Review of threat discovery and forensic analysis based on system provenance graph

Review of threat discovery and forensic analysis based on system provenance graph

By investigating works of literature related to provenance graph research, a research framework for network threat discovery and forensic analysis based on system-level provenance graph was proposed.A detailed overview of data collection, data management, data query, and visualization methods based...

Full description

Saved in:
Bibliographic Details
Main Authors: Tao LENG, Lijun CAI, Aimin YU, Ziyuan ZHU, Jian’gang MA, Chaofei LI, Ruicheng NIU, Dan MENG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2022-07-01
Series:Tongxin xuebao
Subjects:
provenance graph
advanced persistent threat
threat discovery
forensic analysis
graph neural network
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022105/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:By investigating works of literature related to provenance graph research, a research framework for network threat discovery and forensic analysis based on system-level provenance graph was proposed.A detailed overview of data collection, data management, data query, and visualization methods based on provenance graphs was provided.The rule-based, anomaly-based, and learning-based threat detection classification methods were proposed.Threats based on threat intelligence or based on strategy, technology, and process-driven threats hunting methods were summarized.Forensic analysis methods based on causality, sequence learning, language query and semantic reconstruction in special fields were summarized.Finally, the future research trends were pointed out.
ISSN:1000-436X

Similar Items