A baseline for unsupervised advanced persistent threat detection in system-level provenance

被引：13

作者：

Berrada, Ghita ^{[1
]}

Cheney, James ^{[1
,3
]}

Benabderrahmane, Sidahmed ^{[1
]}

Maxwell, William ^{[2
]}

Mookherjee, Himan ^{[1
]}

Theriault, Alec ^{[2
]}

Wright, Ryan ^{[2
]}

机构：

[1] Univ Edinburgh, Sch Informat, 10 Crichton St, Edinburgh, Midlothian, Scotland

[2] Galois Inc, Portland, OR USA

[3] Alan Turing Inst, London, England

来源：

FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2020年 / 108卷

基金：

欧洲研究理事会;

关键词：

Anomaly detection; Advanced persistent threats; Unsupervised learning; Cyber security; Provenance; DETECTION STRATEGY;

D O I：

10.1016/j.future.2020.02.015

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Advanced persistent threats (APTs) are stealthy, sophisticated, and unpredictable cyberattacks that can steal intellectual property, damage critical infrastructure, or cause millions of dollars in damage. Detecting APTs by monitoring system-level activity is difficult because manually inspecting the high volume of normal system activity is overwhelming for security analysts. We evaluate the effectiveness of unsupervised batch and streaming anomaly detection algorithms over multiple gigabytes of provenance traces recorded on four different operating systems to determine whether they can detect realistic APT-like attacks reliably and efficiently. This article is the first detailed study of the effectiveness of generic unsupervised anomaly detection techniques in this setting. (C) 2020 Elsevier B.V. All rights reserved.

引用

页码：401 / 413

页数：13

共 50 条

[41] Poirot: Causal Correlation Aided Semantic Analysis for Advanced Persistent Threat Detection
Yang, Jian
Zhang, Qi
Jiang, Xiaofeng
Chen, Shuangwu
Yang, Feng
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (05) : 3546 - 3563
[42] Advanced Persistent Threat Attack Detection Systems: A Review of Approaches, Challenges, and Trends
Buchta, Robin
Gkoktsis, George
Heine, Felix
Kleiner, Carsten
Digital Threats: Research and Practice, 2024, 5 (04):
[43] Advanced Persistent Threat Detection Using Optimized and Hybrid Deep Learning Approach
Almazmomi, Najah Kalifah
SECURITY AND PRIVACY, 2025, 8 (02):
[44] CBRNe Threat Detection and Monitoring System Advanced prototype
Volpetti, V.
Ricci, V.
Monai, F. F.
Barcio, F.
2015 European Intelligence and Security Informatics Conference (EISIC), 2015, : 186 - 186
[45] Advanced SoC Virtual Prototyping for System-Level Power Planning And Validation
Mischkalla, Fabian
Mueller, Wolfgang
2014 24TH INTERNATIONAL WORKSHOP ON POWER AND TIMING MODELING, OPTIMIZATION AND SIMULATION (PATMOS), 2014,
[46] Advanced System-Level Reliability Analysis and Prediction with Field Data Integration
Meyer, T.
Berg, J.
Palladino, A.
Sarlashkar, A.
Hussain, S.
Lamb, D.
STRUCTURAL HEALTH MONITORING 2011: CONDITION-BASED MAINTENANCE AND INTELLIGENT STRUCTURES, VOL 1, 2011, : 439 - +
[47] An Early System-level Thermal Analysis Methodology for Advanced Electronic Subsystems
Srinivasan, Karthik
Gupta, Preeti
Xia, Wenbo
Feng, Zhigang
Pan, Stephen
Traynar, Paul
Chang, Norman
PROCEEDINGS 2018 34TH ANNUAL SEMICONDUCTOR THERMAL MEASUREMENT, MODELLING & MANAGEMENT SYMPOSIUM (SEMI-THERM), 2018, : 92 - 97
[48] An Advanced System-Level Testing for Roadside Multimodal Sensing and Processing in IoV
Wang, Yancong
Wang, Jian
Bao, Xuyan
Yu, Bingyan
Ge, Yuming
WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2022, 2022
[49] Advanced Modeling Techniques for System-level Power Integrity and EMC Analysis
Graziosi, Giovanni
Doriol, Patrice Joubert
Villavicencio, Yamarita
Forzan, Cristiano
Rotigni, Mario
Pandini, Davide
2009 EUROPEAN MICROELECTRONICS AND PACKAGING CONFERENCE (EMPC 2009), VOLS 1 AND 2, 2009, : 52 - +
[50] New transient detection circuit for system-level ESD protection
Yen, Cheng-Cheng
Liao, Chi-Sheng
Ker, Ming-Dou
2008 INTERNATIONAL SYMPOSIUM ON VLSI DESIGN, AUTOMATION AND TEST (VLSI-DAT), PROCEEDINGS OF TECHNICAL PROGRAM, 2008, : 180 - 183

← 1 2 3 4 5 →