Provenance-based intrusion detection systems: A survey

M Zipperle, F Gottwalt, E Chang, T Dillon - ACM Computing Surveys, 2022 - dl.acm.org
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …

A survey of adversarial attack and defense methods for malware classification in cyber security

S Yan, J Ren, W Wang, L Sun… - … Surveys & Tutorials, 2022 - ieeexplore.ieee.org
Malware poses a severe threat to cyber security. Attackers use malware to achieve their
malicious purposes, such as unauthorized access, stealing confidential data, blackmailing …

“real attackers don't compute gradients”: bridging the gap between adversarial ml research and practice

G Apruzzese, HS Anderson, S Dambra… - … IEEE Conference on …, 2023 - ieeexplore.ieee.org
Recent years have seen a proliferation of research on adversarial machine learning.
Numerous papers demonstrate powerful algorithmic attacks against a wide variety of …

Shadewatcher: Recommendation-guided cyber threat analysis using system audit records

J Zengy, X Wang, J Liu, Y Chen, Z Liang… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …

Kairos: Practical intrusion detection and investigation using whole-system provenance

Z Cheng, Q Lv, J Liang, Y Wang, D Sun… - … IEEE Symposium on …, 2024 - ieeexplore.ieee.org
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …

{AIRTAG}: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts

H Ding, J Zhai, Y Nan, S Ma - 32nd USENIX Security Symposium …, 2023 - usenix.org
The success of deep learning (DL) techniques has led to their adoption in many fields,
including attack investigation, which aims to recover the whole attack story from logged …

{MAGIC}: Detecting Advanced Persistent Threats via Masked Graph Representation Learning

Z Jia, Y Xiong, Y Nan, Y Zhang, J Zhao… - 33rd USENIX Security …, 2024 - usenix.org
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming
increasing common and pose great threat to various enterprises and institutions. Data …

Sok: History is a vast early warning system: Auditing the provenance of system intrusions

MA Inam, Y Chen, A Goyal, J Liu, J Mink… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …

Evading {Provenance-Based}{ML} detectors with adversarial system actions

K Mukherjee, J Wiedemeier, T Wang, J Wei… - 32nd USENIX Security …, 2023 - usenix.org
We present PROVNINJA, a framework designed to generate adversarial attacks that aim to
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …

" Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences

D Olszewski, A Lu, C Stillman, K Warren… - Proceedings of the …, 2023 - dl.acm.org
Reproducibility is crucial to the advancement of science; it strengthens confidence in
seemingly contradictory results and expands the boundaries of known discoveries …