[
  {
    "path": "README.md",
    "content": "# APT-ProvenanceGraph\n该资源是各种溯源图相关的论文和资源总结，根目录为作者分享文章的PPT。涉及APT攻击检测、入侵检测、流量日志检测、系统安全等领域，希望对大家有所帮助~\n\n\n`推荐作者博客`\n- [基于溯源图的APT攻击检测安全顶会总结](https://blog.csdn.net/Eastmount/article/details/120555733)\n\n\n`目录`\n- [学术界](#学术界)\n- [企业界](#企业界)\n\n----\n\n## 学术界\n\n- https://camflow.org/#about\n\n### Provenance Graph\n\n**【2016-2018】**\n\nShiqing Ma, et al. **ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting**. NDSS 2016\n- Paper: https://friends.cs.purdue.edu/pubs/NDSS16.pdf\n- Contribution：\n- Institution：Purdue University\n\n\nMd Nahid Hossain, et al. **SLEUTH Real-time Attack Scenario Reconstruction from COTS Audit Data**. USENIX Sec 2017\n- Paper: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hossain.pdf\n- Contribution：\n- Institution：Stony Brook University, University of Illinois at Chicago\n\n\nYushan Liu, et al. **Towards a Timely Causality Analysis for Enterprise Security**. PrioTracker, NDSS 2018\n- Paper: https://www.princeton.edu/~pmittal/publications/priotracker-ndss18.pdf\n- Contribution：\n- Institution：Princeton University, Cornell University, NEC Labs America\n\n\nWajih Ul Hassan, et al. **Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs**. NDSS 2018\n- Paper: https://whassan3.web.engr.illinois.edu/papers/hassan-ndss18.pdf\n- Contribution：\n- Institution：University of Illinois at Urbana-Champaign, Boston University, UNC Charlotte\n\n\nYang Ji, et al. **Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking**. USENIX Sec 2018\n- Paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-ji.pdf\n- Contribution：\n- Institution：Georgia Institute of Technology\n\n\nThomas F. J.-M. Pasquier, et al. **Runtime Analysis of Whole-System Provenance**. CCS 2018\n- Paper: https://dl.acm.org/doi/pdf/10.1145/3243734.3243776\n- Contribution：\n- Institution：University of Bristol, Harvard University, University of North Carolina at Charlotte, University of Illinois at Urbana-Champaign\n\n\n\n\n---\n\n**【2019】**\n\nSadegh M. Milajerdi, et al. **Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting**. CCS 2019\n- Paper: https://arxiv.org/pdf/1910.00056.pdf\n- Contribution：\n- Institution：University of Illinois at Chicago, University of Michigan-Dearborn\n\n\nSadegh M. Milajerdi, et al. **HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows**. IEEE S&P 2019\n- Paper: https://arxiv.org/pdf/1810.01594.pdf\n- Contribution：\n- Institution：University of Illinois at Chicago, University of Michigan-Dearborn, Stony Brook University\n\n\nWajih Ul Hassan, et al. **NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage**. NDSS 2019\n- Paper: https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_03B-1-3_UlHassan_paper.pdf\n- Contribution：\n- Institution：University of Illinois at Urbana-Champaign, Virginia Tech, NEC Laboratories America\n\n\n---\n\n**【2020】**\n\nWajih Ul Hassan, et al. **Tactical Provenance Analysis for Endpoint Detection and Response Systems**. RapSheet. IEEE S&P 2020\n- Paper: https://ieeexplore.ieee.org/document/9152771\n- Contribution：\n- Institution：University of Illinois at Urbana-Champaign, NortonLifeLock Research Group\n\n\nXueyuan Han, et al. **Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats**. NDSS 2020\n- Paper: https://arxiv.org/pdf/2001.01525.pdf\n- Contribution：\n- Institution：Harvard University, University of Bristol, University of Illinois at Urbana-Champaign, University of British Columbia\n\n\nQi Wang, et