research-article

Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools

Authors:
Feng Dong

Huazhong University of Science and Technology, Wuhan, China

Huazhong University of Science and Technology, Wuhan, China

0000-0001-7091-2169
View Profile

,
Shaofei Li

Peking University, Beijing, China

Peking University, Beijing, China

0009-0001-6530-5935
View Profile

,
Peng Jiang

Peking University, Beijing, China

Peking University, Beijing, China

0000-0002-2613-5224
View Profile

,
Ding Li

Peking University, Beijing, China

Peking University, Beijing, China

0000-0001-7558-9137
View Profile

,
Haoyu Wang

Huazhong University of Science and Technology, Wuhan, China

Huazhong University of Science and Technology, Wuhan, China

0000-0003-1100-8633
View Profile

,
Liangyi Huang

Arizona State University, Phoenix, AZ, USA

Arizona State University, Phoenix, AZ, USA

0000-0003-0845-3293
View Profile

,
Xusheng Xiao

Arizona State University, Phoenix, AZ, USA

Arizona State University, Phoenix, AZ, USA

0000-0003-4797-4294
View Profile

,
Jiedong Chen

Sangfor Technologies Inc., Shenzhen, China

Sangfor Technologies Inc., Shenzhen, China

0009-0002-9656-7310
View Profile

,
Xiapu Luo

The Hong Kong Polytechnic University, Hong Kong, Hong Kong

The Hong Kong Polytechnic University, Hong Kong, Hong Kong

0000-0002-9082-3208
View Profile

,
Yao Guo

Peking University, Beijing, China

Peking University, Beijing, China

0000-0001-5064-5286
View Profile

,
Xiangqun Chen

Peking University, Beijing, China

Peking University, Beijing, China

0000-0002-7366-5906
View Profile

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2023Pages 2396–2410https://doi.org/10.1145/3576915.3616580

Published:21 November 2023Publication History

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2396–2410

ABSTRACT

Provenance-Based Endpoint Detection and Response (P-EDR) systems are deemed crucial for future Advanced Persistent Threats (APT) defenses. Despite the fact that numerous new techniques to improve P-EDR systems have been proposed in academia, it is still unclear whether the industry will adopt P-EDR systems and what improvements the industry desires for P-EDR systems. To this end, we conduct the first set of systematic studies on the effectiveness and the limitations of P-EDR systems. Our study consists of four components: a one-to-one interview, an online questionnaire study, a survey of the relevant literature, and a systematic measurement study. Our research indicates that all industry experts consider P-EDR systems to be more effective than conventional Endpoint Detection and Response (EDR) systems. However, industry experts are concerned about the operating cost of P-EDR systems. In addition, our research reveals three significant gaps between academia and industry (1) overlooking client-side overhead; (2) imbalancedalarm triage cost and interpretation cost; and (3) excessive server side memory consumption. This paper's findings provide objective data on the effectiveness of P-EDR systems and how much improvements are needed to adopt P-EDR systems in industry.

References

2022. Top Cybersecurity Companies for 2022. https://www.esecurityplanet.com/products/top-cybersecurity-companies/.Google Scholar
2022. Top Cybersecurity Companies in China for 2022. https://www.maigoo.com/maigoo/9400wlaq_index.html/.Google Scholar
2023. An Empirical Study of Provenance-based Endpoint Detection and Response Tools. https://github.com/EmpiricalStudy2023/EDREmpiricalStudy.Google Scholar
2023. LinkedIn. https://www.linkedin.com/.Google Scholar
2023. MaiMai. https://maimai.cn/.Google Scholar
2023. NSFOCUS. https://www.nsfocus.com/.Google Scholar
2023. Rising. http://www.rising.com.cn/.Google Scholar
2023. Sangfor. https://www.sangfor.com/.Google Scholar
2023. Tencent Security. https://s.tencent.com/.Google Scholar
2023. Top 8 Challenges With Designing Accurate Surveys. https://surveytown.com/top-8-challenges-with-designing-accurate-surveys/.Google Scholar
2023. Trend Micro. https://www.trendmicro.com/en_hk/business.html.Google Scholar
Adil Ahmad, Sangho Lee, and Marcus Peinado. 2022. HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 1554--1554.Google ScholarCross Ref
Bushra A Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. In Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA. 10--12.Google Scholar
Abdulellah Alsaheel, Yuhong Nan, Shiqing Ma, Le Yu, Gregory Walkup, Z. Berkay Celik, Xiangyu Zhang, and Dongyan Xu. 2021. ATLAS: A Sequence-based Learning Approach for Attack Investigation. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3005--3022.Google Scholar
Pooneh Nikkhah Bahrami, Ali Dehghantanha, Tooska Dargahi, Reza M Parizi, Kim-Kwang Raymond Choo, and Hamid HS Javadi. 2019. Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures. Journal of information processing systems, Vol. 15, 4 (2019), 865--889.Google Scholar
Gianluca Borello. 2015. System and application monitoring and troubleshooting with sysdig. (2015).Google Scholar
Bryan M. Cantrill, Michael W. Shapiro, and Adam H. Leventhal. 2004. Dynamic Instrumentation of Production Systems. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (Boston, MA) (ATEC '04). USENIX Association, USA, 2.Google Scholar
Bin Cao, Beth Plale, Girish Subramanian, Ed Robertson, and Yogesh Simmhan. 2009. Provenance Information Model of Karma Version 3. SERVICES 2009 - 5th 2009 World Congress on Services, 348--351.Google ScholarDigital Library
Jun Dai, Xiaoyan Sun, and Peng Liu. 2013. Patrol: Revealing Zero-Day Attack Paths through Network-Wide System Object Dependencies. In Computer Security - ESORICS 2013, Jason Crampton, Sushil Jajodia, and Keith Mayes (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 536--555.Google Scholar
LORIS DEGIOANNI. 2014. Sysdig vs DTrace vs Strace: A technical discussion. https://sysdig.com/blog/sysdig-vs-dtrace-vs-strace-a-technical-discussion/.Google Scholar
Mathieu Desnoyers and Michel Dagenais. 2008. LTTng: Tracing across execution layers, from the hypervisor to user-space. In Linux symposium, Vol. 101.Google Scholar
DOMARS. 2021. Event Tracing for Windows (ETW). https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows-etw-.Google Scholar
Frank C Eigler, Vara Prasad, Will Cohen, Hien Nguyen, Martin Hunt, Jim Keniston, and Brad Chen. 2005. Architecture of systemtap: a Linux trace/probe tool. (2005).Google Scholar
Pengcheng Fang, Peng Gao, Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang Ye, Zhuotao Liu, and Xusheng Xiao. 2022. Back-Propagating System Dependency Impact for Attack Investigation. In Proceedings of the USENIX Security Symposium.Google Scholar
Rayees Farooq. 2018. How to design and frame a questionnaire. In Innovations in measuring and evaluating scientific information. IGI Global, 50--60.Google Scholar
Athenas Jimenez Gabriela Cervantes. 2022. Go Benchmarks. https://openbenchmarking.org/test/pts/go-benchmark.Google Scholar
Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime provenance-based detector for advanced persistent threats. (2020).Google Scholar
Xueyuan Han, Thomas Pasquier, and Margo Seltzer. 2018. Provenance-based intrusion detection: opportunities and challenges. In 10th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2018).Google ScholarDigital Library
Wajih Ul Hassan, Adam Bates, and Daniel Marino. 2020. Tactical provenance analysis for endpoint detection and response systems. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1172--1189.Google ScholarCross Ref
Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. In Network and Distributed Systems Security Symposium.Google ScholarCross Ref
Viet Tung Hoang, Cong Wu, and Xin Yuan. 2022. Faster Yet Safer: Logging System Via Fixed-Key Blockcipher. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2389--2406. https://www.usenix.org/conference/usenixsecurity22/presentation/hoangGoogle Scholar
Md Nahid Hossain, Sadegh M Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R Sekar, Scott Stoller, and VN Venkatakrishnan. 2017. {SLEUTH}: Real-time attack scenario reconstruction from {COTS} audit data. In 26th USENIX Security Symposium (USENIX Security 17). 487--504.Google Scholar
Md Nahid Hossain, Sanaz Sheikhi, and R Sekar. 2020. Combating dependence explosion in forensic analysis using alternative tag propagation semantics. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1139--1155.Google ScholarCross Ref
Md Nahid Hossain, Jun Ao Wang, R. Sekar, and Scott D. Stoller. 2018. Dependence-Preserving Data Compaction for Scalable Forensic Analysis. In Proceedings of the USENIX Security Symposium. 1723--1740.Google Scholar
M. Inam, Y. Chen, A. Goyal, J. Liu, J. Mink, N. Michael, S. Gaur, A. Bates, and W. Ul Hassan. 2023. SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions. In 2023 2023 IEEE Symposium on Security and Privacy (SP) (SP). IEEE Computer Society, Los Alamitos, CA, USA, 307--325.Google Scholar
Bart Jacob, Paul Larson, B Leitao, and SAMM Da Silva. 2008. SystemTap: instrumenting the Linux kernel for analyzing performance and functional problems. IBM Redbook, Vol. 116 (2008).Google Scholar
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2017. RAIN: Refinable Attack Investigation with On-Demand Inter-Process Information Flow Tracking (CCS '17). Association for Computing Machinery, New York, NY, USA, 377--390.Google ScholarDigital Library
Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2018. Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. In USENIX Security Symposium.Google Scholar
Jeffrey Katcher. 1997. Postmark: A new file system benchmark. TR3022 (1997).Google Scholar
Samuel T King and Peter M Chen. 2003. Backtracking intrusions. In Proceedings of the nineteenth ACM symposium on Operating systems principles. 223--236.Google ScholarDigital Library
Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, X. Zhang, Dongyan Xu, Somesh Jha, Gabriela F. Cretu-Ciocarlie, Ashish Gehani, and Vinod Yegneswaran. 2018. MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation. In Network and Distributed System Security Symposium.Google Scholar
Michael Larabel. 2022. PyPerformance Benchmark. https://openbenchmarking.org/test/pts/pyperformance.Google Scholar
Michael Larabel and Matthew Tippett. 2011. Phoronix test suite. Phoronix Media, [Online]. Available: http://www.phoronix-test-suite.com/. [Accessed October 2022] (2011).Google Scholar
Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. LogGC: garbage collecting audit log. In CCS.Google Scholar
Zhenyuan Li, Qi Alfred Chen, Runqing Yang, Yan Chen, and Wei Ruan. 2021. Threat detection and investigation with system-level provenance graphs: a survey. Computers & Security, Vol. 106 (2021), 102282.Google ScholarDigital Library
Yushan Liu, Xiaokui Shu, Yixin Sun, Jiyong Jang, and Prateek Mittal. 2022. RAPID: Real-Time Alert Investigation with Context-Aware Prioritization for Efficient Threat Discovery. In Proceedings of the 38th Annual Computer Security Applications Conference (Austin, TX, USA) (ACSAC '22). Association for Computing Machinery, New York, NY, USA, 827--840.Google ScholarDigital Library
Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018a. Towards a Timely Causality Analysis for Enterprise Security.. In NDSS.Google Scholar
Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018b. Towards a Timely Causality Analysis for Enterprise Security.. In NDSS.Google Scholar
Redis Ltd. 2022. Redis 6.0.9. https://redis.io/.Google Scholar
Steve Mann. 2016. The research interview. Reflective practice and reflexivity in research processes (2016).Google Scholar
Emaad A. Manzoor, Sadegh Momeni, Venkat N. Venkatakrishnan, and Leman Akoglu. 2016. Fast Memory-efficient Anomaly Detection in Streaming Heterogeneous Graphs. CoRR, Vol. abs/1602.04844 (2016). showeprint[arXiv]1602.04844 http://arxiv.org/abs/1602.04844Google Scholar
Fernando Maymí, Robert Bixler, Randolph Jones, and Scott Lathrop. 2017. Towards a definition of cyberspace tactics, techniques and procedures. In 2017 IEEE International Conference on Big Data (Big Data). IEEE, Boston, MA, USA, 4674--4679.Google ScholarCross Ref
Sadegh M Milajerdi, Birhanu Eshete, Rigel Gjomemo, and VN Venkatakrishnan. 2019a. Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1795--1812.Google ScholarDigital Library
Sadegh M Milajerdi, Rigel Gjomemo, Birhanu Eshete, R Sekar, and VN Venkatakrishnan. 2019b. HOLMES: real-time APT detection through correlation of suspicious information flows. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P). IEEE, 1137--1152.Google ScholarCross Ref
Kiran-Kumar Muniswamy-Reddy, David A. Holland, Uri Braun, and Margo Seltzer. 2006. Provenance-Aware Storage Systems. In Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference (Boston, MA) (ATEC '06). USENIX Association, USA, 4.Google ScholarDigital Library
p7zip. 2022. p7zip Version 16.02. https://www.7-zip.org/.Google Scholar
