What is it about?
Provenance-based intrusion detection systems utilize data provenance to enhance detection performance and reduce false-alarm rates compared to traditional intrusion detection systems. This work gives an introduction to provenance-based intrusion detection systems and reviews the existing literature based on a proposed taxonomy. The taxonomy covers data collection, graph summarization, intrusion detection, and benchmark datasets.
Featured Image
Photo by Alina Grubnyak on Unsplash
Why is it important?
Traditional intrusion detection systems cannot cope with the increasing number and sophistication of cyberattacks such as Advanced Persistent Threats. Due to their high false-positive rate and the required effort of security experts to validate them, incidents can remain undetected for up to several months. As a result, enterprises suffer from data loss and severe financial damage. Provenance-based intrusion detection systems are one of the solutions to protect enterprises from such cyberattacks. Thus, this work aims to help and motivate researchers to get started in the field of provenance-based intrusion detection systems by tackling data collection, graph summarization, intrusion detection issues, and developing real-world benchmark datasets.
Read the Original
This page is a summary of: Provenance-based Intrusion Detection Systems: A Survey, ACM Computing Surveys, December 2022, ACM (Association for Computing Machinery),
DOI: 10.1145/3539605.
You can read the full text:
Contributors
The following have contributed to this page
