689123
event
1774210422
1774210518
<![CDATA[Ph.D. Dissertation Defense - Mingxuan Yao]]>
Title: From Evidence to Remediation: Automated Forensic Pipelines for Proactive Cyberthreats InterventionCommittee:
Dr. Brendan Saltaformaggio, ECE, Chair, Advisor
Dr. Frank Li, ECE
Dr. Saman Zonouz, ECE
Dr. Christopher Kruegel, UCSB
Dr. Giovanni Vigna, UCSB
]]>
-
-
Traditional cyber forensics is reactive: investigators collect evidence after an incident, address a single case, and leave adversaries free to redeploy. This dissertation introduces the evidence-to-remediation paradigm, a proactive forensic science that extracts comprehensive evidence from a single reported incident and generates remediation strategies that scale across entire platforms. I demonstrate this paradigm through three systems. MARSEA conducts the first large-scale study of malware abusing web applications as command-and-control infrastructure; deployed on 10,000 samples, it revealed 893 malware in 97 families abusing 29 web applications and enabled the takedown of 50% of malicious content. VADER targets Dead Drop Resolver malware that encodes C&C addresses as manipulated payloads on benign platforms; by extracting de-manipulation recipes from binaries, it enables providers to proactively scan for unknown dead drops, uncovering 57.1% additional dead drops across 100,000 samples and achieving 94.4% removal. COCO generalizes the paradigm to blockchain fraud, tracing entire campaigns from a single report; applied to 157 fraud contracts, it uncovered over 1.28 million associated contracts linked to 91 Deceptive Creator Wallets responsible for around $2.09 billion in illicit profits, leading to collaboration with the U.S. FBI and Etherscan. Together, these systems establish a generalizable framework that shifts cyber forensics from reactive investigation to automated, evidence-driven intervention at ecosystem scale.]]>
-
-
-
-
-
-
-
-
<![CDATA[]]>
-
-
-
https://gatech.zoom.us/my/mingxuanyao
- 434381
-
1788
-
100811
-
1808