Graph Analysis

[NEW!] KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of a system’s execution. Recent studies have explored a variety …
Zijun Cheng, Qiujian Lv, Yan Wang, Degang Sun, Thomas Pasquier, Xueyuan Michael Han-Vanbastelaer
PDF Cite Code
[NEW!] KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance
Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats
Advanced Persistent Threats (APTs) are difficult to detect due to their “low-and-slow” attack patterns and frequent use of …
Xueyuan Michael Han-Vanbastelaer, Thomas Pasquier, Adam Bates, James Mickens, Margo Seltzer
PDF Cite DOI Code
Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats
FRAPpuccino: Fault-detection through Runtime Analysis of Provenance
We present FRAPpuccino (or FRAP), a provenance-based fault detection mechanism for Platform as a Service (PaaS) users, who run many …
Xueyuan Michael Han-Vanbastelaer, Thomas Pasquier, Tanvi Ranjan, Mark Goldstein, Margo Seltzer
PDF Cite Code
FRAPpuccino: Fault-detection through Runtime Analysis of Provenance