Threat Detection and Investigation with System-level Provenance Graphs: A Survey

06/02/2020
by   Zhenyuan Li, et al.
0

With the development of information technology, the border of the cyberspace gets much broader, exposing more and more vulnerabilities to attackers. Traditional mitigation-based defence strategies are challenging to cope with the current complicated situation. Security practitioners urgently need better tools to describe and modelling attacks for defence. The provenance graph seems like an ideal method for threat modelling with powerful semantic expression ability and attacks historic correlation ability. In this paper, we firstly introduce the basic concepts about system-level provenance graph and proposed typical system architecture for provenance graph-based threat detection and investigation. A comprehensive provenance graph-based threat detection system can be divided into three modules, namely, "data collection module", "data management module", and "threat detection modules". Each module contains several components and involves many research problem. We systematically analyzed the algorithms and design details involved. By comparison, we give the strategy of technology selection. Moreover, we pointed out the shortcomings of the existing work for future improvement.

READ FULL TEXT
research
03/07/2020

ATHAFI: Agile Threat Hunting And Forensic Investigation

Attackers rapidly change their attacks to evade detection. Even the most...
research
06/04/2023

Discussion Paper: The Threat of Real Time Deepfakes

Generative deep learning models are able to create realistic audio and v...
research
07/29/2023

Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation

System auditing is a crucial technique for detecting APT attacks. Howeve...
research
02/14/2023

Graph-based Village Level Poverty Identification

Poverty status identification is the first obstacle to eradicating pover...
research
02/14/2023

Security Threat Mitigation For Smart Contracts: A Survey

The blockchain technology has been used for recording state transitions ...
research
07/16/2020

Deep ahead-of-threat virtual patching

Many applications have security vulnerabilities that can be exploited. I...
research
09/01/2018

Insider Threat Detection Through Attributed Graph Clustering

While most organizations continue to invest in traditional network defen...

Please sign up or login with your details

Forgot password? Click here to reset