Threat detection and investigation with system-level provenance graphs: a survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
Exploration of mobile device behavior for mitigating advanced persistent threats (APT): a systematic literature review and conceptual framework
T Jabar, M Mahinderjit Singh - Sensors, 2022 - mdpi.com
During the last several years, the Internet of Things (IoT), fog computing, computer security,
and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile …
and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
{ATLAS}: A sequence-based learning approach for attack investigation
Advanced Persistent Threats (APT) involve multiple attack steps over a long period, and
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
Deepaid: Interpreting and improving deep learning-based anomaly detection in security applications
Unsupervised Deep Learning (DL) techniques have been widely used in various security-
related anomaly detection applications, owing to the great promise of being able to detect …
related anomaly detection applications, owing to the great promise of being able to detect …
[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …
support advanced attack detection and investigation. These monitors continuously record …
Deepcase: Semi-supervised contextual analysis of security events
Security monitoring systems detect potentially malicious activities in IT infrastructures, by
either looking for known signatures or for anomalous behaviors. Security operators …
either looking for known signatures or for anomalous behaviors. Security operators …
{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning
S Wang, Z Wang, T Zhou, H Sun, X Yin… - IEEE Transactions …, 2022 - ieeexplore.ieee.org
Host-based threats such as Program Attack, Malware Implantation, and Advanced Persistent
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …