Enhancing Network Security Through Vulnerability Monitoring

Enhancing Network Security Through Vulnerability Monitoring

연구 분야: Infrastructure

학회: International Conference on Network and System Security

In modern cyberattacks, adversaries no longer focus solely on individual computer systems but instead establish an initial foothold within a company’s network, advancing through compromised assets in a process known as lateral movement. Detecting lateral movement is challenging due to diverse infection vectors, making network traffic monitoring prone to false positives and negatives. Security patches, while crucial, can create a false sense of security. To address these issues, we introduce PATCHCANARY, a framework for augmenting source patches for CVE-identified vulnerabilities, allowing precise monitoring of modified functions. We propose the idea of “patch and monitor” as a new approach to vulnerability patching, enhancing lateral movement attack detection. Evaluation on 108 CVEs across 75 real-world programs demonstrates PATCHCANARY’s capability to automatically augment source patches for 95.9% of CVE-triggering paths while incurring a minimal 712 ms compile-time overhead, on average.