A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities
Abstract Information systems need to process a large amount of event monitoring data. The
process of finding the relationships between events is called correlation, which creates a …
process of finding the relationships between events is called correlation, which creates a …
Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
{ATLAS}: A sequence-based learning approach for attack investigation
Advanced Persistent Threats (APT) involve multiple attack steps over a long period, and
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
[PDF][PDF] You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
To subvert recent advances in perimeter and host security, the attacker community has
developed and employed various attack vectors to make a malware much stealthier than …
developed and employed various attack vectors to make a malware much stealthier than …
[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …
support advanced attack detection and investigation. These monitors continuously record …
Deepcase: Semi-supervised contextual analysis of security events
Security monitoring systems detect potentially malicious activities in IT infrastructures, by
either looking for known signatures or for anomalous behaviors. Security operators …
either looking for known signatures or for anomalous behaviors. Security operators …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Depcomm: Graph summarization on system audit logs for attack investigation
Causality analysis generates a dependency graph from system audit logs, which has
emerged as an important solution for attack investigation. In the dependency graph, nodes …
emerged as an important solution for attack investigation. In the dependency graph, nodes …