Anis Yusof (NU Singapore)

To improve the preparedness of Security Operation Center (SOC), analysts may leverage provenance graphs to deepen their understanding of existing cyberattacks. However, the unknown nature of a cyberattack may result in a provenance graph with incomplete details, thus limiting the comprehensive knowledge of the cyberattack due to partial indicators. Furthermore, using outdated provenance graphs imposes a limit on the understanding of cyberattack trends. This negatively impacts SOC operations that are responsible for detecting and responding to threats and incidents. This paper introduces PROVCON, a framework that constructs a provenance graph representative of a cyberattack. Based on documented cyberattacks, the framework reproduces the cyberattack and generates the corresponding data for attack analysis. The knowledge gained from existing cyberattacks through the constructed provenance graph is instrumental in enhancing the understanding and improving decision-making in SOC. With the use of PROVCON, SOC can improve its cybersecurity posture by aligning its operations based on insights derived from documented observations.

View More Papers

Towards Understanding Unsafe Video Generation

Yan Pang (University of Virginia), Aiping Xiong (Penn State University), Yang Zhang (CISPA Helmholtz Center for Information Security), Tianhao Wang (University of Virginia)

Read More

Home Shield IoT Traffic Analyzer: A Comprehensive Analysis of...

Dhananjai Bajpai (Marquette University), Keyang Yu (Marquette University)

Read More

Non-intrusive and Unconstrained Keystroke Inference in VR Platforms via...

Tao Ni (City University of Hong Kong), Yuefeng Du (City University of Hong Kong), Qingchuan Zhao (City University of Hong Kong), Cong Wang (City University of Hong Kong)

Read More