-
Notifications
You must be signed in to change notification settings - Fork 78
Provenance‐based Intrusion Detection using Deep Learning
Ashish Gehani edited this page Oct 29, 2024
·
7 revisions
| System | Paper | Code |
|---|---|---|
| ProvDetector | NDSS '20 | |
| SIGL | US '21 | |
| ATLAS | US '21 | GitHub |
| Watson | NDSS '21 | |
| ShadeWatcher | S&P '21 | GitHub |
| ThreaTrace | TIFS '22 | GitHub |
| DepImpact | US '22 | GitHub |
| AirTag | US '23 | GitHub |
| ProGrapher | US '23 | |
| EdgeTorrent | RAID '23 | |
| Kairos | S&P '24 | GitHub |
| FLASH | S&P '24 | GitHub |
| R-CAID | S&P '24 | |
| MAGIC | US '24 | GitHub |
| NodLink | NDSS '24 | GitHub |
This material is based upon work supported by the National Science Foundation under Grants OCI-0722068, IIS-1116414, and ACI-1547467. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
- Setting up SPADE
- Storing provenance
-
Collecting provenance
- Across the operating system
- Limiting collection to a part of the filesystem
- From an external application
- With compile-time instrumentation
- Using the reporting API
- Of transactions in the Bitcoin blockchain
- Filtering provenance
- Viewing provenance
-
Querying SPADE
- Illustrative example
- Transforming query responses
- Protecting query responses
- Miscellaneous