Riccardo Paccagnella, Kevin Liao, Dave Tian, and Adam Bates. 2020. Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, USA) (CCS '20). Association for Computing Machinery, New York, NY, USA, 1551--1574.Google ScholarDigital Library
Thomas Pasquier, Xueyuan Han, Mark Goldstein, Thomas Moyer, David Eyers, Margo Seltzer, and Jean Bacon. 2017. Practical whole-system provenance capture. In Proceedings of the 2017 Symposium on Cloud Computing. 405--418.Google ScholarDigital Library
DARPA Transparent Computing Program. 2022. The DARPA Transparent Computing (TC) program Data Release. https://github.com/darpa-i2o/Transparent-Computing.Google Scholar
Open Source Project. 2022a. Wrk. https://github.com/wg/wrk.Google Scholar
The OpenSSL Project. 2022b. OpenSSL 1.1.1. https://www.openssl.org/.Google Scholar
Redhat. 2017. The Linux audit framework. https://github.com/linux-audit/.Google Scholar
Will Reese. 2008. Nginx: the high-performance web server and reverse proxy. Linux Journal, Vol. 2008, 173 (2008), 2.Google ScholarDigital Library
Basu A Sharath S. 2013. Performance of Eucalyptus and OpenStack Clouds on FutureGrid. In International Journal of Computer Applications.Google Scholar
Yogesh Simmhan, Beth Plale, Dennis Gannon, and Suresh Marru. 2006. Performance Evaluation of the Karma Provenance Framework for Scientific Workflows. In International Provenance and Annotation Workshop (IPAW) international provenance and annotation workshop (ipaw) ed.) (Lecture Notes in Computer Science (LNCS), Vol. 4145). Springer, 222--236. https://www.microsoft.com/en-us/research/publication/performance-evaluation-of-the-karma-provenance-framework-for-scientific-workflows/Google Scholar
Xiaoyan Sun, Jun Dai, Peng Liu, Anoop Singhal, and John Yen. 2018. Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths. IEEE Transactions on Information Forensics and Security, Vol. 13, 10 (2018), 2506--2521.Google ScholarCross Ref
Yutao Tang, Ding Li, Zhichun Li, Mu Zhang, Kangkook Jee, Xusheng Xiao, Zhenyu Wu, Junghwan Rhee, Fengyuan Xu, and Qun Li. 2018. NodeMerge: Template Based Efficient Data Reduction For Big-Data Causality Analysis. In Proceedings of ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
Daniel W Turner III and Nicole Hagstrom-Schmidt. 2022. Qualitative interview design. Howdy or Hello? Technical and Professional Communication (2022).Google Scholar
Benjamin E Ujcich, Samuel Jero, Richard Skowyra, Adam Bates, William H Sanders, and Hamed Okhravi. 2021. Causal Analysis for {Software-Defined} Networking Attacks. In 30th USENIX Security Symposium (USENIX Security 21). 3183--3200.Google Scholar
Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A Gunter, et al. 2020. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.. In Proceedings of the Network and Distributed Systems Security (NDSS) Symposium.Google ScholarCross Ref
Xiayang Wang, Fuqian Huang, and Haibo Chen. 2019. DTrace: Fine-grained and efficient data integrity checking with hardware instruction tracing. Cybersecurity, Vol. 2, 1 (2019), 1--15.Google ScholarCross Ref
Yulai Xie, Dan Feng, Yuchong Hu, Yan Li, Staunton Sample, and Darrell Long. 2020. Pagoda: A Hybrid Approach to Enable Efficient Real-Time Provenance Based Intrusion Detection in Big Data Environments. IEEE Transactions on Dependable and Secure Computing, Vol. 17, 6 (2020), 1283--1296.Google ScholarCross Ref
Yulai Xie, Yafeng Wu, Dan Feng, and Darrell Long. 2021. P-Gaussian: Provenance-Based Gaussian Distribution for Detecting Intrusion Behavior Variants Using High Efficient and Real Time Memory Databases. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 6 (2021), 2658--2674.Google ScholarDigital Library
Zhiqiang Xu, Pengcheng Fang, Changlin Liu, Xusheng Xiao, Yu Wen, and Dan Meng. 2022. Graph Summarization on System Audit Logs for Attack Investigation. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S & P).Google ScholarCross Ref
Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang, and Guofei Jiang. 2016. High Fidelity Data Reduction for Big Data Security Dependency Analyses. In Proceedings of ACM Conference on Computer and Communications Security (CCS). 504--516.Google ScholarDigital Library
Carter Yagemann, Mohammad A. Noureddine, Wajih Ul Hassan, Simon Chung, Adam Bates, and Wenke Lee. 2021. Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS '21). Association for Computing Machinery, New York, NY, USA, 3337--3351.Google ScholarDigital Library
Jun Zeng, Zheng Leong Chua, Yinfang Chen, Kaihang Ji, Zhenkai Liang, and Jian Mao. 2021. Watson: Abstracting behaviors from audit logs via aggregation of contextual semantics. In Proceedings of the 28th Annual Network and Distributed System Security Symposium, NDSS.Google ScholarCross Ref
Jun Zeng, Xiang Wang, Jiahao Liu, Yinfang Chen, Zhenkai Liang, Tat-Seng Chua, and Zheng Leong Chua. 2022. Shadewatcher: Recommendation-guided cyber threat analysis using system audit records. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 489--506.Google ScholarCross Ref

