Building a provenance-based IDS and the questions we ask ourselves

Building a provenance-based IDS and the questions we ask ourselves

Abstract

Provenance is the representation of a system execution as a directed acyclic graph. Whole-system provenance graph, representing the execution of an entire system from initialization to shut down, can be comprised of millions of graph elements. It is believed that the use of such graphs can help build better intrusion detection systems. We have attempted to build full stack intrusion detection systems from kernel capture up to the data analysis. In the spirit of a constructive workshop, in this talk, I will present those attempts discussing our design decisions and the questions that we need to answer.

Date
Location
The Alan Turing Institute, London
Avatar
Thomas Pasquier
Lecturer (Assistant Professor)

My research interests include Digital Provenance, Operating Systems, Distributed Systems, Data Protection and Privacy, Internet of Things and Intrusion Detection.