Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security 2019
DOI: 10.1145/3319535.3363217
|View full text |Cite
|
Sign up to set email alerts
|

Poirot

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
17
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 130 publications
(17 citation statements)
references
References 34 publications
0
17
0
Order By: Relevance
“…Due to the substructure in the provenance graph can completely describe malicious behavior, it is a very popular method to use graph matching-based detection method to detect APT attacks. For example, Poirot (Milajerdi et al, 2019a) threat detection is modeled as an imprecise graph pattern matching problem.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Due to the substructure in the provenance graph can completely describe malicious behavior, it is a very popular method to use graph matching-based detection method to detect APT attacks. For example, Poirot (Milajerdi et al, 2019a) threat detection is modeled as an imprecise graph pattern matching problem.…”
Section: Related Workmentioning
confidence: 99%
“…The APT detection research based on the provenance graph can be mainly divided into three directions: graph matchingbased detection (De Nardo et al, 2008) (Milajerdi et al, 2019a) (Han et al, 2020) (Goyal & Ferrara, 2018) (Wang et al, 2014) (Yan et al, 2006) (Liu et al, 2019) (Wang et al, 2020), anomaly score-based detection (Xie et al, 2020) (Xie et al, 2021) (Liu et al, 2018) (Hassan et al, 2019), and tag propagation-based detection (Jiang et al, 2006) (Hossain et al, 2017) (Milajerdi et al, 2019b) (Hossain et al, 2020). Most of this anomaly score-based and tag propagation-based attack detection methods are difficult to model long-term behavioral patterns.…”
Section: Introductionmentioning
confidence: 99%
“…Currently, several pieces of research are developed to build and analyze provenance graphs. These approaches span from system monitoring tools [55], [80], data storage [26], [47], [62], [89], [101], and attack detection and investigation [45], [74], [46], [37], [73], [13]. Following the existing work [25], [92], [74], [46], [45], [13], [105], we focus on the system events that are critical to attack steps, which we list in Table I.…”
Section: A Provenance Analysismentioning
confidence: 99%
“…The third form, graph-matching attack detection has grown in popularity during the last few years. Milajerdi et al proposed POIROT [19], and attacks are discovered as subgraphs in the provenance graph that are similar to the attack graph. Although the graph matching-based approach detects attacks more precisely, it necessitates the creation of attack graphs based on prior knowledge and cannot detect unknown attacks.…”
Section: Related Workmentioning
confidence: 99%