Index Terms

Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

New approach for APT malware detection on the workstation based on process profile

The Advanced Persistent Threat (APT) attack is a form of dangerous, intentionally and clearly targeted attack. Currently, the APT attack trend is through the end-users and then escalating privileges in the system by spreading malware which is widely used ...
Read More
A Context-Based Detection Framework for Advanced Persistent Threats
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber Security

Besides a large set of malware categories such as worms and Trojan horses, Advanced Persistent Threat (APT) is another more sophisticated attack entity emerging in the cyber threats environment. In this paper we propose a model of the APT detection ...
Read More
Demand response application in industrial scenarios: A systematic mapping of practical implementation
Abstract
The industrial sector is the one that consumes the most energy in the world, whereas manufacturing activities play an important role in the energy consumption in the industry. The efficient scheduling/planning of production through ...
Highlights
- Demand Response (DR) in industrial manufacturing processes is investigated.
- 53 ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences
Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 November 2023
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
apt
gaps
provenance-based edr
systematic study
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 403
  Total Downloads
- Downloads (Last 12 months)403
- Downloads (Last 6 weeks)94
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

New approach for APT malware detection on the workstation based on process profile

A Context-Based Detection Framework for Advanced Persistent Threats

Demand response application in industrial scenarios: A systematic mapping of practical implementation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

New approach for APT malware detection on the workstation based on process profile

A Context-Based Detection Framework for Advanced Persistent Threats

Demand response application in industrial scenarios: A systematic mapping of practical implementation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media