Provenance-based intrusion detection systems: A survey

M Zipperle, F Gottwalt, E Chang, T Dillon - ACM Computing Surveys, 2022 - dl.acm.org
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …

Tactical provenance analysis for endpoint detection and response systems

WU Hassan, A Bates, D Marino - 2020 IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …

System-Level Data Management for Endpoint Advanced Persistent Threat Detection: Issues, Challenges and Trends

T Chen, C Zheng, T Zhu, C Xiong, J Ying, Q Yuan… - Computers & …, 2023 - Elsevier
Advanced persistent threat (APT) attacks pose significant security threats to governments
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …

[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.

J Zeng, ZL Chua, Y Chen, K Ji, Z Liang, J Mao - NDSS, 2021 - mimicji.github.io
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …

A large-scale evaluation for log parsing techniques: How far are we?

Z Jiang, J Liu, J Huang, Y Li, Y Huo, J Gu… - Proceedings of the 33rd …, 2024 - dl.acm.org
Log data have facilitated various tasks of software development and maintenance, such as
testing, debugging and diagnosing. Due to the unstructured nature of logs, log parsing is …

Sok: History is a vast early warning system: Auditing the provenance of system intrusions

MA Inam, Y Chen, A Goyal, J Liu, J Mink… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …

Did we miss something important? studying and exploring variable-aware log abstraction

Z Li, C Luo, TH Chen, W Shang, S He… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Due to the sheer size of software logs, developers rely on automated techniques for log
analysis. One of the first and most important steps of automated log analysis is log …

{Back-Propagating} system dependency impact for attack investigation

P Fang, P Gao, C Liu, E Ayday, K Jee, T Wang… - 31st USENIX Security …, 2022 - usenix.org
Causality analysis on system auditing data has emerged as an important solution for attack
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …

Poison forensics: Traceback of data poisoning attacks in neural networks

S Shan, AN Bhagoji, H Zheng, BY Zhao - 31st USENIX Security …, 2022 - usenix.org
In adversarial machine learning, new defenses against attacks on deep learning systems
are routinely broken soon after their release by more powerful attacks. In this context …

Depcomm: Graph summarization on system audit logs for attack investigation

Z Xu, P Fang, C Liu, X Xiao, Y Wen… - 2022 IEEE Symposium …, 2022 - ieeexplore.ieee.org
Causality analysis generates a dependency graph from system audit logs, which has
emerged as an important solution for attack investigation. In the dependency graph, nodes …