@inproceedings{gui2025principled,title={A Principled Approach for Detecting APTs in Massive Networks via Multi-Stage Causal Analytics},author={Gui, Jiaping and Nie, Mingjie and Guo, Jinyao and Zou, Futai and Rehman, Mati Ur and Hassan, Wajih Ul},booktitle={IEEE INFOCOM},year={2025},}
USENIX Security
Principled and Automated Approach for Investigating AR/VR Attacks
@inproceedings{realitycheck,title={Principled and Automated Approach for Investigating AR/VR Attacks},author={Shoaib, Muhammad and Suh, Alex and Hassan, Wajih Ul},year={2025},booktitle={USENIX Security Symposium},}
2024
Oakland
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Mati Ur Rehman, Hadi Ahmadi, and Wajih Ul Hassan
In IEEE Symposium on Security and Privacy (S&P), 2024
@inproceedings{flash2024,title={FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning},author={Rehman, Mati Ur and Ahmadi, Hadi and Hassan, Wajih Ul},booktitle={IEEE Symposium on Security and Privacy (S\&P)},year={2024},}
arXiv
Accurate and Scalable Detection and Investigation of Cyber Persistence Threats
Qi Liu, Muhammad Shoaib, Mati Ur Rehman, Kaibin Bao, Veit Hagenmeyer, and Wajih Ul Hassan
@article{liu2024accurate,title={Accurate and Scalable Detection and Investigation of Cyber Persistence Threats},author={Liu, Qi and Shoaib, Muhammad and Rehman, Mati Ur and Bao, Kaibin and Hagenmeyer, Veit and Hassan, Wajih Ul},journal={arXiv preprint arXiv:2407.18832},year={2024},}
arXiv
HADES: Detecting Active Directory Attacks via Whole Network Provenance Analytics
Qi Liu, Kaibin Bao, Wajih Ul Hassan, and Veit Hagenmeyer
@article{liu2024hades,title={HADES: Detecting Active Directory Attacks via Whole Network Provenance Analytics},author={Liu, Qi and Bao, Kaibin and Hassan, Wajih Ul and Hagenmeyer, Veit},journal={arXiv preprint arXiv:2407.18858},year={2024},}
2023
Oakland
SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions
Muhammad Adil Inam, Yinfang Chen, Akul Goyal, Jason Liu, Jaron Mink, Noor Michael, Sneha Gaur, Adam Bates, and 1 more author
In IEEE Symposium on Security and Privacy (S&P), 2023
@inproceedings{inam2022sok,title={SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions},author={Inam, Muhammad Adil and Chen, Yinfang and Goyal, Akul and Liu, Jason and Mink, Jaron and Michael, Noor and Gaur, Sneha and Bates, Adam and Hassan, Wajih Ul},booktitle={IEEE Symposium on Security and Privacy (S\&P)},year={2023},}
2022
NDSS
Forensic Analysis of Configuration-based Attacks
Muhammad Adil Inam, Wajih Ul Hassan, Ali Ahad, Adam Bates, Rashid Tahir, Tianyin Xu, and Fareed Zaffar
In Symposium on Network and Distributed System Security (NDSS), 2022
@inproceedings{dossier,title={Forensic Analysis of Configuration-based Attacks},author={Inam, Muhammad Adil and Hassan, Wajih Ul and Ahad, Ali and Bates, Adam and Tahir, Rashid and Xu, Tianyin and Zaffar, Fareed},year={2022},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
ACSAC
FAuST: Striking a Bargain between Forensic Auditing’s Security and Throughput
Muhammad Adil Inam, Akul Goyal, Jason Liu, Jaron Mink, Noor Michael, Sneha Gaur, Adam Bates, and Wajih Ul Hassan
In Annual Computer Security Applications Conference (ACSAC), 2022
@inproceedings{inam2022faust,title={FAuST: Striking a Bargain between Forensic Auditing's Security and Throughput},author={Inam, Muhammad Adil and Goyal, Akul and Liu, Jason and Mink, Jaron and Michael, Noor and Gaur, Sneha and Bates, Adam and Hassan, Wajih Ul},booktitle={Annual Computer Security Applications Conference (ACSAC)},year={2022},}
2021
CCS
Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks
Carter Yagemann, Mohammad Noureddine, Wajih Ul Hassan, Simon Chung, Adam Bates, and Wenke Lee
In ACM Conference on Computer and Communications Security (CCS), 2021
@inproceedings{yagemann2021validating,title={Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks},author={Yagemann, Carter and Noureddine, Mohammad and Hassan, Wajih Ul and Chung, Simon and Bates, Adam and Lee, Wenke},year={2021},booktitle={ACM Conference on Computer and Communications Security (CCS)},}
2020
NDSS
You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, and 3 more authors
In Symposium on Network and Distributed System Security (NDSS), 2020
@inproceedings{provdetector2020,title={You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.},author={Wang, Qi and Hassan, Wajih Ul and Li, Ding and Jee, Kangkook and Yu, Xiao and Zou, Kexuan and Rhee, Junghwan and Chen, Zhengzhang and Cheng, Wei and Gunter, Carl A and others},year={2020},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
Oakland
Tactical Provenance Analysis for Endpoint Detection and Response Systems
Wajih Ul Hassan, Adam Bates, and Daniel Marino
In IEEE Symposium on Security and Privacy (S&P), 2020
@inproceedings{rapsheet2020,title={Tactical Provenance Analysis for Endpoint Detection and Response Systems},author={Hassan, Wajih Ul and Bates, Adam and Marino, Daniel},year={2020},booktitle={IEEE Symposium on Security and Privacy (S\&P)},}
NDSS
OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
Wajih Ul Hassan, Mohammad A Noureddine, Pubali Datta, and Adam Bates
In Symposium on Network and Distributed System Security (NDSS), 2020
@inproceedings{omegalog2020,title={{OmegaLog}: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis},author={Hassan, Wajih Ul and Noureddine, Mohammad A and Datta, Pubali and Bates, Adam},year={2020},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
ACSAC
This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage
Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Dawei Wang, Zhengzhang Chen, Zhichun Li, and 3 more authors
In Annual Computer Security Applications Conference (ACSAC), 2020
@inproceedings{swift2020,title={This is Why We Can't Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage},author={Hassan, Wajih Ul and Li, Ding and Jee, Kangkook and Yu, Xiao and Zou, Kexuan and Wang, Dawei and Chen, Zhengzhang and Li, Zhichun and Rhee, Junghwan and Gui, Jiaping and others},year={2020},booktitle={Annual Computer Security Applications Conference (ACSAC)},}
ACSAC
On the Forensic Validity of Approximated Audit Logs
Noor Michael, Jaron Mink, Jason Liu, Sneha Gaur, Wajih Ul Hassan, and Adam Bates
In Annual Computer Security Applications Conference (ACSAC), 2020
@inproceedings{approx,title={On the Forensic Validity of Approximated Audit Logs},author={Michael, Noor and Mink, Jaron and Liu, Jason and Gaur, Sneha and Hassan, Wajih Ul and Bates, Adam},year={2020},booktitle={Annual Computer Security Applications Conference (ACSAC)},}
NDSS
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave Tian
In Symposium on Network and Distributed System Security (NDSS), 2020
@inproceedings{custos,title={{Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution}},author={Paccagnella, Riccardo and Datta, Pubali and Hassan, Wajih Ul and Bates, Adam and Fletcher, Christopher W. and Miller, Andrew and Tian, Dave},year={2020},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
2019
Oakland
Can data provenance put an end to the data breach?
Adam Bates, and Wajih Ul Hassan
IEEE Symposium on Security and Privacy (S&P), 2019
@article{magazine2019,title={Can data provenance put an end to the data breach?},author={Bates, Adam and Hassan, Wajih Ul},year={2019},journal={IEEE Symposium on Security and Privacy (S\&P)},volume={17},}
NDSS
NoDoze: Combatting threat alert fatigue with automated provenance triage
Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates
In Symposium on Network and Distributed System Security (NDSS), 2019
@inproceedings{nodoze2019,title={{NoDoze}: Combatting threat alert fatigue with automated provenance triage},author={Hassan, Wajih Ul and Guo, Shengjian and Li, Ding and Chen, Zhengzhang and Jee, Kangkook and Li, Zhichun and Bates, Adam},year={2019},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
ASE
How effective are existing Java API specifications for finding bugs during runtime verification?
