A survey on threat hunting in enterprise networks
With the rapidly evolving technological landscape, the huge development of the Internet of
Things, and the embracing of digital transformation, the world is witnessing an explosion in …
Things, and the embracing of digital transformation, the world is witnessing an explosion in …
[HTML][HTML] Evolving techniques in cyber threat hunting: A systematic review
In the rapidly changing cybersecurity landscape, threat hunting has become a critical
proactive defense against sophisticated cyber threats. While traditional security measures …
proactive defense against sophisticated cyber threats. While traditional security measures …
Euler: Detecting Network Lateral Movement via Scalable Temporal Link Prediction
Lateral movement is a key stage of system compromise used by advanced persistent
threats. Detecting it is no simple task. When network host logs are abstracted into discrete …
threats. Detecting it is no simple task. When network host logs are abstracted into discrete …
Deepaid: Interpreting and improving deep learning-based anomaly detection in security applications
Unsupervised Deep Learning (DL) techniques have been widely used in various security-
related anomaly detection applications, owing to the great promise of being able to detect …
related anomaly detection applications, owing to the great promise of being able to detect …
Graph neural networks for intrusion detection: A survey
T Bilot, N El Madhoun, K Al Agha, A Zouaoui - IEEE Access, 2023 - ieeexplore.ieee.org
Cyberattacks represent an ever-growing threat that has become a real priority for most
organizations. Attackers use sophisticated attack scenarios to deceive defense systems in …
organizations. Attackers use sophisticated attack scenarios to deceive defense systems in …
[PDF][PDF] Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation.
Concept drift is one of the most frustrating challenges for learning-based security
applications built on the closeworld assumption of identical distribution between training and …
applications built on the closeworld assumption of identical distribution between training and …
Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning
Host-based threats such as Program Attack, Malware Implantation, and Advanced Persistent
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
Threats (APT), are commonly adopted by modern attackers. Recent studies propose …
A survey on malware detection with graph representation learning
T Bilot, N El Madhoun, K Al Agha, A Zouaoui - ACM Computing Surveys, 2024 - dl.acm.org
Malware detection has become a major concern due to the increasing number and
complexity of malware. Traditional detection methods based on signatures and heuristics …
complexity of malware. Traditional detection methods based on signatures and heuristics …
True attacks, attack attempts, or benign triggers? an empirical measurement of network alerts in a security operations center
Security Operations Centers (SOCs) face the key challenge of handling excessive security
alerts. While existing works have studied this problem qualitatively via user studies, there is …
alerts. While existing works have studied this problem qualitatively via user studies, there is …
Gazeta: Game-theoretic zero-trust authentication for defense against lateral movement in 5g iot networks
The increasing connectivity in the 5G Internet of Things networks has enlarged the attack
surface and made the traditional security defense inadequate for sophisticated attackers …
surface and made the traditional security defense inadequate for sophisticated attackers …