Towards a provenance-based intrusion detection system

Abstract

Provenance is the representation of a system execution as a directed acyclic graph. Whole-system provenance graph, representing the execution of an entire system from initialisation to shut down, can be comprised of millions of graph elements. In this talk, I will present my work on the development of a provenance-based intrusion detection system. I will discuss the development of the stack from the kernel-level capture mechanism to the algorithm used to perform intrusion detection. Finally, I will discuss planned future work and areas of potential collaborations.

Date
Dec 5, 2018 12:30 PM
Event
Department of Computer Science Seminar, University of Bristol
Location
University of Bristol
Thomas Pasquier
Thomas Pasquier
Assistant Professor

My research interests include provenance, operating systems, distributed systems and intrusion detection.