English
Related papers

Related papers: DEFENDCLI: {Command-Line} Driven Attack Provenance…

200 papers

With the development of information technology, the border of the cyberspace gets much broader, exposing more and more vulnerabilities to attackers. Traditional mitigation-based defence strategies are challenging to cope with the current…

Cryptography and Security · Computer Science 2020-12-15 Zhenyuan Li , Qi Alfred Chen , Runqing Yang , Yan Chen

Provenance analysis based on system audit data has emerged as a fundamental approach for investigating Advanced Persistent Threat (APT) attacks. Due to the high concealment and long-term persistence of APT attacks, they are only represented…

Cryptography and Security · Computer Science 2025-10-28 Qi Sheng

While Endpoint Detection and Response (EDR) are able to efficiently monitor threats by comparing static rules to the event stream, their inability to incorporate past system context leads to high rates of false alarms. Recent work has…

Cryptography and Security · Computer Science 2024-08-27 Akul Goyal , Jason Liu , Adam Bates , Gang Wang

Recent research in both academia and industry has validated the effectiveness of provenance graph-based detection for advanced cyber attack detection and investigation. However, analyzing large-scale provenance graphs often results in…

Cryptography and Security · Computer Science 2024-07-11 Zhenyuan Li , Yangyang Wei , Xiangmin Shen , Lingzhi Wang , Yan Chen , Haitao Xu , Shouling Ji , Fan Zhang , Liang Hou , Wenmao Liu , Xuhong Zhang , Jianwei Ying

Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial for future APT defenses. Despite the fact that numerous new techniques to improve P-EDR systems have been proposed in academia, it is still unclear whether…

Cryptography and Security · Computer Science 2023-07-18 Feng Dong , Shaofei Li , Peng Jiang , Ding Li , Haoyu Wang , Liangyi Huang , Xusheng Xiao , Jiedong Chen , Xiapu Luo , Yao Guo , Xiangqun Chen

Edge nodes are crucial for detection against multitudes of cyber attacks on Internet-of-Things endpoints and is set to become part of a multi-billion industry. The resource constraints in this novel network infrastructure tier constricts…

Cryptography and Security · Computer Science 2022-07-07 Praneet Singh , Jishnu Jaykumar , Akhil Pankaj , Reshmi Mitra

Complex heterogeneous dynamic networks like knowledge graphs are powerful constructs that can be used in modeling data provenance from computer systems. From a security perspective, these attributed graphs enable causality analysis and…

Cryptography and Security · Computer Science 2022-03-08 Maya Kapoor , Joshua Melton , Michael Ridenhour , Mahalavanya Sriram , Thomas Moyer , Siddharth Krishnan

The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors.…

Cryptography and Security · Computer Science 2024-04-19 Yuntao Wang , Han Liu , Zhendong Li , Zhou Su , Jiliang Li

Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known defense mechanisms. Provenance provides a detailed, structured history of the interactions of digital…

Cryptography and Security · Computer Science 2018-06-05 Xueyuan Han , Thomas Pasquier , Margo Seltzer

Provenance graphs model causal system-level interactions from logs, enabling anomaly detectors to learn normal behavior and detect deviations as attacks. However, existing approaches rely on brittle, manually engineered rules to build…

Cryptography and Security · Computer Science 2026-03-19 Kushankur Ghosh , Mehar Klair , Kian Kyars , Euijin Choo , Jörg Sander

Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false…

Cryptography and Security · Computer Science 2024-05-07 Tiantian Zhu , Jie Ying , Tieming Chen , Chunlin Xiong , Wenrui Cheng , Qixuan Yuan , Aohan Zheng , Mingqi Lv , Yan Chen

Advanced Persistent Threat (APT) have grown increasingly complex and concealed, posing formidable challenges to existing Intrusion Detection Systems in identifying and mitigating these attacks. Recent studies have incorporated graph…

Cryptography and Security · Computer Science 2025-09-18 Wenhan Jiang , Tingting Chai , Hongri Liu , Kai Wang , Hongke Zhang

Advanced cyber threats (e.g., Fileless Malware and Advanced Persistent Threat (APT)) have driven the adoption of provenance-based security solutions. These solutions employ Machine Learning (ML) models for behavioral modeling and critical…

Cryptography and Security · Computer Science 2025-10-10 Kunal Mukherjee , Joshua Wiedemeier , Tianhao Wang , Muhyun Kim , Feng Chen , Murat Kantarcioglu , Kangkook Jee

Advanced Persistent Threats (APTs) represent a significant challenge in cybersecurity due to their prolonged, multi-stage nature and the sophistication of their operators. Traditional detection systems typically focus on identifying…

Cryptography and Security · Computer Science 2025-08-04 Alessandro Gaudenzi , Lorenzo Nodari , Lance Kaplan , Alessandra Russo , Murat Sensoy , Federico Cerutti

Advanced persistent threats (APTs) are stealthy and multi-stage, making single-point defenses (e.g., malware- or traffic-based detectors) ill-suited to capture long-range and cross-entity attack semantics. Provenance-graph analysis has…

Cryptography and Security · Computer Science 2026-01-14 Mingqi Lv , Shanshan Zhang , Haiwen Liu , Tieming Chen , Tiantian Zhu

Provenance-based threat hunting identifies Advanced Persistent Threats (APTs) on endpoints by correlating attack patterns described in Cyber Threat Intelligence (CTI) with provenance graphs derived from system audit logs. A fundamental…

Cryptography and Security · Computer Science 2026-01-01 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tieming Chen , Tiantian Zhu , Qijie Song , Shouling Ji

Advanced Persistent Threat (APT) is challenging to detect due to prolonged duration, infrequent occurrence, and adept concealment techniques. Existing approaches primarily concentrate on the observable traits of attack behaviors, neglecting…

Cryptography and Security · Computer Science 2024-04-05 Xiaoxiao Liu , Fan Xu , Nan Wang , Qinxin Zhao , Dalin Zhang , Xibin Zhao , Jiqiang Liu

A cyber-attack is a malicious attempt by experienced hackers to breach the target information system. Usually, the cyber-attacks are characterized as hybrid TTPs (Tactics, Techniques, and Procedures) and long-term adversarial behaviors,…

Cryptography and Security · Computer Science 2021-12-17 Mingqi Lv , Chengyu Dong , Tieming Chen , Tiantian Zhu , Qijie Song , Yuan Fan

Provenance analysis (PA) has recently emerged as an important solution for cyber attack investigation. PA leverages system monitoring to monitor system activities as a series of system audit events and organizes these events as a provenance…

Cryptography and Security · Computer Science 2025-10-31 Fei Shao , Jia Zou , Zhichao Cao , Xusheng Xiao

Advanced Persistent Threats (APTs) evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a…

Cryptography and Security · Computer Science 2026-05-06 Trung V. Phan , Thomas Bauschert
‹ Prev 1 2 3 10 Next ›