Provenance-based intrusion detection systems: A survey
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
System-Level Data Management for Endpoint Advanced Persistent Threat Detection: Issues, Challenges and Trends
Advanced persistent threat (APT) attacks pose significant security threats to governments
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …
support advanced attack detection and investigation. These monitors continuously record …
A large-scale evaluation for log parsing techniques: How far are we?
Log data have facilitated various tasks of software development and maintenance, such as
testing, debugging and diagnosing. Due to the unstructured nature of logs, log parsing is …
testing, debugging and diagnosing. Due to the unstructured nature of logs, log parsing is …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Did we miss something important? studying and exploring variable-aware log abstraction
Due to the sheer size of software logs, developers rely on automated techniques for log
analysis. One of the first and most important steps of automated log analysis is log …
analysis. One of the first and most important steps of automated log analysis is log …
{Back-Propagating} system dependency impact for attack investigation
Causality analysis on system auditing data has emerged as an important solution for attack
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
Poison forensics: Traceback of data poisoning attacks in neural networks
In adversarial machine learning, new defenses against attacks on deep learning systems
are routinely broken soon after their release by more powerful attacks. In this context …
are routinely broken soon after their release by more powerful attacks. In this context …
Depcomm: Graph summarization on system audit logs for attack investigation
Causality analysis generates a dependency graph from system audit logs, which has
emerged as an important solution for attack investigation. In the dependency graph, nodes …
emerged as an important solution for attack investigation. In the dependency graph, nodes …