[HTML][HTML] An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors
G Karantzas, C Patsakis - Journal of Cybersecurity and Privacy, 2021 - mdpi.com
Advanced persistent threats pose a significant challenge for blue teams as they apply
various attacks over prolonged periods, impeding event correlation and their detection. In …
various attacks over prolonged periods, impeding event correlation and their detection. In …
[HTML][HTML] KRYSTAL: Knowledge graph-based framework for tactical attack discovery in audit data
Attack graph-based methods are a promising approach towards discovering attacks and
various techniques have been proposed recently. A key limitation, however, is that …
various techniques have been proposed recently. A key limitation, however, is that …
Survivalism: Systematic analysis of windows malware living-off-the-land
F Barr-Smith, X Ugarte-Pedrero… - … IEEE Symposium on …, 2021 - ieeexplore.ieee.org
As malware detection algorithms and methods become more sophisticated, malware
authors adopt equally sophisticated evasion mechanisms to defeat them. Anecdotal …
authors adopt equally sophisticated evasion mechanisms to defeat them. Anecdotal …
{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
Depcomm: Graph summarization on system audit logs for attack investigation
Causality analysis generates a dependency graph from system audit logs, which has
emerged as an important solution for attack investigation. In the dependency graph, nodes …
emerged as an important solution for attack investigation. In the dependency graph, nodes …
Are we there yet? an industrial viewpoint on provenance-based endpoint detection and response tools
Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
Trace: Enterprise-wide provenance tracking for real-time apt detection
We present TRACE, a comprehensive provenance tracking system for scalable, real-time,
enterprise-wide APT detection. TRACE uses static analysis to identify program unit …
enterprise-wide APT detection. TRACE uses static analysis to identify program unit …
A malicious network traffic detection model based on bidirectional temporal convolutional network with multi-head self-attention mechanism
S Cai, H Xu, M Liu, Z Chen, G Zhang - Computers & Security, 2024 - Elsevier
The increasingly frequent network intrusions have brought serious impacts to the production
and life, thus malicious network traffic detection has received more and more attention in …
and life, thus malicious network traffic detection has received more and more attention in …
{DISTDET}: A {Cost-Effective} Distributed Cyber Threat Detection System
Building provenance graph that considers causal relationships among software behaviors
can better provide contextual information of cyber attacks, especially for advanced attacks …
can better provide contextual information of cyber attacks, especially for advanced attacks …
Hardlog: Practical tamper-proof system auditing using a novel audit device
Audit systems maintain detailed logs of security-related events on enterprise machines to
forensically analyze potential incidents. In principle, these logs should be safely stored in a …
forensically analyze potential incidents. In principle, these logs should be safely stored in a …