SPARSE: Semantic Tracking and Path Analysis for Attack Investigation in Real-time

arXiv:2405.02629v1 Announce Type: new
Abstract: As the complexity and destructiveness of Advanced Persistent Threat (APT) increase, there is a growing tendency to identify a series of actions undertaken to achieve the attacker's target, called attack investigation. Currently, analysts construct the provenance graph to perform causality analysis on Point-Of-Interest (POI) event for capturing critical events (related to the attack). However, due to the vast size of the provenance graph and the rarity of critical events, existing attack investigation methods suffer from …

actions advanced advanced persistent threat analysis analysts apt arxiv attack attacker called complexity cs.cr graph identify interest investigation path persistent persistent threat point provenance real semantic series target threat tracking