Bin Luo1,2,3, Liangguo Chen1,2,3, Shuhua Ruan1,2,3,*, Yonggang Luo2,3,*
CMC-Computers, Materials & Continua, Vol.78, No.2, pp. 1731-1754, 2024, DOI:10.32604/cmc.2023.045739
- 27 February 2024
Abstract Considering the stealthiness and persistence of Advanced Persistent Threats (APTs), system audit logs are leveraged in recent studies to construct system entity interaction provenance graphs to unveil threats in a host. Rule-based provenance graph APT detection approaches require elaborate rules and cannot detect unknown attacks, and existing learning-based approaches are limited by the lack of available APT attack samples or generally only perform graph-level anomaly detection, which requires lots of manual efforts to locate attack entities. This paper proposes an APT-exploited process detection approach called ThreatSniffer, which constructs the benign provenance graph from attack-free audit… More >