Bhattarai et al., 2024 - Google Patents
Prov2vec: Learning provenance graph representation for anomaly detection in computer systemsBhattarai et al., 2024
View PDF- Document ID
- 464046727728654493
- Author
- Bhattarai B
- Huang H
- Publication year
- Publication venue
- Proceedings of the 19th International Conference on Availability, Reliability and Security
External Links
Snippet
Modern cyber attackers use advanced zero-day exploits, highly targeted spear phishing, and other social engineering techniques to gain access, and also use evasion techniques to maintain a prolonged presence within the victim network while working gradually towards …
- 238000001514 detection method 0 title description 26
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Han et al. | Unicorn: Runtime provenance-based detector for advanced persistent threats | |
| Rehman et al. | Flash: A comprehensive approach to intrusion detection via provenance graph representation learning | |
| Cheng et al. | Kairos: Practical intrusion detection and investigation using whole-system provenance | |
| Liu et al. | Host-based intrusion detection system with system calls: Review and future trends | |
| US11423146B2 (en) | Provenance-based threat detection tools and stealthy malware detection | |
| Hassan et al. | Nodoze: Combatting threat alert fatigue with automated provenance triage | |
| Alam et al. | Looking beyond IoCs: Automatically extracting attack patterns from external CTI | |
| Wei et al. | Deephunter: A graph neural network based approach for robust cyber threat hunting | |
| Chumachenko | Machine learning methods for malware detection and classification | |
| US12032687B2 (en) | Command classification using active learning | |
| US10409980B2 (en) | Real-time representation of security-relevant system state | |
| Ceschin et al. | Machine learning (in) security: A stream of problems | |
| US12282554B2 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| Du et al. | Digital Forensics as Advanced Ransomware Pre‐Attack Detection Algorithm for Endpoint Data Protection | |
| Kim et al. | WebMon: ML-and YARA-based malicious webpage detection | |
| Ferdous et al. | Ai-based ransomware detection: A comprehensive review | |
| Akhtar | Malware detection and analysis: Challenges and research opportunities | |
| Jang et al. | Mal‐Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph | |
| Hwang et al. | Semi-supervised based unknown attack detection in EDR environment | |
| Nisslmueller | LOLBin detection through unsupervised learning: An approach based on explicit featurization of the command line and parent-child relationships | |
| Xu et al. | ProcSAGE: an efficient host threat detection method based on graph representation learning | |
| Cheng et al. | Ghunter: A fast subgraph matching method for threat hunting | |
| Xu et al. | AJSAGE: A intrusion detection scheme based on Jump-Knowledge Connection To GraphSAGE | |
| Bhattarai et al. | Prov2vec: Learning provenance graph representation for anomaly detection in computer systems | |
| Dumitrasc et al. | User behavior analysis for malware detection |