UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

01/06/2020
by   Xueyuan Han, et al.
0

Advanced Persistent Threats (APTs) are difficult to detect due to their "low-and-slow" attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based APT detector that effectively leverages data provenance analysis. From modeling to detection, UNICORN tailors its design specifically for the unique characteristics of APTs. Through extensive yet time-efficient graph analysis, UNICORN explores provenance graphs that provide rich contextual and historical information to identify stealthy anomalous activities without pre-defined attack signatures. Using a graph sketching technique, it summarizes long-running system execution with space efficiency to combat slow-acting attacks that take place over a long time span. UNICORN further improves its detection capability using a novel modeling approach to understand long-term behavior as the system evolves. Our evaluation shows that UNICORN outperforms an existing state-of-the-art APT detection system and detects real-life APT scenarios with high accuracy.

READ FULL TEXT
research
04/06/2023

TBDetector:Transformer-Based Detector for Advanced Persistent Threats with Provenance Graph

APT detection is difficult to detect due to the long-term latency, cover...
research
11/08/2021

threaTrace: Detecting and Tracing Host-based Threats in Node Level Through Provenance Graph Learning

Host-based threats such as Program Attack, Malware Implantation, and Adv...
research
03/21/2019

On Preempting Advanced Persistent Threats Using Probabilistic Graphical Models

This paper presents PULSAR, a framework for pre-empting Advanced Persist...
research
01/18/2021

Applying High-Performance Bioinformatics Tools for Outlier Detection in Log Data

Most of today's security solutions, such as security information and eve...
research
07/28/2020

Cognitive Honeypots against Lateral Movement for Mitigation of Long-Term Vulnerability

Lateral movement of advanced persistent threats (APTs) has posed a sever...
research
02/01/2018

Anomaly Detection in Log Data using Graph Databases and Machine Learning to Defend Advanced Persistent Threats

Advanced Persistent Threats (APTs) are a main impendence in cyber securi...
research
05/20/2021

A Rule Mining-Based Advanced Persistent Threats Detection System

Advanced persistent threats (APT) are stealthy cyber-attacks that are ai...

Please sign up or login with your details

Forgot password? Click here to reset