Kairos: Practical intrusion detection and investigation using whole-system provenance
Provenance graphs are structured audit logs that describe the history of a system's
execution. Recent studies have explored a variety of techniques to analyze provenance …
execution. Recent studies have explored a variety of techniques to analyze provenance …
A survey on the evolution of fileless attacks and detection techniques
S Liu, G Peng, H Zeng, J Fu - Computers & Security, 2024 - Elsevier
Fileless attacks have gained significant prominence and have become the prevailing type of
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
attack in recent years. The exceptional level of stealthiness and difficulty in detection …
Risk taxonomy, mitigation, and assessment benchmarks of large language model systems
Large language models (LLMs) have strong capabilities in solving diverse natural language
processing tasks. However, the safety and security issues of LLM systems have become the …
processing tasks. However, the safety and security issues of LLM systems have become the …
A Survey on Advanced Persistent Threat Detection: A Unified Framework, Challenges, and Countermeasures
In recent years, frequent Advanced Persistent Threat (APT) attacks have caused disastrous
damage to critical facilities, leading to severe information leakages, economic losses, and …
damage to critical facilities, leading to severe information leakages, economic losses, and …
TREC: APT tactic/technique recognition via few-shot provenance subgraph learning
M Lv, HZ Gao, X Qiu, T Chen, T Zhu, J Chen… - Proceedings of the 2024 …, 2024 - dl.acm.org
APT (Advanced Persistent Threat) with the characteristics of persistence, stealth, and
diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure …
diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure …
Lan: learning adaptive neighbors for real-time insider threat detection
Enterprises and organizations are faced with potential threats from insider employees that
may lead to serious consequences. Previous studies on insider threat detection (ITD) mainly …
may lead to serious consequences. Previous studies on insider threat detection (ITD) mainly …
[PDF][PDF] FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Recently, provenance-based Intrusion Detection Systems (IDSes) have gained popularity for
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …
their potential in detecting sophisticated Advanced Persistent Threat (APT) attacks. These …
Prov2vec: Learning provenance graph representation for anomaly detection in computer systems
B Bhattarai, HH Huang - … of the 19th International Conference on …, 2024 - dl.acm.org
Modern cyber attackers use advanced zero-day exploits, highly targeted spear phishing,
and other social engineering techniques to gain access, and also use evasion techniques to …
and other social engineering techniques to gain access, and also use evasion techniques to …
Rules Refine the Riddle: Global Explanation for Deep Learning-Based Anomaly Detection in Security Applications
Deep learning (DL) based anomaly detection has shown great promise in the field of
security due to its remarkable performance in various tasks. However, the issue of poor …
security due to its remarkable performance in various tasks. However, the issue of poor …
A multi-source log semantic analysis-based attack investigation approach
Abstract As Advanced Persistent Threats (APT) become increasingly complex and
destructive, security analysts often use log data for performing attack investigation. Existing …
destructive, security analysts often use log data for performing attack investigation. Existing …