ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection
We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUB...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2021-12 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Anjum, Md Monowar Iqbal, Shahrear Hamelin, Benoit |
| description | We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUBIS design. Secondly, ANUBIS uses system provenance graphs to capture causality and thereby achieve high detection performance. At the core of the predictive capability of ANUBIS, there is a Bayesian Neural Network that can tell how confident it is in its predictions. We evaluate ANUBIS against a recent APT dataset (DARPA OpTC) and show that ANUBIS can detect malicious activity akin to APT campaigns with high accuracy. Moreover, ANUBIS learns about high-level patterns that allow it to explain its predictions to threat analysts. The high predictive performance with explainable attack story reconstruction makes ANUBIS an effective tool to use for enterprise cyber defense. |
| doi_str_mv | 10.48550/arxiv.2112.11032 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2112_11032</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2612562403</sourcerecordid><originalsourceid>FETCH-LOGICAL-a523-d0cf44d940f97341d73325947848634b9a0feefcb8beacf65df6cbd6ec44e8403</originalsourceid><addsrcrecordid>eNotj11PwjAYRhsTEwnyA7yyidfD9u3HNu8GCpIQJQGvl659G4ayYTtR_718ePXcnJw8h5AbzoYyU4rdm_BT74fAOQw5ZwIuSA-E4EkmAa7IIMYNYwx0CkqJHlkWL2-j2fKBFnQR2j02prFIp8Hs1snIRHR0EswWv9vwTn0baOH2R8LRBYZYxw6bjq7WAU1HH7FD29Vtc00uvfmIOPjfPllNnlbj52T-Op2Ni3liFIjEMeuldLlkPk-F5C4VAlQu00xmWsgqN8wjeltlFRrrtXJe28pptFJiJpnok9uz9lRc7kK9NeG3PJaXp_IDcXcmdqH9_MLYlZv2KzSHTyVoDkrDQSP-AHJ_WuA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2612562403</pqid></control><display><type>article</type><title>ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Anjum, Md Monowar ; Iqbal, Shahrear ; Hamelin, Benoit</creator><creatorcontrib>Anjum, Md Monowar ; Iqbal, Shahrear ; Hamelin, Benoit</creatorcontrib><description>We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUBIS design. Secondly, ANUBIS uses system provenance graphs to capture causality and thereby achieve high detection performance. At the core of the predictive capability of ANUBIS, there is a Bayesian Neural Network that can tell how confident it is in its predictions. We evaluate ANUBIS against a recent APT dataset (DARPA OpTC) and show that ANUBIS can detect malicious activity akin to APT campaigns with high accuracy. Moreover, ANUBIS learns about high-level patterns that allow it to explain its predictions to threat analysts. The high predictive performance with explainable attack story reconstruction makes ANUBIS an effective tool to use for enterprise cyber defense.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2112.11032</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer Science - Cryptography and Security ; Computer Science - Learning ; Machine learning ; Neural networks ; Performance prediction</subject><ispartof>arXiv.org, 2021-12</ispartof><rights>2021. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,781,785,886,27927</link.rule.ids><backlink>$$Uhttps://doi.org/10.1145/3477314.3507097$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.2112.11032$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Anjum, Md Monowar</creatorcontrib><creatorcontrib>Iqbal, Shahrear</creatorcontrib><creatorcontrib>Hamelin, Benoit</creatorcontrib><title>ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection</title><title>arXiv.org</title><description>We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUBIS design. Secondly, ANUBIS uses system provenance graphs to capture causality and thereby achieve high detection performance. At the core of the predictive capability of ANUBIS, there is a Bayesian Neural Network that can tell how confident it is in its predictions. We evaluate ANUBIS against a recent APT dataset (DARPA OpTC) and show that ANUBIS can detect malicious activity akin to APT campaigns with high accuracy. Moreover, ANUBIS learns about high-level patterns that allow it to explain its predictions to threat analysts. The high predictive performance with explainable attack story reconstruction makes ANUBIS an effective tool to use for enterprise cyber defense.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Learning</subject><subject>Machine learning</subject><subject>Neural networks</subject><subject>Performance prediction</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj11PwjAYRhsTEwnyA7yyidfD9u3HNu8GCpIQJQGvl659G4ayYTtR_718ePXcnJw8h5AbzoYyU4rdm_BT74fAOQw5ZwIuSA-E4EkmAa7IIMYNYwx0CkqJHlkWL2-j2fKBFnQR2j02prFIp8Hs1snIRHR0EswWv9vwTn0baOH2R8LRBYZYxw6bjq7WAU1HH7FD29Vtc00uvfmIOPjfPllNnlbj52T-Op2Ni3liFIjEMeuldLlkPk-F5C4VAlQu00xmWsgqN8wjeltlFRrrtXJe28pptFJiJpnok9uz9lRc7kK9NeG3PJaXp_IDcXcmdqH9_MLYlZv2KzSHTyVoDkrDQSP-AHJ_WuA</recordid><startdate>20211221</startdate><enddate>20211221</enddate><creator>Anjum, Md Monowar</creator><creator>Iqbal, Shahrear</creator><creator>Hamelin, Benoit</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20211221</creationdate><title>ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection</title><author>Anjum, Md Monowar ; Iqbal, Shahrear ; Hamelin, Benoit</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a523-d0cf44d940f97341d73325947848634b9a0feefcb8beacf65df6cbd6ec44e8403</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Learning</topic><topic>Machine learning</topic><topic>Neural networks</topic><topic>Performance prediction</topic><toplevel>online_resources</toplevel><creatorcontrib>Anjum, Md Monowar</creatorcontrib><creatorcontrib>Iqbal, Shahrear</creatorcontrib><creatorcontrib>Hamelin, Benoit</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Anjum, Md Monowar</au><au>Iqbal, Shahrear</au><au>Hamelin, Benoit</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection</atitle><jtitle>arXiv.org</jtitle><date>2021-12-21</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUBIS design. Secondly, ANUBIS uses system provenance graphs to capture causality and thereby achieve high detection performance. At the core of the predictive capability of ANUBIS, there is a Bayesian Neural Network that can tell how confident it is in its predictions. We evaluate ANUBIS against a recent APT dataset (DARPA OpTC) and show that ANUBIS can detect malicious activity akin to APT campaigns with high accuracy. Moreover, ANUBIS learns about high-level patterns that allow it to explain its predictions to threat analysts. The high predictive performance with explainable attack story reconstruction makes ANUBIS an effective tool to use for enterprise cyber defense.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2112.11032</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2021-12 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2112_11032 |
| source | arXiv.org; Free E- Journals |
| subjects | Computer Science - Cryptography and Security Computer Science - Learning Machine learning Neural networks Performance prediction |
| title | ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T13%3A02%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=ANUBIS:%20A%20Provenance%20Graph-Based%20Framework%20for%20Advanced%20Persistent%20Threat%20Detection&rft.jtitle=arXiv.org&rft.au=Anjum,%20Md%20Monowar&rft.date=2021-12-21&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2112.11032&rft_dat=%3Cproquest_arxiv%3E2612562403%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2612562403&rft_id=info:pmid/&rfr_iscdi=true |