Login

Wenrui Cheng

ORCID: 0000-0003-1690-164X
Publications
Citations
Views
---
Saved
---
About
Contact & Profiles
A5060735807
Research Areas
  • Advanced Malware Detection Techniques
  • Network Security and Intrusion Detection
  • Information and Cyber Security
  • Scientific Computing and Data Management
  • Semantic Web and Ontologies
  • Distributed and Parallel Computing Systems
  • Anomaly Detection Techniques and Applications
  • Cybercrime and Law Enforcement Studies
  • Terrorism, Counterterrorism, and Political Violence
  • Security and Verification in Computing

Zhejiang University of Technology
 2023-2025

 APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts
OPENALEX - Publications 
Tiantian Zhu Jinkai Yu Chunlin Xiong Wenrui Cheng Qixuan Yuan and 7 more Jie Ying Tieming Chen Jiabo Zhang Mingqi Lv Yan Chen Ting Wang Yuan Fan

Advanced Persistent Threat (APT) attacks have caused massive financial loss worldwide. Researchers thereby proposed a series of solutions to detect APT attacks, such as dynamic/static code analysis, traffic detection, sandbox technology, endpoint detection and response (EDR), etc. However, existing defenses are failed accurately effectively defend against the current that exhibit strong persistent, stealthy, diverse dynamic characteristics due weak data source integrity, large processing...

10.1109/tdsc.2023.3243667 article EN IEEE Transactions on Dependable and Secure Computing 2023-02-09
 TAGAPT: Towards Automatic Generation of APT Samples with Provenance-level Granularity
OPENALEX - Publications 
Wenrui Cheng Qixuan Yuan Tiantian Zhu Tieming Chen Jie Ying and 5 more Aohan Zheng Mingjun Ma Chunlin Xiong Mingqi Lv Yan Chen

10.1109/tifs.2025.3557742 article EN IEEE Transactions on Information Forensics and Security 2025-01-01
 System-level data management for endpoint advanced persistent threat detection: Issues, challenges and trends
OPENALEX - Publications 
Tieming Chen Chenbin Zheng Tiantian Zhu Chunlin Xiong Jie Ying and 3 more Qixuan Yuan Wenrui Cheng Mingqi Lv

10.1016/j.cose.2023.103485 article EN Computers & Security 2023-09-21
 SPARSE: Semantic Tracking and Path Analysis for Attack Investigation in Real-time
OPENALEX - Publications 
Jie Ying Tiantian Zhu Wenrui Cheng Qixuan Yuan Mingjun Ma and 4 more Chunlin Xiong Tieming Chen Mingqi Lv Yan Chen

As the complexity and destructiveness of Advanced Persistent Threat (APT) increase, there is a growing tendency to identify series actions undertaken achieve attacker's target, called attack investigation. Currently, analysts construct provenance graph perform causality analysis on Point-Of-Interest (POI) event for capturing critical events (related attack). However, due vast size rarity events, existing investigation methods suffer from problems high false positives, overhead, latency. To...

10.48550/arxiv.2405.02629 preprint EN arXiv (Cornell University) 2024-05-04
 Nip in the Bud: Forecasting and Interpreting Post-exploitation Attacks in Real-time through Cyber Threat Intelligence Reports
OPENALEX - Publications 
Tiantian Zhu Jie Ying Tieming Chen Chunlin Xiong Wenrui Cheng and 4 more Qixuan Yuan Aohan Zheng Mingqi Lv Yan Chen

10.1109/tdsc.2024.3444781 article EN IEEE Transactions on Dependable and Secure Computing 2024-01-01
 Nip in the Bud: Forecasting and Interpreting Post-exploitation Attacks in Real-time through Cyber Threat Intelligence Reports
OPENALEX - Publications 
Tiantian Zhu Jie Ying Tieming Chen Chunlin Xiong Wenrui Cheng and 4 more Qixuan Yuan Aohan Zheng Mingqi Lv Yan Chen

Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false positives. In order not affect normal operations, analysts need investigate filter detection results before taking countermeasures, in which heavy manual labor alarm fatigue cause miss optimal response time, thereby leading information leakage destruction....

10.48550/arxiv.2405.02826 preprint EN arXiv (Cornell University) 2024-05-05
 CRUcialG: Reconstruct Integrated Attack Scenario Graphs by Cyber Threat Intelligence Reports
OPENALEX - Publications 
Wenrui Cheng Tiantian Zhu Tieming Chen Qixuan Yuan Jie Ying and 5 more Hongmei Li Chunlin Xiong Mingda Li Mingqi Lv Yan Chen

Cyber Threat Intelligence (CTI) reports are factual records compiled by security analysts through their observations of threat events or own practical experience with attacks. In order to utilize CTI for attack detection, existing methods have attempted map the content onto system-level provenance graphs clearly depict procedures. However, studies on constructing from suffer problems such as weak natural language processing (NLP) capabilities, discrete and fragmented graphs, insufficient...

10.48550/arxiv.2410.11209 preprint EN arXiv (Cornell University) 2024-10-14
Coming Soon ...