Topic Name

Provenance-based Security

We explore the use of system provenance for security.

Provenance-based Security

We explore all aspects of provenance from its capture to its analysis. For applications in particular, we focus on the use of provenance in security such as intrusion detection and forensic analysis. We combine in-depth operating systems knowledge, graph analysis techniques and machine learning to detect and explain cyber threats.

Papers
  1. SIGL: Securing Software Installations Through Deep Graph Learning from USENIX Security 2021 (link)
  2. UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats from NDSS 2020 (link)
  3. Runtime Analysis of Whole-System Provenance from ACM CCS 2018 (link)
  4. Practical Whole-System Provenance Capture from ACM SoCC 2017 (link)
Code
  1. CamFlow
  2. UNICORN
People
  1. Thomas Pasquier
  2. Xueyuan (Michael) Han
arrow_back Back

Systopia lab is supported by a number of government and industrial sources, including Cisco Systems, the Communications Security Establishment Canada, Intel Research, the National Sciences and Engineering Research Council of Canada (NSERC), Network Appliance, Office of the Privacy Commissioner of Canada, and the National Science Foundation (NSF).