A baseline for unsupervised advanced persistent threat detection in system-level provenance

被引：13

作者：

Berrada, Ghita ^{[1
]}

Cheney, James ^{[1
,3
]}

Benabderrahmane, Sidahmed ^{[1
]}

Maxwell, William ^{[2
]}

Mookherjee, Himan ^{[1
]}

Theriault, Alec ^{[2
]}

Wright, Ryan ^{[2
]}

机构：

[1] Univ Edinburgh, Sch Informat, 10 Crichton St, Edinburgh, Midlothian, Scotland

[2] Galois Inc, Portland, OR USA

[3] Alan Turing Inst, London, England

来源：

FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2020年 / 108卷

基金：

欧洲研究理事会;

关键词：

Anomaly detection; Advanced persistent threats; Unsupervised learning; Cyber security; Provenance; DETECTION STRATEGY;

D O I：

10.1016/j.future.2020.02.015

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Advanced persistent threats (APTs) are stealthy, sophisticated, and unpredictable cyberattacks that can steal intellectual property, damage critical infrastructure, or cause millions of dollars in damage. Detecting APTs by monitoring system-level activity is difficult because manually inspecting the high volume of normal system activity is overwhelming for security analysts. We evaluate the effectiveness of unsupervised batch and streaming anomaly detection algorithms over multiple gigabytes of provenance traces recorded on four different operating systems to determine whether they can detect realistic APT-like attacks reliably and efficiently. This article is the first detailed study of the effectiveness of generic unsupervised anomaly detection techniques in this setting. (C) 2020 Elsevier B.V. All rights reserved.

引用

页码：401 / 413

页数：13

共 50 条

[1] Threat detection and investigation with system-level provenance graphs: A survey
Li, Zhenyuan
Chen, Qi Alfred
Yang, Runqing
Chen, Yan
Ruan, Wei
COMPUTERS & SECURITY, 2021, 106
[2] System-level data management for endpoint advanced persistent threat detection: Issues, challenges and trends
Chen, Tieming
Zheng, Chenbin
Zhu, Tiantian
Xiong, Chunlin
Ying, Jie
Yuan, Qixuan
Cheng, Wenrui
Lv, Mingqi
COMPUTERS & SECURITY, 2023, 135
[3] Advanced Persistent Threat Detection Using Data Provenance and Metric Learning
Akbar, Khandakar Ashrafi
Wang, Yigong
Ayoade, Gbadebo
Gao, Yang
Singhal, Anoop
Khan, Latifur
Thuraisingham, Bhavani
Jee, Kangkook
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2023, 20 (05) : 3957 - 3969
[4] Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning
Ayoade, Gbadebo
Akbar, Khandakar Ashrafi
Sahoo, Pracheta
Gao, Yang
Agarwal, Anmol
Jee, Kangkook
Khan, Latifur
Singhal, Anoop
2020 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2020,
[5] ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection
Anjum, Md Monowar
Iqbal, Shahrear
Hamelin, Benoit
37TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, 2022, : 1684 - 1693
[6] Efficient Differencing of System-level Provenance Graphs
Nakamura, Yuta
Kanj, Iyad
Malik, Tanu
PROCEEDINGS OF THE 32ND ACM INTERNATIONAL CONFERENCE ON INFORMATION AND KNOWLEDGE MANAGEMENT, CIKM 2023, 2023, : 4220 - 4223
[7] Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism
Li Y.
Luo H.
Wang X.
Yuan J.
Tongxin Xuebao/Journal on Communications, 2024, 45 (03): : 117 - 130
[8] Advanced persistent threat detection via mining long-term features in provenance graphs
Xu, Fan
Zhao, Qinxin
Liu, Xiaoxiao
Wang, Nan
Gao, Meiqi
Wen, Xuezhi
Zhang, Dalin
FRONTIERS OF COMPUTER SCIENCE, 2025, 19 (10)
[9] Advanced Persistent Threat Detection: A Survey
Khalid, Adam
Zainal, Anazida
Maarof, Mohd Aizaini
Ghaleb, Fuad A.
2021 3RD INTERNATIONAL CYBER RESILIENCE CONFERENCE (CRC), 2021, : 84 - 89
[10] Analysing system behaviour by automatic benchmarking of system-level provenance
Chan, Sheung Chi
MIDDLEWARE'19: PROCEEDINGS OF THE 2019 20TH INTERNATIONAL MIDDLEWARE CONFERENCE DOCTORAL SYMPOSIUM, 2019, : 1 - 5

← 1 2 3 4 5 →