autoMPI: Automated Multiple Perspective Attack Investigation With Semantics Aware Execution Partitioning

Mohannad Alhanahnah, Shiqing Ma, Ashish Gehani, Gabriela F. Ciocarlie, Vinod Yegneswaran, Somesh Jha, Xiangyu Zhang

Research output: Contribution to journalArticlepeer-review


Multiple Perspective attack Investigation (MPI) is a technique to partition application dependencies based on high-level semantics. It facilitates provenance analysis by generating succinct causal graphs. It involves an annotation process that identifies variables and data structures corresponding to the partitions and the communication channels between them. Though the amount of annotation is small, this process requires a detailed understanding of the source code. In this work, autoMPI, we extend the capability of MPI by automating the identifying annotation requirements. We leverage a hybrid analysis approach, performing a differential analysis based on crafted inputs. Static analysis is conducted to identify the annotation sites within the application code afterward automatically. Our evaluation shows the proposed approach can significantly facilitate the annotation process. It correctly identifies all required annotation sites within an average 16 seconds analysis time for the majority of analyzed programs with average precision and recall 72.5% and 100%, respectively.

Original languageEnglish (US)
Pages (from-to)2761-2775
Number of pages15
JournalIEEE Transactions on Software Engineering
Issue number4
StatePublished - Apr 1 2023

All Science Journal Classification (ASJC) codes

  • Software


  • Annotation
  • dynamic analysis
  • provenance
  • static analysis


Dive into the research topics of 'autoMPI: Automated Multiple Perspective Attack Investigation With Semantics Aware Execution Partitioning'. Together they form a unique fingerprint.

Cite this