Abstract | ||
---|---|---|
Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known defense mechanisms. Provenance provides a detailed, structured history of the interactions of digital objects within a system. It is ideal for intrusion detection, because it offers a holistic, attack-vector-agnostic view of system execution. As such, provenance graph analysis fundamentally strengthens detection robustness. We discuss the opportunities and challenges associated with provenance-based intrusion detection and provide insights based on our experience building such systems. |
Year | Venue | DocType |
---|---|---|
2018 | TaPP | Journal |
Volume | Citations | PageRank |
abs/1806.00934 | 0 | 0.34 |
References | Authors | |
5 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Xueyuan Han | 1 | 33 | 4.52 |
Thomas F. J.-M. Pasquier | 2 | 214 | 17.09 |
Margo Seltzer | 3 | 3423 | 623.54 |