Evading {Provenance-Based}{ML} detectors with adversarial system actions
K Mukherjee, J Wiedemeier, T Wang, J Wei… - 32nd USENIX Security …, 2023 - usenix.org
We present PROVNINJA, a framework designed to generate adversarial attacks that aim to
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is …
Kairos:: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
[PDF][PDF] FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Recently, provenance-based Intrusion Detection Systems (IDSes) have gained popularity for
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …
Performance metrics of an intrusion detection system through Window-Based Deep Learning models
F Isiaka - Journal of Data Science and Intelligent Systems, 2024 - ojs.bonviewpress.com
Intrusion and prevention technologies perform reliably in harsh conditions by fortifying many
of the world's highest security sites with few defects in high performance. This paper aims to …
of the world's highest security sites with few defects in high performance. This paper aims to …
Combating Advanced Persistent Threats: Challenges and Solutions
The rise of advanced persistent threats (APTs) has marked a significant cybersecurity
challenge, characterized by sophisticated orchestration, stealthy execution, extended …
challenge, characterized by sophisticated orchestration, stealthy execution, extended …
Interpreting gnn-based ids detections using provenance graph structural features
K Mukherjee, J Wiedemeier, T Wang, M Kim… - arXiv preprint arXiv …, 2023 - arxiv.org
The black-box nature of complex Neural Network (NN)-based models has hindered their
widespread adoption in security domains due to the lack of logical explanations and …
widespread adoption in security domains due to the lack of logical explanations and …
[PDF][PDF] R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection
In modern enterprise security, endpoint detection products fire an alert when process activity
matches known attack behavior patterns. Human analysts then perform Root Cause …
matches known attack behavior patterns. Human analysts then perform Root Cause …
Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection
As cyber-attacks become increasingly sophisticated and stealthy, it becomes more
imperative and challenging to detect intrusion from normal behaviors. Through fine-grained …
imperative and challenging to detect intrusion from normal behaviors. Through fine-grained …
EagleEye: Attention to Unveil Malicious Event Sequences from Provenance Graphs
Securing endpoints is challenging due to the evolving nature of threats and attacks. With
endpoint logging systems becoming mature, provenance-graph representations enable the …
endpoint logging systems becoming mature, provenance-graph representations enable the …
Accurate and Scalable Detection and Investigation of Cyber Persistence Threats
In Advanced Persistent Threat (APT) attacks, achieving stealthy persistence within target
systems is often crucial for an attacker's success. This persistence allows adversaries to …
systems is often crucial for an attacker's success. This persistence allows adversaries to …