Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Risk taxonomy, mitigation, and assessment benchmarks of large language model systems
Large language models (LLMs) have strong capabilities in solving diverse natural language
processing tasks. However, the safety and security issues of LLM systems have become the …
processing tasks. However, the safety and security issues of LLM systems have become the …
A survey on the evolution of fileless attacks and detection techniques
S Liu, G Peng, H Zeng, J Fu - Computers & Security, 2023 - Elsevier
Fileless attacks have gained significant prominence and have become the prevailing type of
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
Poison forensics: Traceback of data poisoning attacks in neural networks
In adversarial machine learning, new defenses against attacks on deep learning systems
are routinely broken soon after their release by more powerful attacks. In this context …
are routinely broken soon after their release by more powerful attacks. In this context …
The case for learned provenance graph storage systems
Cyberattacks are becoming more frequent and sophisticated, and investigating them
becomes more challenging. Provenance graphs are the primary data source to support …
becomes more challenging. Provenance graphs are the primary data source to support …
Beagle: Forensics of deep learning backdoor attack for better defense
Deep Learning backdoor attacks have a threat model similar to traditional cyber attacks.
Attack forensics, a critical counter-measure for traditional cyber attacks, is hence of …
Attack forensics, a critical counter-measure for traditional cyber attacks, is hence of …
[PDF][PDF] eaudit: A fast, scalable and deployable audit data collection system
Today's advanced cyber attack campaigns can often bypass all existing protections. The
primary defense against them is after-the-fact detection, followed by a forensic analysis to …
primary defense against them is after-the-fact detection, followed by a forensic analysis to …
CMD: co-analyzed iot malware detection and forensics via network and hardware domains
With the widespread use of Internet of Things (IoT) devices, malware detection has become
a hot spot for both academic and industrial communities. Existing approaches can be …
a hot spot for both academic and industrial communities. Existing approaches can be …
Palantír: Optimizing attack provenance with hardware-enhanced system observability
System auditing is the foundation of attack provenance to investigate root causes and
ramifications of cyber-attacks. However, provenance tracking on coarse-grained audit logs …
ramifications of cyber-attacks. However, provenance tracking on coarse-grained audit logs …