libraries with a (proven) potential to impact the process of scientific discovery in various domains. The journal is multidisciplinary and accepts submissions from within and across subject domains such as those represented within the broad thematic areas below: Mathematical and Physical Sciences; Environmental Sciences; Medical and Biological Sciences; Humanities, Arts and Social Sciences. Originating from these broad thematic areas, the journal also welcomes submissions of software that works in cross cutting thematic areas, such as citizen science, cybersecurity, digital economy, energy, global resource stewardship, health and wellbeing, etcetera. SoftwareX specifically aims to accept submissions representing domain-independent software that may impact more than one research domain.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信