A baseline for unsupervised advanced persistent threat detection in system-level provenance

Ghita Berrada; James Cheney; Sidahmed Benabderrahmane; William Maxwell; Himan Mookherjee; Alec Theriault; Ryan Wright

首页> 外文期刊>Future generation computer systems >A baseline for unsupervised advanced persistent threat detection in system-level provenance

【24h】

A baseline for unsupervised advanced persistent threat detection in system-level provenance

机译：系统级来源中无监督的高级持续性威胁检测的基准

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Advanced persistent threats (APTs) are stealthy, sophisticated, and unpredictable cyberattacks that can steal intellectual property, damage critical infrastructure, or cause millions of dollars in damage. Detecting APTs by monitoring system-level activity is difficult because manually inspecting the high volume of normal system activity is overwhelming for security analysts. We evaluate the effectiveness of unsupervised batch and streaming anomaly detection algorithms over multiple gigabytes of provenance traces recorded on four different operating systems to determine whether they can detect realistic APT-like attacks reliably and efficiently. This article is the first detailed study of the effectiveness of generic unsupervised anomaly detection techniques in this setting.

机译：先进的持续威胁（APT）是隐蔽，复杂且不可预测的网络攻击，可以窃取知识产权，破坏关键基础设施或造成数百万美元的损失。通过监视系统级别的活动来检测APT是困难的，因为对于安全分析人员来说，手动检查大量正常的系统活动非常困难。我们评估了在四个不同操作系统上记录的多个千兆字节的出处迹线的无监督批处理和流异常检测算法的有效性，以确定它们是否可以可靠，有效地检测出类似APT的实际攻击。本文是对这种情况下的通用无监督异常检测技术的有效性的首次详细研究。

著录项

来源
《Future generation computer systems》 |2020年第7期|401-413|共13页
作者
Ghita Berrada; James Cheney; Sidahmed Benabderrahmane; William Maxwell; Himan Mookherjee; Alec Theriault; Ryan Wright;
展开▼
作者单位

The University of Edinburgh School of Informatics 10 Crichton Street Edinburgh UK;

The University of Edinburgh School of Informatics 10 Crichton Street Edinburgh UK The Alan Turing Institute London UK;

Galois Inc. Portland OR USA;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Anomaly detection; Advanced persistent threats; Unsupervised learning; Cyber security; Provenance;

机译：异常检测;先进的持续威胁;无监督学习;网络安全;出处;

相似文献

外文文献
中文文献
专利

1. Threat detection and investigation with system-level provenance graphs: A survey [J] . Zhenyuan Li, Qi Alfred Chen, Runqing Yang, Computers & Security . 2021,第Jula期

机译：威胁检测与系统级来源图的调查：调查
2. Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics [J] . AaronZimba, Hongsong Chen, Zhaoshun Wang, Future generation computer systems . 2020,第May期

机译：基于半监督学习和复杂网络特征的高级持续威胁攻击的多阶段建模和检测
3. Complementary Approaches to Instructable Agents for Advanced Persistent Threats Detection [J] . Huang Juan, An Zhemin, Meckl Steven, Studies in Informatics and Control . 2020,第3期

机译：用于高级持续威胁检测的指示剂的互补方法
4. Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning [C] . Gbadebo Ayoade, Khandakar Ashrafi Akbar, Pracheta Sahoo, IEEE Conference on Communications and Network Security . 2020

机译：使用源图和度量学习来发展高级持久威胁检测
5. Examining Cyber Kill Chains as a Detection and Mitigation Method for Advanced Persistent Threats [D] . Saunders, DaRon D. 2020

机译：检查网络杀戮链作为高级持续威胁的检测和缓解方法
6. AULD: Large Scale Suspicious DNS Activities Detection via Unsupervised Learning in Advanced Persistent Threats [O] . Guanghua Yan, Qiang Li, Dong Guo, 2019

机译：AULD：通过高级持续威胁中的无监督学习进行大规模可疑DNS活动检测
7. Threat detection and investigation with system-level provenance graphs: A survey [O] . Zhenyuan Li, Qi Alfred Chen, Runqing Yang, 2021

机译：系统级来源图的威胁检测和调查：调查

A baseline for unsupervised advanced persistent threat detection in system-level provenance

摘要

著录项

相似文献

相关主题

期刊订阅