Provenance-based intrusion detection systems: A survey
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
[HTML][HTML] Data provenance for cloud forensic investigations, security, challenges, solutions and future perspectives: A survey
It is extremely difficult to track down the original source of sensitive data from a variety of
sources in the cloud during transit and processing. For instance, data provenance, which …
sources in the cloud during transit and processing. For instance, data provenance, which …
{ATLAS}: A sequence-based learning approach for attack investigation
Advanced Persistent Threats (APT) involve multiple attack steps over a long period, and
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
Unicorn: Runtime provenance-based detector for advanced persistent threats
Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
Kairos: Practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
{MAGIC}: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Z Jia, Y Xiong, Y Nan, Y Zhang, J Zhao… - 33rd USENIX Security …, 2024 - usenix.org
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming
increasing common and pose great threat to various enterprises and institutions. Data …
increasing common and pose great threat to various enterprises and institutions. Data …
{AIRTAG}: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts
The success of deep learning (DL) techniques has led to their adoption in many fields,
including attack investigation, which aims to recover the whole attack story from logged …
including attack investigation, which aims to recover the whole attack story from logged …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning
Host-based threats such as Program Attack, Malware Implantation, and Advanced Persistent
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
[HTML][HTML] {Dependence-Preserving} data compaction for scalable forensic analysis
MN Hossain, J Wang, O Weisse, R Sekar… - 27th USENIX Security …, 2018 - usenix.org
USENIX Security '18 Technical Sessions | USENIX Sign In Conferences Attend Registration
Information Registration Discounts Student and Diversity Grants Venue, Hotel, and Travel …
Information Registration Discounts Student and Diversity Grants Venue, Hotel, and Travel …