Building a provenance-based intrusion detection system

Name: Building a provenance-based intrusion detection system
Start: 2020-12-08T07:00:00Z
Location: Academy of Mathematics and Systems Science, Chinese Academy of Sciences

Slides

Abstract

Provenance is the representation of a system execution as a directed acyclic graph. Those graphs, representing the execution of an entire system from initialization to shut down, can be comprised of millions of graph elements. In this talk, I will present my work on the development of a provenance-based intrusion detection system. I will discuss the development of the stack from the kernel-level capture mechanism to the algorithm used to perform intrusion detection. Finally, I will discuss planned future work and areas of potential collaborations. This talk is based on papers published at ACM CCS, NDSS and Usenix Security.

Date

Dec 8, 2020 7:00 AM

Event

Symposium on Frontiers of AI

Location

Academy of Mathematics and Systems Science, Chinese Academy of Sciences

Thomas Pasquier

Lecturer (Assistant Professor) in Computer Science

My research interests include distributed robotics, mobile computing and programmable matter.