ATLAS: A Sequence-based Learning Approach for Attack Investigation

[1]  Mu Zhang,et al.  Towards a Timely Causality Analysis for Enterprise Security , 2018, NDSS.

[2]  David M. Eyers,et al.  Practical whole-system provenance capture , 2017, SoCC.

[3]  Ding Li,et al.  NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage , 2019, NDSS.

[4]  Yu Wen,et al.  Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise , 2019, CCS.

[5]  Daniel Marino,et al.  Tactical Provenance Analysis for Endpoint Detection and Response Systems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[6]  Sergio Escalera,et al.  Beyond One-hot Encoding: lower dimensional target embedding , 2018, Image Vis. Comput..

[7]  Md Nahid Hossain,et al.  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[8]  Gianluca Stringhini,et al.  Tiresias: Predicting Security Events Through Deep Learning , 2018, CCS.

[9]  Xiangyu Zhang,et al.  High Accuracy Attack Provenance via Binary-based Execution Partition , 2013, NDSS.

[10]  Dunja Mladenic,et al.  A Rule based Approach to Word Lemmatization , 2004 .

[11]  Francisco Herrera,et al.  SMOTE-RSB*: a hybrid preprocessing approach based on oversampling and undersampling for high imbalanced data-sets using SMOTE and rough sets theory , 2012, Knowledge and Information Systems.

[12]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[13]  Kuldip K. Paliwal,et al.  Bidirectional recurrent neural networks , 1997, IEEE Trans. Signal Process..

[14]  V. N. Venkatakrishnan,et al.  HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[15]  Fei Wang,et al.  HERCULE: attack story reconstruction via community discovery on correlated log graph , 2016, ACSAC.

[16]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[17]  W. Heeringa,et al.  Predicting intelligibility and perceived linguistic distance by means of the Levenshtein algorithm , 2008 .

[18]  Gianluca Stringhini,et al.  ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks , 2019, USENIX Security Symposium.

[19]  Muttukrishnan Rajarajan,et al.  Intrusion alert prioritisation and attack detection using post-correlation analysis , 2015, Comput. Secur..

[20]  Ananthram Swami,et al.  Malware traffic detection using tamper resistant features , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[21]  Margo Seltzer,et al.  UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats , 2020, NDSS.

[22]  Abhishek Verma,et al.  Deep CNN-LSTM with combined kernels from multiple branches for IMDb review sentiment analysis , 2017, 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).

[23]  Ananthram Swami,et al.  Detection under Privileged Information , 2016, AsiaCCS.

[24]  Xiangyu Zhang,et al.  UIScope: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications , 2020, NDSS.

[25]  Thomas Moyer,et al.  Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs , 2018, NDSS.

[26]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[27]  Xiao Yu,et al.  You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis , 2020, NDSS.

[28]  Geoffrey Zweig,et al.  Linguistic Regularities in Continuous Space Word Representations , 2013, NAACL.

[29]  Feifei Li,et al.  DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning , 2017, CCS.

[30]  Mohammad A. Noureddine,et al.  OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis , 2020, NDSS.

[31]  Xiangyu Zhang,et al.  ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting , 2016, NDSS.

[32]  Samuel T. King,et al.  Enriching Intrusion Alerts Through Multi-Host Causality , 2005, NDSS.

[33]  Fei Wang,et al.  MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning , 2017, USENIX Security Symposium.

[34]  Somesh Jha,et al.  MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation , 2018, NDSS.

[35]  Thomas Moyer,et al.  Trustworthy Whole-System Provenance for the Linux Kernel , 2015, USENIX Security Symposium.

[36]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[37]  Jeffrey Dean,et al.  Efficient Estimation of Word Representations in Vector Space , 2013, ICLR.

[38]  Sepp Hochreiter,et al.  The Vanishing Gradient Problem During Learning Recurrent Neural Nets and Problem Solutions , 1998, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[39]  Quoc V. Le,et al.  Sequence to Sequence Learning with Neural Networks , 2014, NIPS.