Provenance-based Intrusion Detection Systems: A Survey-Reference-Cited by-同舟云学术

Provenance-based Intrusion Detection Systems: A Survey

Published:2022-12-15 Issue:7 Volume:55 Page:1-36
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Zipperle Michael¹^ORCID,Gottwalt Florian²^ORCID,Chang Elizabeth³^ORCID,Dillon Tharam⁴^ORCID

Affiliation:

1. University of New South Wales, Canberra, Australia and Cyber Security Cooperative Research Centre, Australia

2. University of New South Wales, Canberra, Australia

3. Griffith University, Gold Coast, Australia

4. La Trobe University, Melbourne, Australia

Abstract

Traditional Intrusion Detection Systems (IDS) cannot cope with the increasing number and sophistication of cyberattacks such as Advanced Persistent Threats (APT) . Due to their high false-positive rate and the required effort of security experts to validate them, incidents can remain undetected for up to several months. As a result, enterprises suffer from data loss and severe financial damage. Recent research explored data provenance for Host-based Intrusion Detection Systems (HIDS) as one promising data source to tackle this issue. Data provenance represents information flows between system entities as Direct Acyclic Graph (DAG) . Provenance-based Intrusion Detection Systems (PIDS) utilize data provenance to enhance the detection performance of intrusions and reduce false-alarm rates compared to traditional IDS. This survey demonstrates the potential of PIDS by providing a detailed evaluation of recent research in the field, proposing a novel taxonomy for PIDS, discussing current issues, and potential future research directions. This survey aims to help and motivate researchers to get started in the field of PIDS by tackling issues of data collection, graph summarization, intrusion detection, and developing real-world benchmark datasets.

Funder

Cyber Security Research Centre Limited

Australian Government’s Cooperative Research Centres Programme

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3539605

Reference115 articles.

1. ACM. 2021. ACM Computing Surveys.https://dl.acm.org/journal/csur.

2. Md. Monowar Anjum Shahrear Iqbal and Benoit Hamelin. 2021. Analyzing the Usefulness of the DARPA OpTC Dataset in Cyber Threat Detection Research. arxiv:2103.03080 [cs.CR]

3. Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning

4. Mathieu Barre, Ashish Gehani, and Vinod Yegneswaran. 2019. Mining data provenance to detect advanced persistent threats. In 11th International Workshop on Theory and Practice of Provenance (TaPP’19). USENIX Association. https://www.usenix.org/conference/tapp2019/presentation/barre.

Cited by 18 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An advanced deep neural network for fundus image analysis and enhancing diabetic retinopathy detection;Healthcare Analytics;2024-06

2. PARGMF: A provenance-enabled automated rule generation and matching framework with multi-level attack description model;Journal of Information Security and Applications;2024-03

3. You are your friends: Detecting malware via guilt-by-association and exempt-by-reputation;Computers & Security;2024-01

4. A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection;IEEE Access;2024

5. Continuous-Time Temporal Graph Learning on Provenance Graphs;2023 IEEE International Conference on Data Mining Workshops (ICDMW);2023-12-04