English
Related papers

Related papers: ProvAgent: Threat Detection Based on Identity-Beha…

200 papers

Advanced Persistent Threats (APTs) remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This…

Cryptography and Security · Computer Science 2026-03-23 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tiantian Zhu , Tieming Chen

Advanced Persistent Threats (APTs) are difficult to detect due to their complexity and stealthiness. To mitigate such attacks, many approaches model entities and their relationship using provenance graphs to detect the stealthy and…

Cryptography and Security · Computer Science 2026-01-06 Wenhao Yan , Ning An , Wei Qiao , Weiheng Wu , Bo Jiang , Zhigang Lu , Baoxu Liu , Junrong Liu

The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors.…

Cryptography and Security · Computer Science 2024-04-19 Yuntao Wang , Han Liu , Zhendong Li , Zhou Su , Jiliang Li

Advanced persistent threats (APT) are stealthy cyber-attacks that are aimed at stealing valuable information from target organizations and tend to extend in time. Blocking all APTs is impossible, security experts caution, hence the…

Cryptography and Security · Computer Science 2021-05-24 Sidahmed Benabderrahmane , Ghita Berrada , James Cheney , Petko Valtchev

Advanced Persistent Threat (APT) have grown increasingly complex and concealed, posing formidable challenges to existing Intrusion Detection Systems in identifying and mitigating these attacks. Recent studies have incorporated graph…

Cryptography and Security · Computer Science 2025-09-18 Wenhan Jiang , Tingting Chai , Hongri Liu , Kai Wang , Hongke Zhang

We introduce PROVSEEK, an LLM-powered agentic framework for automated provenance-driven forensic analysis and threat intelligence extraction. PROVSEEK employs specialized toolchains to dynamically retrieve relevant context by generating…

Cryptography and Security · Computer Science 2025-11-18 Kunal Mukherjee , Murat Kantarcioglu

Large Language Models (LLMs) and other foundation models are increasingly used as the core of AI agents. In agentic workflows, these agents plan tasks, interact with humans and peers, and influence scientific outcomes across federated and…

Distributed, Parallel, and Cluster Computing · Computer Science 2025-08-21 Renan Souza , Amal Gueroudji , Stephen DeWitt , Daniel Rosendo , Tirthankar Ghosal , Robert Ross , Prasanna Balaprakash , Rafael Ferreira da Silva

Modern cyber attackers use advanced zero-day exploits, highly targeted spear phishing, and other social engineering techniques to gain access and also use evasion techniques to maintain a prolonged presence within the victim network while…

Cryptography and Security · Computer Science 2023-10-03 Bibek Bhattarai , H. Howie Huang

APT detection is difficult to detect due to the long-term latency, covert and slow multistage attack patterns of Advanced Persistent Threat (APT). To tackle these issues, we propose TBDetector, a transformer-based advanced persistent threat…

Cryptography and Security · Computer Science 2025-07-18 Nan Wang , Xuezhi Wen , Dalin Zhang , Xibin Zhao , Jiahui Ma , Mengxia Luo , Fan Xu , Sen Nie , Shi Wu , Jiqiang Liu

Advanced persistent threats (APTs) pose significant challenges for organizations, leading to data breaches, financial losses, and reputational damage. Existing provenance-based approaches for APT detection often struggle with high false…

Cryptography and Security · Computer Science 2024-06-11 Yonatan Amaru , Prasanna Wudali , Yuval Elovici , Asaf Shabtai

The rapid evolution of sophisticated cyberattacks has strained modern Security Operations Centers (SOC), which traditionally rely on rule-based or signature-driven detection systems. These legacy frameworks often generate high volumes of…

Cryptography and Security · Computer Science 2026-03-03 Chuanming Tang , Ling Qing , Shifeng Chen

Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming increasing common and pose great threat to various enterprises and institutions. Data provenance analysis on provenance graphs has emerged as a common…

Cryptography and Security · Computer Science 2023-10-17 Zian Jia , Yun Xiong , Yuhong Nan , Yao Zhang , Jinjing Zhao , Mi Wen

Provenance graphs are useful and powerful tools for representing system-level activities in cybersecurity; however, existing approaches often struggle with complex queries and flexible reasoning. This paper presents a novel approach using…

Cryptography and Security · Computer Science 2025-01-27 Fang Li , Fei Zuo , Gopal Gupta

Advanced Persistent Threats (APTs) have caused significant losses across a wide range of sectors, including the theft of sensitive data and harm to system integrity. As attack techniques grow increasingly sophisticated and stealthy, the…

Cryptography and Security · Computer Science 2025-03-27 Fei Zuo , Junghwan Rhee , Yung Ryn Choe

Provenance-based threat hunting identifies Advanced Persistent Threats (APTs) on endpoints by correlating attack patterns described in Cyber Threat Intelligence (CTI) with provenance graphs derived from system audit logs. A fundamental…

Cryptography and Security · Computer Science 2026-01-01 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tieming Chen , Tiantian Zhu , Qijie Song , Shouling Ji

Advanced Persistent Threats (APTs) are difficult to detect due to their "low-and-slow" attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based APT detector that effectively leverages data provenance…

Cryptography and Security · Computer Science 2020-01-15 Xueyuan Han , Thomas Pasquier , Adam Bates , James Mickens , Margo Seltzer

Advanced persistent threats (APTs) are stealthy and multi-stage, making single-point defenses (e.g., malware- or traffic-based detectors) ill-suited to capture long-range and cross-entity attack semantics. Provenance-graph analysis has…

Cryptography and Security · Computer Science 2026-01-14 Mingqi Lv , Shanshan Zhang , Haiwen Liu , Tieming Chen , Tiantian Zhu

With the development of information technology, the border of the cyberspace gets much broader, exposing more and more vulnerabilities to attackers. Traditional mitigation-based defence strategies are challenging to cope with the current…

Cryptography and Security · Computer Science 2020-12-15 Zhenyuan Li , Qi Alfred Chen , Runqing Yang , Yan Chen

Modern enterprise networks comprise diverse and heterogeneous systems that support a wide range of services, making it challenging for administrators to track and analyze sophisticated attacks such as advanced persistent threats (APTs),…

Cryptography and Security · Computer Science 2025-11-13 Seunghyeon Lee , Hyunmin Seo , Hwanjo Heo , Anduo Wang , Seungwon Shin , Jinwoo Kim

Advanced Persistent Threats (APTs) represent sophisticated cyberattacks characterized by their ability to remain undetected within the victim system for extended periods, aiming to exfiltrate sensitive data or disrupt operations. Existing…

Cryptography and Security · Computer Science 2025-07-18 Wei Qiao , Yebo Feng , Teng Li , Zhuo Ma , Yulong Shen , JianFeng Ma , Yang Liu
‹ Prev 1 2 3 10 Next ›