Building a provenance-based intrusion detection system

Abstract

Provenance is the representation of a system execution as a directed acyclic graph. Those graphs, representing the execution of an entire system from initialization to shut down, can be comprised of millions of graph elements. In this talk, I will present my work on the development of a provenance-based intrusion detection system. I will discuss the development of the stack from the kernel-level capture mechanism to the algorithm used to perform intrusion detection. Finally, I will discuss planned future work and areas of potential collaborations. This talk is based on papers published at ACM CCS, NDSS and Usenix Security.

Date
Dec 8, 2020 8:00 AM
Event
Annual China-UK-Australia AI Frontier Symposium
Location
virtually
Thomas Pasquier
Thomas Pasquier
Lecturer (Assistant Professor) in Computer Science

My research interests include distributed robotics, mobile computing and programmable matter.