research
∙
08/09/2023
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of...
share
research
∙
08/03/2023
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
For safety reasons, unprivileged users today have only limited ways to c...
research
∙
11/03/2021
Secure Namespaced Kernel Audit for Containers
Despite the wide usage of container-based cloud computing, container aud...
research
∙
08/26/2020
SIGL: Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after i...
research
∙
05/10/2020
Xanthus: Push-button Orchestration of Host Provenance Data Collection
Host-based anomaly detectors generate alarms by inspecting audit logs fo...
research
∙
01/06/2020
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
Advanced Persistent Threats (APTs) are difficult to detect due to their ...
research
∙
08/18/2018
Runtime Analysis of Whole-System Provenance
Identifying the root cause and impact of a system intrusion remains a fo...
research
∙
06/04/2018
Provenance-based Intrusion Detection: Opportunities and Challenges
Intrusion detection is an arms race; attackers evade intrusion detection...
research
∙
11/30/2017
FRAPpuccino: Fault-detection through Runtime Analysis of Provenance
We present FRAPpuccino (or FRAP), a provenance-based fault detection mec...
research
∙
11/14/2017