Provenance-based Intrusion Detection: Opportunities and Challenges

Citation:

Xueyuan Han, Thomas Pasquier, and Margo Seltzer. 7/13/2018. “Provenance-based Intrusion Detection: Opportunities and Challenges.” In Workshop on Theory and Practice of Provenance (TaPP'18). London: USENIX. Publisher's Version

Abstract:

Attackers constantly evade intrusion detection systems as new attack vectors sidestep their defense mechanisms. Provenance provides a detailed, structured history of the interactions of digital objects within a system. It is ideal for intrusion detection as it offers a holistic, attack-vector-agnostic view of system execution. We believe that graph analysis on provenance graphs fundamentally strengthens detection robustness. Towards this goal, we discuss opportunities and challenges associated with provenance-based intrusion detection and offer our insights based on our past experience.
Last updated on 07/31/2018