We explore the use of system provenance for security.
We explore all aspects of provenance from its capture to its analysis. For applications in particular, we focus on the use of provenance in security such as intrusion detection and forensic analysis. We combine in-depth operating systems knowledge, graph analysis techniques and machine learning to detect and explain cyber threats.
Systopia lab is supported by a number of government and industrial sources, including Cisco Systems, the Communications Security Establishment Canada, Intel Research, the National Sciences and Engineering Research Council of Canada (NSERC), Network Appliance, Office of the Privacy Commissioner of Canada, and the National Science Foundation (NSF).