all InfoSec news
Kairos: : Practical Intrusion Detection and Investigation using Whole-system Provenance. (arXiv:2308.05034v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Provenance graphs are structured audit logs that describe the history of a
system's execution. Recent studies have explored a variety of techniques to
analyze provenance graphs for automated host intrusion detection, focusing
particularly on advanced persistent threats. Sifting through their design
documents, we identify four common dimensions that drive the development of
provenance-based intrusion detection systems (PIDSes): scope (can PIDSes detect
modern attacks that infiltrate across application boundaries?), attack
agnosticity (can PIDSes detect novel attacks without a priori knowledge of …
advanced advanced persistent threats audit automated design detection documents graphs history host identify intrusion intrusion detection investigation kairos logs persistent persistent threats provenance studies system techniques threats