cv
Education
Publications
-
2024.07.01 Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments
ACM AsiaCCS 2024
We thoroughly analyzed MITRE evaluation results to gain further insights into real-world EDR systems under test. Specifically, we designed a whole-graph analysis method, which utilizes additional control flow and data flow information to measure the performance of EDR systems. Besides, we analyze MITRE evaluation's results over multiple years from various aspects, including detection coverage, detection confidence, detection modifier, data source, compatibility, etc.
Interests
| APT detection | |
| End-point Detection and Response | |
| Intrusion Detection System |
| Security measurement | |
| MITRE evalaution | |
| Pentesting | |
| Attack reconstruction |