Unicorn: Runtime provenance-based detector for advanced persistent threats

X Han, T Pasquier, A Bates, J Mickens… - arXiv preprint arXiv …, 2020 - arxiv.org
Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …

To petabytes and beyond: recent advances in probabilistic and signal processing algorithms and their application to metagenomics

RAL Elworth, Q Wang, PK Kota… - Nucleic acids …, 2020 - academic.oup.com
As computational biologists continue to be inundated by ever increasing amounts of
metagenomic data, the need for data analysis approaches that keep up with the pace of …

Sok: History is a vast early warning system: Auditing the provenance of system intrusions

MA Inam, Y Chen, A Goyal, J Liu, J Mink… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …

When the levee breaks: a practical guide to sketching algorithms for processing the flood of genomic data

WPM Rowe - Genome biology, 2019 - Springer
Considerable advances in genomics over the past decade have resulted in vast amounts of
data being generated and deposited in global archives. The growth of these archives …

{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding

F Yang, J Xu, C Xiong, Z Li, K Zhang - 32nd USENIX Security …, 2023 - usenix.org
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …

Sometimes, you aren't what you do: Mimicry attacks against provenance graph host intrusion detection systems

A Goyal, X Han, G Wang, A Bates - 30th Network and Distributed System …, 2023 - par.nsf.gov
Reliable methods for host-layer intrusion detection remained an open problem within
computer security. Recent research has recast intrusion detection as a provenance graph …

Nodesketch: Highly-efficient graph embeddings via recursive sketching

D Yang, P Rosso, B Li, P Cudre-Mauroux - Proceedings of the 25th ACM …, 2019 - dl.acm.org
Embeddings have become a key paradigm to learn graph representations and facilitate
downstream graph analysis tasks. Existing graph embedding techniques either sample a …

Drifted Twitter spam classification using multiscale detection test on KL divergence

X Wang, Q Kang, J An, M Zhou - IEEE Access, 2019 - ieeexplore.ieee.org
Twitter spam classification is a tough challenge for social media platforms and cyber security
companies. Twitter spam with illegal links may evolve over time in order to deceive filtering …

Nodlink: An online system for fine-grained apt attack detection and investigation

S Li, F Dong, X Xiao, H Wang, F Shao, J Chen… - arXiv preprint arXiv …, 2023 - arxiv.org
Advanced Persistent Threats (APT) attacks have plagued modern enterprises, causing
significant financial losses. To counter these attacks, researchers propose techniques that …

A memory-efficient sketch method for estimating high similarities in streaming sets

P Wang, Y Qi, Y Zhang, Q Zhai, C Wang… - Proceedings of the 25th …, 2019 - dl.acm.org
Estimating set similarity and detecting highly similar sets are fundamental problems in areas
such as databases, machine learning, and information retrieval. MinHash is a well-known …