Provenance-based intrusion detection systems: A survey
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
A survey of adversarial attack and defense methods for malware classification in cyber security
Malware poses a severe threat to cyber security. Attackers use malware to achieve their
malicious purposes, such as unauthorized access, stealing confidential data, blackmailing …
malicious purposes, such as unauthorized access, stealing confidential data, blackmailing …
“real attackers don't compute gradients”: bridging the gap between adversarial ml research and practice
Recent years have seen a proliferation of research on adversarial machine learning.
Numerous papers demonstrate powerful algorithmic attacks against a wide variety of …
Numerous papers demonstrate powerful algorithmic attacks against a wide variety of …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
Kairos: Practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
{AIRTAG}: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts
The success of deep learning (DL) techniques has led to their adoption in many fields,
including attack investigation, which aims to recover the whole attack story from logged …
including attack investigation, which aims to recover the whole attack story from logged …
{MAGIC}: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Z Jia, Y Xiong, Y Nan, Y Zhang, J Zhao… - 33rd USENIX Security …, 2024 - usenix.org
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming
increasing common and pose great threat to various enterprises and institutions. Data …
increasing common and pose great threat to various enterprises and institutions. Data …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Evading {Provenance-Based}{ML} detectors with adversarial system actions
K Mukherjee, J Wiedemeier, T Wang, J Wei… - 32nd USENIX Security …, 2023 - usenix.org
We present PROVNINJA, a framework designed to generate adversarial attacks that aim to
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
" Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences
D Olszewski, A Lu, C Stillman, K Warren… - Proceedings of the …, 2023 - dl.acm.org
Reproducibility is crucial to the advancement of science; it strengthens confidence in
seemingly contradictory results and expands the boundaries of known discoveries …
seemingly contradictory results and expands the boundaries of known discoveries …