With the development of information technology, the border of the cyberspace gets much broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
SM Milajerdi, R Gjomemo, B Eshete… - … IEEE Symposium on …, 2019 - ieeexplore.ieee.org
In this paper, we present HOLMES, a system that implements a new approach to the detection of Advanced and Persistent Threats (APTs). HOLMES is inspired by several case …
System auditing provides a low-level view into cyber threats by monitoring system entity interactions. In response to advanced cyber-attacks, one prevalent solution is to apply data …
SM Milajerdi, B Eshete, R Gjomemo… - Proceedings of the …, 2019 - dl.acm.org
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might have compromised an enterprise network for a long time without being discovered. To have …
Endpoint monitoring solutions are widely deployed in today's enterprise environments to support advanced attack detection and investigation. These monitors continuously record …
We are witnessing a rapid escalation in targeted cyber-attacks called Advanced and Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …
Recent advances in causality analysis have enabled investigators to trace multi-stage attacks using whole-system provenance graphs. Based on system-layer audit logs (eg …
MA Inam, Y Chen, A Goyal, J Liu, J Mink… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Auditing, a central pillar of operating system security, has only recently come into its own as an active area of public research. This resurgent interest is due in large part to the notion of …
Causality analysis on system auditing data has emerged as an important solution for attack investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …