Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
Are we there yet? an industrial viewpoint on provenance-based endpoint detection and response tools
Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new …
[PDF][PDF] You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
To subvert recent advances in perimeter and host security, the attacker community has
developed and employed various attack vectors to make a malware much stealthier than …
developed and employed various attack vectors to make a malware much stealthier than …
Shadewatcher: Recommendation-guided cyber threat analysis using system audit records
System auditing provides a low-level view into cyber threats by monitoring system entity
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …
have compromised an enterprise network for a long time without being discovered. To have …
[PDF][PDF] WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
Endpoint monitoring solutions are widely deployed in today's enterprise environments to
support advanced attack detection and investigation. These monitors continuously record …
support advanced attack detection and investigation. These monitors continuously record …
Combating dependence explosion in forensic analysis using alternative tag propagation semantics
We are witnessing a rapid escalation in targeted cyber-attacks called Advanced and
Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …
Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …
{Back-Propagating} system dependency impact for attack investigation
Causality analysis on system auditing data has emerged as an important solution for attack
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
[HTML][HTML] KRYSTAL: Knowledge graph-based framework for tactical attack discovery in audit data
Attack graph-based methods are a promising approach towards discovering attacks and
various techniques have been proposed recently. A key limitation, however, is that …
various techniques have been proposed recently. A key limitation, however, is that …
[PDF][PDF] The cyber security body of knowledge
D Basin - University of Bristol, ch. Formal Methods for, 2021 - cybok.org
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of …
The project would like organisations using, or intending to use, CyBOK for the purposes of …