{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
{DISTDET}: A {Cost-Effective} Distributed Cyber Threat Detection System
Building provenance graph that considers causal relationships among software behaviors
can better provide contextual information of cyber attacks, especially for advanced attacks …
can better provide contextual information of cyber attacks, especially for advanced attacks …
[PDF][PDF] MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Z Jia, Y Xiong, Y Nan, Y Zhang, J Zhao… - arXiv preprint arXiv …, 2023 - usenix.org
Abstract Advance Persistent Threats (APTs), adopted by most delicate attackers, are
becoming increasing common and pose great threat to various enterprises and institutions …
becoming increasing common and pose great threat to various enterprises and institutions …
ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search
We present ProvG-Searcher, a novel approach for detecting known APT behaviors within
system security logs. Our approach leverages provenance graphs, a comprehensive graph …
system security logs. Our approach leverages provenance graphs, a comprehensive graph …
Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning
Host-based threats such as Program Attack, Malware Implantation, and Advanced Persistent
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Nodlink: An online system for fine-grained apt attack detection and investigation
Advanced Persistent Threats (APT) attacks have plagued modern enterprises, causing
significant financial losses. To counter these attacks, researchers propose techniques that …
significant financial losses. To counter these attacks, researchers propose techniques that …
Aggregating unsupervised provenance anomaly detectors
System-level provenance offers great promise for improving security by facilitating the
detection of attacks. Unsupervised anomaly detection techniques are necessary to defend …
detection of attacks. Unsupervised anomaly detection techniques are necessary to defend …
Sometimes, you aren't what you do: Mimicry attacks against provenance graph host intrusion detection systems
Reliable methods for host-layer intrusion detection remained an open problem within
computer security. Recent research has recast intrusion detection as a provenance graph …
computer security. Recent research has recast intrusion detection as a provenance graph …
[PDF][PDF] FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Recently, provenance-based Intrusion Detection Systems (IDSes) have gained popularity for
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …