Provenance-based intrusion detection systems: A survey
Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
sophistication of cyberattacks such as Advanced Persistent Threats (APT). Due to their high …
KAIROS: practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
Sometimes, you aren't what you do: Mimicry attacks against provenance graph host intrusion detection systems
Reliable methods for host-layer intrusion detection remained an open problem within
computer security. Recent research has recast intrusion detection as a provenance graph …
computer security. Recent research has recast intrusion detection as a provenance graph …
Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
Pagoda: A hybrid approach to enable efficient real-time provenance based intrusion detection in big data environments
Efficient intrusion detection and analysis of the security landscape in big data environments
present challenge for today's users. Intrusion behavior can be described by provenance …
present challenge for today's users. Intrusion behavior can be described by provenance …
Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning
Host-based threats such as Program Attack, Malware Implantation, and Advanced Persistent
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
{MAGIC}: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Z Jia, Y Xiong, Y Nan, Y Zhang, J Zhao… - 33rd USENIX Security …, 2024 - usenix.org
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming
increasing common and pose great threat to various enterprises and institutions. Data …
increasing common and pose great threat to various enterprises and institutions. Data …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
Are we there yet? an industrial viewpoint on provenance-based endpoint detection and response tools
Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …