Provenance-based intrusion detection systems: A survey
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
Dealing with information overload: a comprehensive review
Information overload is a problem that is being exacerbated by the ongoing digitalization of
the world of work and the growing use of information and communication technologies …
the world of work and the growing use of information and communication technologies …
Unicorn: Runtime provenance-based detector for advanced persistent threats
Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
{ATLAS}: A sequence-based learning approach for attack investigation
Advanced Persistent Threats (APT) involve multiple attack steps over a long period, and
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
Kairos: Practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
[PDF][PDF] You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
To subvert recent advances in perimeter and host security, the attacker community has
developed and employed various attack vectors to make a malware much stealthier than …
developed and employed various attack vectors to make a malware much stealthier than …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
{MAGIC}: Detecting advanced persistent threats via masked graph representation learning
Z Jia, Y **ong, Y Nan, Y Zhang, J Zhao… - 33rd USENIX Security …, 2024 - usenix.org
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming
increasing common and pose great threat to various enterprises and institutions. Data …
increasing common and pose great threat to various enterprises and institutions. Data …
Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …
have compromised an enterprise network for a long time without being discovered. To have …