该资源是各种溯源图相关的论文和资源总结,根目录为作者分享文章的PPT。涉及APT攻击检测、入侵检测、流量日志检测、系统安全等领域,希望对大家有所帮助~
推荐作者博客
目录
【2016-2018】
Shiqing Ma, et al. ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. NDSS 2016
- Paper: https://friends.cs.purdue.edu/pubs/NDSS16.pdf
- Contribution:
- Institution:Purdue University
Md Nahid Hossain, et al. SLEUTH Real-time Attack Scenario Reconstruction from COTS Audit Data. USENIX Sec 2017
- Paper: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hossain.pdf
- Contribution:
- Institution:Stony Brook University, University of Illinois at Chicago
Yushan Liu, et al. Towards a Timely Causality Analysis for Enterprise Security. PrioTracker, NDSS 2018
- Paper: https://www.princeton.edu/~pmittal/publications/priotracker-ndss18.pdf
- Contribution:
- Institution:Princeton University, Cornell University, NEC Labs America
Wajih Ul Hassan, et al. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. NDSS 2018
- Paper: https://whassan3.web.engr.illinois.edu/papers/hassan-ndss18.pdf
- Contribution:
- Institution:University of Illinois at Urbana-Champaign, Boston University, UNC Charlotte
Yang Ji, et al. Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. USENIX Sec 2018
- Paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-ji.pdf
- Contribution:
- Institution:Georgia Institute of Technology
Thomas F. J.-M. Pasquier, et al. Runtime Analysis of Whole-System Provenance. CCS 2018
- Paper: https://dl.acm.org/doi/pdf/10.1145/3243734.3243776
- Contribution:
- Institution:University of Bristol, Harvard University, University of North Carolina at Charlotte, University of Illinois at Urbana-Champaign
【2019】
Sadegh M. Milajerdi, et al. Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. CCS 2019
- Paper: https://arxiv.org/pdf/1910.00056.pdf
- Contribution:
- Institution:University of Illinois at Chicago, University of Michigan-Dearborn
Sadegh M. Milajerdi, et al. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. IEEE S&P 2019
- Paper: https://arxiv.org/pdf/1810.01594.pdf
- Contribution:
- Institution:University of Illinois at Chicago, University of Michigan-Dearborn, Stony Brook University
Wajih Ul Hassan, et al. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. NDSS 2019
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_03B-1-3_UlHassan_paper.pdf
- Contribution:
- Institution:University of Illinois at Urbana-Champaign, Virginia Tech, NEC Laboratories America
【2020】
Wajih Ul Hassan, et al. Tactical Provenance Analysis for Endpoint Detection and Response Systems. RapSheet. IEEE S&P 2020
- Paper: https://ieeexplore.ieee.org/document/9152771
- Contribution:
- Institution:University of Illinois at Urbana-Champaign, NortonLifeLock Research Group
Xueyuan Han, et al. Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. NDSS 2020
- Paper: https://arxiv.org/pdf/2001.01525.pdf
- Contribution:
- Institution:Harvard University, University of Bristol, University of Illinois at Urbana-Champaign, University of British Columbia
Qi Wang, et al. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis. NDSS 2020
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24167-paper.pdf
- Contribution:
- Institution:University of Illinois Urbana-Champaign, NEC Laboratories America, University of Texas at Dallas
Riccardo Paccagnella, et al. Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks. CCS 2020
- Paper: https://www.kevliao.com/publications/kennyloggings-ccs2020.pdf
- Contribution:
- Institution:University of Illinois at Urbana-Champaign, Purdue University
Wajih Ul Hassan, et al. OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis. NDSS 2020
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24270-paper.pdf
- Contribution:
- Institution:University of Illinois at Urbana-Champaign
【2021】
Abdulellah Alsaheel, et al. ATLAS: A Sequence-based Learning Approach for Attack Investigation. USENIX Sec 2021
- Paper: https://www.usenix.org/system/files/sec21-alsaheel.pdf
- Contribution:
- Institution:Purdue University
Carter Yagemann, et al. Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks. CCS 2021
- Paper: https://dl.acm.org/doi/pdf/10.1145/3460120.3484551
- Contribution:
- Institution:Georgia Institute of Technology, University of Illinois Urbana-Champaign
Xutong Chen, et al. CLARION: Sound and Clear Provenance Tracking for Microservice Deployments. USENIX Sec 2021
- Paper: https://www.usenix.org/system/files/sec21-chen-xutong.pdf
- Contribution:
- Institution:Northwestern University, SRI International
Le Yu, et al. ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation. NDSS 2021
- Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_7A-2_24445_paper.pdf
- Contribution:
- Institution:Purdue University, Rutgers University, Sandia National Laboratories, SRI Internationa
Kiavash Satvat, et al. EXTRACTOR: Extracting Attack Behavior from Threat Reports. EuroS&P 2021
- Paper: https://arxiv.org/pdf/2104.08618.pdf
- Contribution:
- Institution:University of Illinois at Chicago
Zhenyuan Li, et al. Threat detection and investigation with system-level provenance graphs: A survey. C&S 2021
- Paper: https://www.sciencedirect.com/science/article/pii/S0167404821001061
- Contribution:
- Institution:Zhejiang University, University of California, Northwestern University
Jun Zhao, et al. Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network. RAID 2020
- Paper: https://www.usenix.org/system/files/raid20-zhao.pdf
- Contribution:
- Institution:Beihang University, Michigan State University
Yali Gao, et al. HinCTI: A Cyber Threat Intelligence Modeling and Identification System Based on Heterogeneous Information Network. IEEE TKDE 2020
- Paper: https://ieeexplore.ieee.org/document/9072563
- Contribution:
- Institution: Beijing University of Posts and Telecommunications, Beihang University, University of Illinois at Chicago
- FireEye
- 卡巴斯基
- 绿盟:http://blog.nsfocus.net/tag/知识图谱/
- 作者博客
By:Eastmount 2022-04-02