Owolabi Legunsen, Nader Al Awar, Xinyue Xu, Wajih Ul Hassan, Grigore Roşu, and Darko Marinov
@article{legunsen2019effective,title={How effective are existing Java API specifications for finding bugs during runtime verification?},author={Legunsen, Owolabi and Al Awar, Nader and Xu, Xinyue and Hassan, Wajih Ul and Ro{\c{s}}u, Grigore and Marinov, Darko},journal={Automated Software Engineering},volume={26},number={4},pages={795--837},year={2019},publisher={Springer},}
2018
NDSS
Towards scalable cluster auditing through grammatical inference over provenance graphs
Wajih Ul Hassan, Mark Lemay, Nuraini Aguse, Adam Bates, and Thomas Moyer
In Symposium on Network and Distributed System Security (NDSS), 2018
@inproceedings{winnower2018,title={Towards scalable cluster auditing through grammatical inference over provenance graphs},author={Hassan, Wajih Ul and Lemay, Mark and Aguse, Nuraini and Bates, Adam and Moyer, Thomas},year={2018},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
NDSS
Fear and Logging in the Internet of Things
Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter
In Symposium on Network and Distributed System Security (NDSS), 2018
@inproceedings{provthings2018,title={Fear and Logging in the Internet of Things},author={Wang, Qi and Hassan, Wajih Ul and Bates, Adam and Gunter, Carl},year={2018},booktitle={Symposium on Network and Distributed System Security (NDSS)},}
USENIX Security
Analysis of privacy protections in fitness tracking social networks-or-you can run, but can you hide?
@inproceedings{hassan2018analysis,title={Analysis of privacy protections in fitness tracking social networks-or-you can run, but can you hide?},author={Hassan, Wajih Ul and Hussain, Saad and Bates, Adam},booktitle={USENIX Security Symposium},pages={497--512},year={2018},}
2017
TaPP
Automated provenance analytics: A regular grammar based approach with applications in security
Mark Lemay, Wajih Ul Hassan, Thomas Moyer, Nabil Schear, and Warren Smith
In 9th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2017), 2017
@inproceedings{lemay2017automated,title={Automated provenance analytics: A regular grammar based approach with applications in security},author={Lemay, Mark and Hassan, Wajih Ul and Moyer, Thomas and Schear, Nabil and Smith, Warren},booktitle={9th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2017)},year={2017},}
WWW
Transparent web service auditing via network provenance functions
Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear
In International World Wide Web Conference (WWW), 2017
@inproceedings{bates2017transparent,title={Transparent web service auditing via network provenance functions},author={Bates, Adam and Hassan, Wajih Ul and Butler, Kevin and Dobra, Alin and Reaves, Bradley and Cable, Patrick and Moyer, Thomas and Schear, Nabil},year={2017},booktitle={International World Wide Web Conference (WWW)},}
ATC
Don’t cry over spilled records: Memory elasticity of data-parallel applications and its application to cluster scheduling
Calin Iorgulescu, Florin Dinu, Aunn Raza, Wajih Ul Hassan, and Willy Zwaenepoel
@inproceedings{iorgulescu2017don,title={Don't cry over spilled records: Memory elasticity of data-parallel applications and its application to cluster scheduling},author={Iorgulescu, Calin and Dinu, Florin and Raza, Aunn and Hassan, Wajih Ul and Zwaenepoel, Willy},year={2017},booktitle={USENIX Annual Technical Conference (ATC)},}
2016
ASE
How good are the specs? A study of the bug-finding effectiveness of existing Java API specifications
Owolabi Legunsen, Wajih Ul Hassan, Xinyue Xu, Grigore Roşu, and Darko Marinov
In IEEE/ACM International Conference on Automated Software Engineering (ASE), 2016
@inproceedings{legunsen2016good,title={How good are the specs? A study of the bug-finding effectiveness of existing Java API specifications},author={Legunsen, Owolabi and Hassan, Wajih Ul and Xu, Xinyue and Ro{\c{s}}u, Grigore and Marinov, Darko},booktitle={IEEE/ACM International Conference on Automated Software Engineering (ASE)},pages={602--613},year={2016},}