Projects per year
Abstract / Description of output
Advanced persistent threats (APT) are stealthy, sophisticated, and unpredictable cyberattacks that can steal intellectual property, damage critical infrastructure, or cause millions of dollars in damage. Detecting APTs by monitoring system-level activity is difficult because manually inspecting the high volume of normal system activity is overwhelming for security analysts. We evaluate the effectiveness of unsupervised batch and streaming anomaly detection algorithms over multiple gigabytes of provenance traces recorded on four different operating systems to determine whether they can detect realistic APT-like attacks reliably and efficiently. This report is the first detailed study of the effectiveness of generic unsupervised anomaly detection techniques in this setting.
Original language | English |
---|---|
Pages (from-to) | 401-413 |
Number of pages | 25 |
Journal | Future Generation Computer Systems |
Volume | 108 |
Early online date | 2 Mar 2020 |
DOIs | |
Publication status | Published - Jul 2020 |
Keywords / Materials (for Non-textual outputs)
- Anomaly detection
- Advanced persistent threats
- Unsupervised learning
- Cyber security
- Provenance
Fingerprint
Dive into the research topics of 'A baseline for unsupervised advanced persistent threat detection in system-level provenance'. Together they form a unique fingerprint.Projects
- 4 Finished
-
-
LogiBlox Inc. Research Funding for Dr James Cheney
Non-EU industry, commerce and public corporations
1/09/17 → 31/08/21
Project: Research
-
Skye-A programming language bridging theory and practice for scientific data curation
1/09/16 → 28/02/23
Project: Research