Needle in a Haystack: Attack Detection from Large-Scale System Audit
Needle in a Haystack: Attack Detection from Large-Scale System Audit abstract。
Architecture
创新点:
- version based 溯源图表示方法,保存了时间信息但是图比之前大了
- 溯源图精简方法,包括剪枝和合并
- 基于 TTP 规则的攻击路径识别
All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.