Provenance-based Intrusion Detection: Opportunities and Challenges

Provenance-based Intrusion Detection: Opportunities and Challenges

Abstract

Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known defense mechanisms. Provenance provides a detailed, structured history of the interactions of digital objects within a system. It is ideal for intrusion detection, because it offers a holistic, attack-vector-agnostic view of system execution. As such, provenance graph analysis fundamentally strengthens detection robustness. We discuss the opportunities and challenges associated with provenance-based intrusion detection and provide insights based on our experience building such systems.

Date
Location
London, UK
Avatar
Thomas Pasquier
Lecturer (Assistant Professor)

My research interests include Digital Provenance, Operating Systems, Distributed Systems, Data Protection and Privacy, Internet of Things and Intrusion Detection.