Article

Categories

Notes

Papers

2026

A Beginner’s Guide to Provenance Graphs

Featured image of post A Beginner’s Guide to Provenance Graphs

Sentient: Detecting APTs Via Capturing Indirect Dependencies and Behavioral Logic

PanThreat: Global Resource-Based Anomaly Detection for APTs

MPKAN: APT Attack Detection on Audit Logs via Graph Semantic Enhancement

Brewing Vodka: Distilling Pure Knowledge for Lightweight Threat Detection in Audit Logs

Autumn: An Unsupervised APT Detection via Detailed Process-Level Analysis

2024

THREATRACE: Detecting and Tracing Host-Based Threats in Node Level Through Provenance Graph Learning

THREATRACE: Detecting and Tracing Host-Based Threats in Node Level Through Provenance Graph Learning

Linkless Link Prediction via Relational Distillation

Linkless Link Prediction via Relational Distillation

FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning

FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning

Graph embedding analysis

Featured image of post Graph embedding analysis

CONAN: A Practical Real-Time APT Detection System With High Accuracy and Efficiency

CONAN: A Practical Real-Time APT Detection System With High Accuracy and Efficiency

NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation

NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation

ProGraPher: An Anomaly Detection System based on Provenance Graph Embedding

ProGraPher: An Anomaly Detection System based on Provenance Graph Embedding

HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows

HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows

Threat Hunting and Threat Detection

Threat Hunting and Threat Detection

2023

Minesweeper plug-in

Minesweeper plug-in

2022

U disk virus

U disk virus