Provenance graph generation for intrusion detection
In today’s rapidly evolving threat landscape, the demand for robust defense mechanisms against zero-day attacks and other unforeseeable threats is escalating. As threat actors continually innovate, traditional security approaches struggle to keep pace, necessitating the exploration of novel strategi...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/175398 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | In today’s rapidly evolving threat landscape, the demand for robust defense mechanisms against zero-day attacks and other unforeseeable threats is escalating. As threat actors continually innovate, traditional security approaches struggle to keep pace, necessitating the exploration of novel strategies. Recent studies have highlighted the potential of provenance graphs in intrusion detection, showcasing their ability to achieve higher detection accuracy and lower false alarm rates compared to conventional system-call based methods. In this study, we aim to validate these findings by generating our own benign and malicious user scenarios. Leveraging the CamFlow provenance capture system, we will set up security-critical applications, design diverse intrusion scenarios, and simulate attacks. Subsequently, we will generate authentic provenance data for both benign and malicious cases, using them to evaluate state-of-the-art graph-based models. Performance assessment metrics such as detection rate, false alarm rate, detection time, and storage overhead will be employed to gauge the quality of the models. Through this investigation, we seek to contribute to the advancement of intrusion detection methodologies and enhance our understanding of provenance-based defense mechanisms. |
---|