1 |
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B. G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones", ACM Trans. Comput. Syst. (TOCS), 32(2), p.1-29, 2014.
|
2 |
S. Sitaraman and S. Venkatesan, "Forensic Analysis of File System Intrusions using Improved Backtracking" Proceedings of the Third IEEE International Workshop on Information Assurance(IWIA '05), pp. 154-163, 2005.
|
3 |
X. Han, T. Pasquier, A. Bates, J. Mickens, and M. Seltzer, "UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats", arXiv preprint arXiv:2001.01525, 2020.
|
4 |
M. N. Hossain, S. M. Milajerdi, J. Wang, B. Eshete, R. Gjomemo, R. Sekar, S. Stoller, and V.N. Venkatakrishnan., "SLEUTH: real-time attack scenario reconstruction from COTS audit data", 26th USENIX Security Symposium, USENIX Security, pp. 487-504, 2017.
|
5 |
K. H. Lee, X. Zhang, and D. Xu, "High accuracy attack provenance via binary-based execution partition", Proceedings of the 20th Annual Network and Distributed System Security Symposium, NDSS, pp. 16, 2013.
|
6 |
S. T. King and P. M. Chen, "Backtracking intrusions", Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 223-236, 2003.
|
7 |
K. Belhajjame, R. B'Far, C. J. Cheney, Sam, S. Coppens, S. Cresswell, Y. Gil, P. Grothl, G. Klyne, T. Lebo, J. McCusker, S. Miles, J. Myers, S. Sahoo, and C. Tilmes, "Prov-DM: The PROV Data Model", Technical Report. World WideWeb Consortium(W3C). https://www.w3.org/TR/prov-dm/, 2013.
|
8 |
"Fuse", http://fuse.sourceforce.net.
|
9 |
"Event Tracing", https://docs.microsoft.com/en-un/windows/win32/etw/event-tracing-portal.
|
10 |
Z. Xu, Z. Wu, Z. Li, K. Jee, J. Rhee, X. Xiao, F. Xu, H. Wang, and G. Jiang, "High fidelity data reduction for big data security dependency analyses", Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 504-516, 2016.
|
11 |
A. P. Chapman, H.V. Jagadish, and P. Ramanan, "Efficient provenance storage", Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 993-1006, 2008.
|
12 |
"PROV Model Overview", https://en.wikipedia.org/wiki/PROV_(Provenance).
|
13 |
Z. Li, Q. A. Chen, R. Yang, Y. Chen, an W. Ruan, "Threat detection and investigation with system-level provenance graphs: A survey", Computers & Security, Vol. 106, 2021.
|
14 |
S. M. Milajerdi, B. Eshete, R. Gjomemo, and V.N. Venkatakrishnan, "POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting", Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1795-1812, 2019.
|
15 |
S. M. Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, and V.N. Venkatakrishnan, "HOLM- ES: real-time apt detection through correlation of suspicious information flows", IEEE Symposium on Security and Privacy (SP), pp. 1137-1152, 2019.
|
16 |
W. U. Hassan, M. Lemay, N. Aguse, A. Bates, and T. Moyer, "Towards scalable cluster auditing through grammatical inference over provenance graphs", Proceedings Network and Distributed System Security Symposium, 2018.
|
17 |
A. Woodruff and M. Stonebraker, "Supporting fine-grained data lineage in a database visualization environment", Proceedings 13th International Conference on Data Engineering, IEEE, pp. 91-102, 1997.
|
18 |
"Elasitc, Elastic stack", https://www.elastic.co/, 2022.
|
19 |
"Elastic, Filebeat", https://www.elastic.co/products/beats/filebeat, 2022.
|
20 |
A. Gehani and D. Tariq, Spade: "Support for provenance auditing in distributed environments", Proceedings of the 13th International Middleware Conference. Springer, 2012.
|
21 |
T. Pasquier, X. Han, and M. Goldstein, T. Moyer, D. Eyers, M. Seltzer, and J. Bacon, "Practical whole-system provenance capture", Proceedings of the 2017 Symposium on Cloud Computing, Association for Computing Machinery, pp. 405-418, 2017.
|
22 |
J. Y, S. Lee, E. Downing, W. Wang, M. Fazzini, T. Kim, A. Orso, and W. Lee, "RAIN: refinable attack investigation with on-demand inter-process information flow tracking", Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security-CCS, ACM Press, pp. 377-390, 2017.
|
23 |
K. H. Lee, X. Zhang, and D. Xu, "LogGC: Garbage Collecting Audit Log", In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1005-1016, 2013.
|
24 |
S. Ma, X. Zhang, and D. Xu, "ProTracer: towards practical provenance tracing by alternating between logging and tainting", Internet Society, 2016.
|
25 |
R. Yang, S. Ma, and H. Xu, "UISCOPE: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications", Network and Distributed Systems Symposium.
|
26 |
J. Y, S. Lee, M. Fazzini, J. Allen, E. Downing, T. Kim, A. Orso, and W. Lee, "Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking", 27th USENIX Security Symposium, USENIX Association, pp. 1705-1722, 2018
|
27 |
Y. Kwon, D. Kim, W. N. Sumner, K. Kim, B. Saltaformaggio, X. Zhang, and D. Xu, "LDX: causality inference by lightweight dual execution", In: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, ACM, pp. 503-515, 2016.
|
28 |
H. Irshad, G. Ciocarlie, A. Gehani, V. Yegneswaran, K. H. Lee, J. Patel, S. Jha, Y. Kwon, D. Xu, and X. Zhang, "TRACE:Enterprise-Wide Provenance Tracking for Real-Time APT Detection", IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 4363-4376, 2021.
DOI
|
29 |
S. M. Milajerdi, B. Eshete, R. Gjomemo, and V. N. Venkatakrishnam, "ProPatrol: Attack Investigation via Extracted High-Level Tasks", In International Conference on Information Systems Security, Springer, LNCS 11281, pp. 107-126, 2018.
|
30 |
W. U. Hassan, A. Bates, and D. Marino, "Tactical Provenance Analysis for Endpoint Detection and Response Systems", 2020 IEEE Symposium on Security and Privacy, pp. 1172-1189, 2020.
|
31 |
"MITRE ATT&CK(R)", https://attack.mitre.org, 2022.
|
32 |
"Common Attack Pattern Enumeration and Classification", https://capec.mitre.org, 2022.
|
33 |
Y. Liu, M. Zhang, D. Li, K.Jee, Z. Li, Z.Wu, J. Rhee, P. Mitt, "Towards a Timely Causality Analysis for Enterprise Security", Network and Distributed Systems Security Symposium '18, 2018.
|
34 |
M. N. Hossain, J. Wang, R. Sekar, and S. D. Stoller, "Dependence-Preserving Data Compaction for Scalable Forensic Analysis", USENIX Security Symposium, pp. 1723-1740, 2018.
|
35 |
L. Moreau, B. Clifford, J. Freire, J. Futrelle, Y. Gil, P. Groth, N. Kwasnikowska, S. MIles, P. Missier, J. Myers, B. Plale, Y. Simmhan, E. Stephan, J. V. Bussche, "The Open Provenance Model Core Specification", Future Generation Computer Systems, 2010.
|