Hercule

Pei, Kexin; Gu, Zhongshu; Saltaformaggio, Brendan; Ma, Shiqing; Wang, Fei; Zhang, Zhiwei; Si, Luo; Zhang, Xiangyu; Xu, Dongyan

doi:10.1145/2991079.2991122

Cited by 97 publications

(11 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The provenance analysis mechanism takes log entries as input, performs suitable queries over the entries, and outputs necessary attack information. It explains how closely different system events (both benign and malicious events) are interrelated [16], and what is the underlying behaviour of an attack.…”

Section: Provenance Analysis Componentmentioning

confidence: 99%

“…A limited number of research efforts concentrate on online (on-the-fly) provenance reduction [20]. Similarly, data analysis and anomaly detection through provenance data can be conducted in either post-hoc methods [16] or real time schemes [21]. The detection capability and accuracy continue to improve with the fast development and adoption of machine learning and AI mechanisms in provenance.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

Alam

Wang

2021

JCS

View full text Add to dashboard Cite

Data provenance collects comprehensive information about the events and operations in a computer system at both application and kernel levels. It provides a detailed and accurate history of transactions that help delineate the data flow scenario across the whole system. Data provenance helps achieve system resilience by uncovering several malicious attack traces after a system compromise that are leveraged by the analyzer to understand the attack behavior and discover the level of damage. Existing literature demonstrates a number of research efforts on information capture, management, and analysis of data provenance. In recent years, provenance in IoT devices attracts several research efforts because of the proliferation of commodity IoT devices. In this survey paper, we present a comparative study of the state-of-the-art approaches to provenance by classifying them based on frameworks, deployed techniques, and subjects of interest. We also discuss the emergence and scope of data provenance in IoT network. Finally, we present the urgency in several directions that data provenance needs to pursue, including data management and analysis.

show abstract

Section: Provenance Analysis Componentmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

Alam

Wang

2021

JCS

View full text Add to dashboard Cite

show abstract

“…Regardless, we believe these techniques are interoperable with LogApprox, although they may not be as essential because LogApprox already removes a large percentage of false dependencies related to benign execution units. Prior work also considers related semantic gap problems, including the reconciliation of system-level logs with application logs [32,61] and the identification of high-level semantic behaviors [34,46,73]. These techniques should also be compatible with LogApprox, provided that the analyst is only interested in fully reconstructing attack-related sequences of events.…”

Section: Related Workmentioning

confidence: 99%

“…Audit logs have proven invaluable to these tasks; today, 75% of cyber analysts report that logs are the most important resource when investigating threats [10]. The importance of audit logs will only increase as state-of-the-art causal analysis techniques for detection [22,26,52,54,74], alert triage [29,30], and investigation [32,34,42,61] become widely available.…”

Section: Introductionmentioning

confidence: 99%

On the Forensic Validity of Approximated Audit Logs

Michael

Mink

Liu

et al. 2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

“…Additionally, in [14] the authors proposed a technique to model attack propagation through a network. In [15] the authors introduced models to analyze the ability of various log files and algorithms to support the detection of various recent attacks. While work by [16] demonstrates a host-based coverage of known adversarial techniques, but does not expand to a entire network.…”

Section: Related Workmentioning

confidence: 99%

Evaluating the Observability of Network Security Monitoring Strategies With TOMATO

Halvorsen

Waite²,

Hahn

2019

IEEE Access

View full text Add to dashboard Cite

Monitoring systems for malicious behavior increasingly requires aggregating and analyzing data from various sources, such as network flows, host logs, and end-point monitoring platforms. However, there's currently a lack of metrics and methodologies to compute the observability and efficiency of a security monitoring strategy. This manuscript introduces TOMATO (Threat Observability & Monitoring Assessment Tool), which is a platform to evaluate the effectiveness of a security monitoring strategy by exploring both the number of known adversarial techniques that can be detected within a network, along with evaluating the number of false-positives produced by the monitoring strategy. The output produces both an observability score and efficiency score of a set of deployed monitoring techniques, which are evaluated based on the data from the environment, and simulated attacks generated from MITRE ATT&CK. The proposed approach is then integrated into an ELK stack and evaluated on real SCADA devices within the WSU Smart City Testbed.

show abstract

Hercule

Cited by 97 publications

References 33 publications

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

On the Forensic Validity of Approximated Audit Logs

Evaluating the Observability of Network Security Monitoring Strategies With TOMATO

Contact Info

Product

Resources

About