This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage-Reference-Cited by-同舟云学术

This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage

Published:2020-12-07 Issue: Volume: Page:
ISSN:
Container-title:Annual Computer Security Applications Conference
language:
Short-container-title:

Author:

Hassan Wajih Ul¹,Li Ding²,Jee Kangkook³,Yu Xiao⁴,Zou Kexuan⁵,Wang Dawei⁵,Chen Zhengzhang⁴,Li Zhichun⁴,Rhee Junghwan⁶,Gui Jiaping⁴,Bates Adam¹

Affiliation:

1. University of Illinois at Urbana-Champaign, United States of America

2. Peking University, China

3. University of Texas at Dallas

4. NEC Laboratories America Inc., United States of America

5. University of Illinois at Urbana-Champaign

6. University of Central Oklahoma

Funder

National Science Foundation

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3427228.3427255

Reference74 articles.

1. [n.d.]. Cortex XDR. https://www.paloaltonetworks.com/cortex/cortex-xdr. [n.d.]. Cortex XDR. https://www.paloaltonetworks.com/cortex/cortex-xdr.

2. [n.d.]. CrowdStrike. https://www.crowdstrike.com/. [n.d.]. CrowdStrike. https://www.crowdstrike.com/.

3. [n.d.]. Event tracing. https://docs.microsoft.com/en-us/windows/desktop/ETW/event-tracing-portal. [n.d.]. Event tracing. https://docs.microsoft.com/en-us/windows/desktop/ETW/event-tracing-portal.

4. [n.d.]. The Linux audit daemon. https://linux.die.net/man/8/auditd. [n.d.]. The Linux audit daemon. https://linux.die.net/man/8/auditd.

5. [n.d.]. MTTD vs MTTK. https://www.threatstack.com/blog/how-to-use-automation-to-decrease-mean-time-to-know. [n.d.]. MTTD vs MTTK. https://www.threatstack.com/blog/how-to-use-automation-to-decrease-mean-time-to-know.

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. ProcSAGE: an efficient host threat detection method based on graph representation learning;Cybersecurity;2024-08-25

2. MEGR-APT: A Memory-Efficient APT Hunting System Based on Attack Representation Learning;IEEE Transactions on Information Forensics and Security;2024

3. ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

4. ProvSec: Open Cybersecurity System Provenance Analysis Benchmark Dataset with Labels;International Journal of Networked and Distributed Computing;2023-11-15

5. ProvSec: Cybersecurity System Provenance Analysis Benchmark Dataset;2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA);2023-05-23