Review of threat discovery and forensic analysis based on system provenance graph

Tao LENG; Lijun CAI; Aimin YU; Ziyuan ZHU; Jian’gang MA; Chaofei LI; Ruicheng NIU; Dan MENG

Tongxin xuebao (Jul 2022)

Review of threat discovery and forensic analysis based on system provenance graph

Tao LENG,
Lijun CAI,
Aimin YU,
Ziyuan ZHU,
Jian’gang MA,
Chaofei LI,
Ruicheng NIU,
Dan MENG

Affiliations

Tao LENG
Lijun CAI
Aimin YU
Ziyuan ZHU
Jian’gang MA
Chaofei LI
Ruicheng NIU
Dan MENG

Journal volume & issue: Vol. 43
pp. 172 – 188

Abstract

Read online

By investigating works of literature related to provenance graph research, a research framework for network threat discovery and forensic analysis based on system-level provenance graph was proposed.A detailed overview of data collection, data management, data query, and visualization methods based on provenance graphs was provided.The rule-based, anomaly-based, and learning-based threat detection classification methods were proposed.Threats based on threat intelligence or based on strategy, technology, and process-driven threats hunting methods were summarized.Forensic analysis methods based on causality, sequence learning, language query and semantic reconstruction in special fields were summarized.Finally, the future research trends were pointed out.

provenance graph;advanced persistent threat;threat discovery;forensic analysis;graph neural network

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords