Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …

Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …

Fileless attacks have gained significant prominence and have become the prevailing type of
attack in recent years. The exceptional level of stealthiness and difficulty in detection …

System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …

Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …

Causality analysis generates a dependency graph from system audit logs, which has
emerged as an important solution for attack investigation. In the dependency graph, nodes …

Today's advanced cyber attack campaigns can often bypass all existing protections. The
primary defense against them is after-the-fact detection, followed by a forensic analysis to …

Serverless computing has freed developers from the burden of managing their own platform
and infrastructure, allowing them to rapidly prototype and deploy applications. Despite its …

Audit systems maintain detailed logs of security-related events on enterprise machines to
forensically analyze potential incidents. In principle, these logs should be safely stored in a …

Auditing is an increasingly essential tool for the defense of computing systems, but the
unwieldy nature of log data imposes significant burdens on administrators and analysts. To …