Provenance-based Intrusion Detection

Abstract

Whole-system provenance is the record of flows of information between kernel objects (e.g., files, task, sockets etc.). This information is represented as a directed acyclic graph that can be analysed to extract information about the execution of the system. Building on the DARPA transparent computing programme a number of research groups have explored means to develop provenance-based intrusion detection systems. In this talk, we will discuss how provenance can be captured and analysed to achieve such an objective.

Date
Jan 15, 2020 3:00 PM
Location
Newcastle University
Thomas Pasquier
Thomas Pasquier
Assistant Professor

My research interests include provenance, operating systems, distributed systems and intrusion detection.