TREC: APT Tactic/Technique Recognition via Few-Shot Provenance Subgraph Learning
M Lv, HZ Gao, X Qiu, T Chen, T Zhu, J Chen… - Proceedings of the 2024 …, 2024 - dl.acm.org
APT (Advanced Persistent Threat) with the characteristics of persistence, stealth, and
diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure …
diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure …
Query Provenance Analysis: Efficient and Robust Defense against Query-based Black-box Attacks
Query-based black-box attacks have emerged as a significant threat to machine learning
systems, where adversaries can manipulate the input queries to generate adversarial …
systems, where adversaries can manipulate the input queries to generate adversarial …
RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning
Advanced persistent threats (APTs) pose significant challenges for organizations, leading to
data breaches, financial losses, and reputational damage. Existing provenance-based …
data breaches, financial losses, and reputational damage. Existing provenance-based …
Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection
As cyber-attacks become increasingly sophisticated and stealthy, it becomes more
imperative and challenging to detect intrusion from normal behaviors. Through fine-grained …
imperative and challenging to detect intrusion from normal behaviors. Through fine-grained …
ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files
Recent years have witnessed a surge in the growth of Advanced Persistent Threats (APTs),
with significant challenges to the security landscape, affecting industry, governance, and …
with significant challenges to the security landscape, affecting industry, governance, and …
TAGS: Real-time Intrusion Detection with Tag-Propagation-based Provenance Graph Alignment on Streaming Events
The evolution and advancement of cyberattacks pose challenges to existing security
products. Recent concentrated research on provenance graph-based detection has proved …
products. Recent concentrated research on provenance graph-based detection has proved …
METANOIA: A Lifelong Intrusion Detection and Investigation System for Mitigating Concept Drift
J Ying, T Zhu, A Zheng, T Chen, M Lv… - arXiv preprint arXiv …, 2024 - arxiv.org
As Advanced Persistent Threat (APT) complexity increases, provenance data is increasingly
used for detection. Anomaly-based systems are gaining attention due to their attack …
used for detection. Anomaly-based systems are gaining attention due to their attack …
Obfuscating Provenance-Based Forensic Investigations with Mapping System Meta-Behavior
A Sang, Y Wang, L Yang, J Jia, L Zhou - Proceedings of the 27th …, 2024 - dl.acm.org
The provenance graph technique has gained popularity for attack analysis, such as
Advanced Persistent Threat (APT) attacks, by creating entity interaction graphs from host …
Advanced Persistent Threat (APT) attacks, by creating entity interaction graphs from host …
After the Breach: Incident Response within Enterprises
S Rao - arXiv preprint arXiv:2406.07559, 2024 - arxiv.org
Enterprises are constantly under attack from sophisticated adversaries. These adversaries
use a variety of techniques to first gain access to the enterprise, then spread laterally inside …
use a variety of techniques to first gain access to the enterprise, then spread laterally inside …
Building a practical provenance-based intrusion detection and reporting system
J Liang - 2024 - open.library.ubc.ca
In computer systems, provenance graphs describe causal relationships among operating
system entities (eg, processes, files, and sockets) to represent a system's execution history …
system entities (eg, processes, files, and sockets) to represent a system's execution history …