al. **You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis**. NDSS 2020\n- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24167-paper.pdf\n- Contribution：\n- Institution：University of Illinois Urbana-Champaign, NEC Laboratories America, University of Texas at Dallas\n\n\nRiccardo Paccagnella, et al. **Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks**. CCS 2020\n- Paper: https://www.kevliao.com/publications/kennyloggings-ccs2020.pdf\n- Contribution：\n- Institution：University of Illinois at Urbana-Champaign, Purdue University\n\n\nWajih Ul Hassan, et al. **OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis**. NDSS 2020\n- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24270-paper.pdf\n- Contribution：\n- Institution：University of Illinois at Urbana-Champaign\n\n\n\n---\n\n**【2021】**\n\n\nAbdulellah Alsaheel, et al. **ATLAS: A Sequence-based Learning Approach for Attack Investigation**. USENIX Sec 2021\n- Paper: https://www.usenix.org/system/files/sec21-alsaheel.pdf\n- Contribution：\n- Institution：Purdue University\n\n\nCarter Yagemann, et al. **Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks**. CCS 2021\n- Paper: https://dl.acm.org/doi/pdf/10.1145/3460120.3484551\n- Contribution：\n- Institution：Georgia Institute of Technology, University of Illinois Urbana-Champaign\n\n\nXutong Chen, et al. **CLARION: Sound and Clear Provenance Tracking for Microservice Deployments**. USENIX Sec 2021\n- Paper: https://www.usenix.org/system/files/sec21-chen-xutong.pdf\n- Contribution：\n- Institution：Northwestern University, SRI International\n\n\nLe Yu, et al. **ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation**. NDSS 2021\n- Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_7A-2_24445_paper.pdf\n- Contribution：\n- Institution：Purdue University, Rutgers University, Sandia National Laboratories, SRI Internationa\n\n\nKiavash Satvat, et al. **EXTRACTOR: Extracting Attack Behavior from Threat Reports**. EuroS&P 2021\n- Paper: https://arxiv.org/pdf/2104.08618.pdf\n- Contribution：\n- Institution：University of Illinois at Chicago\n\n\nZhenyuan Li, et al. **Threat detection and investigation with system-level provenance graphs: A survey**. C&S 2021\n- Paper: https://www.sciencedirect.com/science/article/pii/S0167404821001061\n- Contribution：\n- Institution：Zhejiang University, University of California, Northwestern University\n\n\n\n<div align=center><img src=\"https://github.com/eastmountyxz/APT-ProvenanceGraph/blob/main/summary-01.png\" width=\"60%\" height=\"60%\" /></div>\n \n<br />\n\n<div align=center><img src=\"https://github.com/eastmountyxz/APT-ProvenanceGraph/blob/main/summary-02.png\" width=\"60%\" height=\"60%\" /></div>\n\n \n---\n\n### Knowledge Graph\n\nJun Zhao, et al. **Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network**. RAID 2020\n- Paper: https://www.usenix.org/system/files/raid20-zhao.pdf\n- Contribution：\n- Institution：Beihang University, Michigan State University\n\nYali Gao, et al. **HinCTI: A Cyber Threat Intelligence Modeling and Identification System Based on Heterogeneous Information Network**. IEEE TKDE 2020\n- Paper: https://ieeexplore.ieee.org/document/9072563\n- Contribution：\n- Institution： Beijing University of Posts and Telecommunications, Beihang University, University of Illinois at Chicago\n\n\n---\n\n软工溯源图相关论文\n\n\n---\n\n## 企业界\n\n\n- FireEye\n- 卡巴斯基\n- 绿盟：http://blog.nsfocus.net/tag/知识图谱/\n- 作者博客\n\n\n\n---\n\n## 安全知识图谱-Paper\n\n\n\n\n\n\n\n\n---\n\nBy:Eastmount 2022-04-02\n"
  }
]