Are we there yet? an industrial viewpoint on provenance-based endpoint detection and response tools
Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
A survey on the evolution of fileless attacks and detection techniques
S Liu, G Peng, H Zeng, J Fu - Computers & Security, 2024 - Elsevier
Fileless attacks have gained significant prominence and have become the prevailing type of
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
Kairos: Practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
Implementing a pass-through mechanism to mitigate ransomware-induced encryption on ntfs
V Lerivi, E Vasquez, L Hoffmann, A Caruso - 2024 - researchsquare.com
Ransomware attacks have increasingly exploited the NT File System (NTFS) to encrypt
critical data, leading to significant disruptions and financial losses across various sectors …
critical data, leading to significant disruptions and financial losses across various sectors …
Risk taxonomy, mitigation, and assessment benchmarks of large language model systems
Large language models (LLMs) have strong capabilities in solving diverse natural language
processing tasks. However, the safety and security issues of LLM systems have become the …
processing tasks. However, the safety and security issues of LLM systems have become the …
Evading {Provenance-Based}{ML} detectors with adversarial system actions
K Mukherjee, J Wiedemeier, T Wang, J Wei… - 32nd USENIX Security …, 2023 - usenix.org
We present PROVNINJA, a framework designed to generate adversarial attacks that aim to
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
[PDF][PDF] Empowering practical root cause analysis by large language models for cloud incidents
Ensuring the reliability and availability of cloud services necessitates efficient root cause
analysis (RCA) for cloud incidents. Traditional RCA methods, which rely on manual …
analysis (RCA) for cloud incidents. Traditional RCA methods, which rely on manual …
{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
Automatic root cause analysis via large language models for cloud incidents
Ensuring the reliability and availability of cloud services necessitates efficient root cause
analysis (RCA) for cloud incidents. Traditional RCA methods, which rely on manual …
analysis (RCA) for cloud incidents. Traditional RCA methods, which rely on manual …
eAudit: A Fast, Scalable and Deployable Audit Data Collection System*
Today's advanced cyber attack campaigns can often bypass all existing protections. The
primary defense against them is after-the-fact detection, followed by a forensic analysis to …
primary defense against them is after-the-fact detection, followed by a forensic analysis to …