Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …
have compromised an enterprise network for a long time without being discovered. To have …
System-Level Data Management for Endpoint Advanced Persistent Threat Detection: Issues, Challenges and Trends
Advanced persistent threat (APT) attacks pose significant security threats to governments
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
Protracer: Towards practical provenance tracing by alternating between logging and tainting
ProTracer: towards practical provenance tracing by alternating between logging and
tainting Page 1 Please do not remove this page ProTracer: towards practical provenance …
tainting Page 1 Please do not remove this page ProTracer: towards practical provenance …
[PDF][PDF] Towards a Timely Causality Analysis for Enterprise Security.
The increasingly sophisticated Advanced Persistent Threat (APT) attacks have become a
serious challenge for enterprise IT security. Attack causality analysis, which tracks multi-hop …
serious challenge for enterprise IT security. Attack causality analysis, which tracks multi-hop …
Extractor: Extracting attack behavior from threat reports
The knowledge on attacks contained in Cyber Threat Intelligence (CTI) reports is very
important to effectively identify and quickly respond to cyber threats. However, this …
important to effectively identify and quickly respond to cyber threats. However, this …
[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …
support advanced attack detection and investigation. These monitors continuously record …
OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis
Recent advances in causality analysis have enabled investigators to trace multi-stage
attacks using whole-system provenance graphs. Based on system-layer audit logs (eg …
attacks using whole-system provenance graphs. Based on system-layer audit logs (eg …