Needle in a Haystack: Attack Detection from Large-Scale System Audit

Created2022-06-16|Updated2023-09-27|papersabstract

|Post Views:

Needle in a Haystack: Attack Detection from Large-Scale System Audit abstract。

Architecture

arch

创新点：

version based 溯源图表示方法，保存了时间信息但是图比之前大了
溯源图精简方法，包括剪枝和合并
基于 TTP 规则的攻击路径识别

arch

arch

arch

Author: odymit

Link: http://odymit.github.io/2022/06/16/Needle-in-a-Haystack-Attack-Detection-from-Large-Scale-System-Audit/

Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

攻击检测溯源图

Related Articles

ATLAS: A Sequence-based Learning Approach for Attack Investigation

APT 攻击检测相关工作总结

CONAN: A Practical Real-Time APT Detection System With High Accuracy and Efficiency

DeepHunter: A Graph Neural Network Based Approach for Robust Cyber Threat Hunting

HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows

UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

Loading the Database