Projects per year
Abstract
System-level provenance offers great promise for improving security by facilitating the detection of attacks. Unsupervised anomaly detection techniques are necessary to defend against subtle or unpredictable attacks, such as advanced persistent threats (APTs). However, it is difficult to know in advance which views of the provenance graph will be most valuable as a basis for unsupervised anomaly detection on a given system. We present baseline anomaly detection results on the effectiveness of two existing algorithms on APT attack scenarios from four different operating systems, and identify simple score or rank aggregation techniques that are effective at aggregating anomaly scores and improving detection performance.
Original language | English |
---|---|
Title of host publication | 11th International Workshop on Theory and Practice of Provenance |
Publisher | USENIX Association |
Number of pages | 9 |
Publication status | E-pub ahead of print - 16 May 2019 |
Event | 11th International Workshop on Theory and Practice of Provenance - Philadelphia, United States Duration: 3 Jun 2019 → 3 Jun 2019 https://sites.google.com/uncc.edu/tapp-2019/home |
Workshop
Workshop | 11th International Workshop on Theory and Practice of Provenance |
---|---|
Abbreviated title | TaPP 2019 |
Country/Territory | United States |
City | Philadelphia |
Period | 3/06/19 → 3/06/19 |
Internet address |
Fingerprint
Dive into the research topics of 'Aggregating unsupervised provenance anomaly detectors'. Together they form a unique fingerprint.Projects
- 2 Finished
-
-
A Diagnostics Approach to Persistent Threat Detection (ADAPT)
Cheney, J. (Principal Investigator)
26/06/15 → 30/06/19
Project: Research