Repository: eastmountyxz/APT-ProvenanceGraph
Branch: main
Commit: 2cbbe4d90cdd
Files: 1
Total size: 7.0 KB

Directory structure:
gitextract_4kf7zp_y/

└── README.md

================================================
FILE CONTENTS
================================================

================================================
FILE: README.md
================================================
# APT-ProvenanceGraph
该资源是各种溯源图相关的论文和资源总结，根目录为作者分享文章的PPT。涉及APT攻击检测、入侵检测、流量日志检测、系统安全等领域，希望对大家有所帮助~


`推荐作者博客`
- [基于溯源图的APT攻击检测安全顶会总结](https://blog.csdn.net/Eastmount/article/details/120555733)


`目录`
- [学术界](#学术界)
- [企业界](#企业界)

----

## 学术界

- https://camflow.org/#about

### Provenance Graph

**【2016-2018】**

Shiqing Ma, et al. **ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting**. NDSS 2016
- Paper: https://friends.cs.purdue.edu/pubs/NDSS16.pdf
- Contribution：
- Institution：Purdue University


Md Nahid Hossain, et al. **SLEUTH Real-time Attack Scenario Reconstruction from COTS Audit Data**. USENIX Sec 2017
- Paper: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hossain.pdf
- Contribution：
- Institution：Stony Brook University, University of Illinois at Chicago


Yushan Liu, et al. **Towards a Timely Causality Analysis for Enterprise Security**. PrioTracker, NDSS 2018
- Paper: https://www.princeton.edu/~pmittal/publications/priotracker-ndss18.pdf
- Contribution：
- Institution：Princeton University, Cornell University, NEC Labs America


Wajih Ul Hassan, et al. **Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs**. NDSS 2018
- Paper: https://whassan3.web.engr.illinois.edu/papers/hassan-ndss18.pdf
- Contribution：
- Institution：University of Illinois at Urbana-Champaign, Boston University, UNC Charlotte


Yang Ji, et al. **Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking**. USENIX Sec 2018
- Paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-ji.pdf
- Contribution：
- Institution：Georgia Institute of Technology


Thomas F. J.-M. Pasquier, et al. **Runtime Analysis of Whole-System Provenance**. CCS 2018
- Paper: https://dl.acm.org/doi/pdf/10.1145/3243734.3243776
- Contribution：
- Institution：University of Bristol, Harvard University, University of North Carolina at Charlotte, University of Illinois at Urbana-Champaign




---

**【2019】**

Sadegh M. Milajerdi, et al. **Poirot: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting**. CCS 2019
- Paper: https://arxiv.org/pdf/1910.00056.pdf
- Contribution：
- Institution：University of Illinois at Chicago, University of Michigan-Dearborn


Sadegh M. Milajerdi, et al. **HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows**. IEEE S&P 2019
- Paper: https://arxiv.org/pdf/1810.01594.pdf
- Contribution：
- Institution：University of Illinois at Chicago, University of Michigan-Dearborn, Stony Brook University


Wajih Ul Hassan, et al. **NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage**. NDSS 2019
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_03B-1-3_UlHassan_paper.pdf
- Contribution：
- Institution：University of Illinois at Urbana-Champaign, Virginia Tech, NEC Laboratories America


---

**【2020】**

Wajih Ul Hassan, et al. **Tactical Provenance Analysis for Endpoint Detection and Response Systems**. RapSheet. IEEE S&P 2020
- Paper: https://ieeexplore.ieee.org/document/9152771
- Contribution：
- Institution：University of Illinois at Urbana-Champaign, NortonLifeLock Research Group


Xueyuan Han, et al. **Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats**. NDSS 2020
- Paper: https://arxiv.org/pdf/2001.01525.pdf
- Contribution：
- Institution：Harvard University, University of Bristol, University of Illinois at Urbana-Champaign, University of British Columbia


Qi Wang, et al. **You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis**. NDSS 2020
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24167-paper.pdf
- Contribution：
- Institution：University of Illinois Urbana-Champaign, NEC Laboratories America, University of Texas at Dallas


Riccardo Paccagnella, et al. **Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks**. CCS 2020
- Paper: https://www.kevliao.com/publications/kennyloggings-ccs2020.pdf
- Contribution：
- Institution：University of Illinois at Urbana-Champaign, Purdue University


Wajih Ul Hassan, et al. **OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis**. NDSS 2020
- Paper: https://www.ndss-symposium.org/wp-content/uploads/2020/02/24270-paper.pdf
- Contribution：
- Institution：University of Illinois at Urbana-Champaign



---

**【2021】**


Abdulellah Alsaheel, et al. **ATLAS: A Sequence-based Learning Approach for Attack Investigation**. USENIX Sec 2021
- Paper: https://www.usenix.org/system/files/sec21-alsaheel.pdf
- Contribution：
- Institution：Purdue University


Carter Yagemann, et al. **Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks**. CCS 2021
- Paper: https://dl.acm.org/doi/pdf/10.1145/3460120.3484551
- Contribution：
- Institution：Georgia Institute of Technology, University of Illinois Urbana-Champaign


Xutong Chen, et al. **CLARION: Sound and Clear Provenance Tracking for Microservice Deployments**. USENIX Sec 2021
- Paper: https://www.usenix.org/system/files/sec21-chen-xutong.pdf
- Contribution：
- Institution：Northwestern University, SRI International


Le Yu, et al. **ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation**. NDSS 2021
- Paper: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_7A-2_24445_paper.pdf
- Contribution：
- Institution：Purdue University, Rutgers University, Sandia National Laboratories, SRI Internationa


Kiavash Satvat, et al. **EXTRACTOR: Extracting Attack Behavior from Threat Reports**. EuroS&P 2021
- Paper: https://arxiv.org/pdf/2104.08618.pdf
- Contribution：
- Institution：University of Illinois at Chicago


Zhenyuan Li, et al. **Threat detection and investigation with system-level provenance graphs: A survey**. C&S 2021
- Paper: https://www.sciencedirect.com/science/article/pii/S0167404821001061
- Contribution：
- Institution：Zhejiang University, University of California, Northwestern University



<div align=center><img src="https://github.com/eastmountyxz/APT-ProvenanceGraph/blob/main/summary-01.png" width="60%" height="60%" /></div>
 
<br />

<div align=center><img src="https://github.com/eastmountyxz/APT-ProvenanceGraph/blob/main/summary-02.png" width="60%" height="60%" /></div>

 
---

### Knowledge Graph

Jun Zhao, et al. **Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network**. RAID 2020
- Paper: https://www.usenix.org/system/files/raid20-zhao.pdf
- Contribution：
- Institution：Beihang University, Michigan State University

Yali Gao, et al. **HinCTI: A Cyber Threat Intelligence Modeling and Identification System Based on Heterogeneous Information Network**. IEEE TKDE 2020
- Paper: https://ieeexplore.ieee.org/document/9072563
- Contribution：
- Institution： Beijing University of Posts and Telecommunications, Beihang University, University of Illinois at Chicago


---

软工溯源图相关论文


---

## 企业界


- FireEye
- 卡巴斯基
- 绿盟：http://blog.nsfocus.net/tag/知识图谱/
- 作者博客



---

## 安全知识图谱-Paper








---

By:Eastmount 2022-04-02