CS 598
Overview
Schedule
Papers
Assignments
Annotated Bibliography
Papers
Citation
Title
[Anderson'72b]
Computer Security Technology Planning Study, Volume 2
[Anderson'80]
Computer Security Threat Modeling and Surveillance
[TSSEC'85]
Trusted Computer System Evaluation Criteria
[TSSEC'88]
A Guide to Understanding Audit in Trusted Systems
[Sebring'88]
Expert Systems in Intrusion Detection: A Case Study
[Seiden'90]
The auditing facility for a VMM security kernel
[Hofmeyr'98]
Intrusion Detection Using Sequences of System Calls
[Du'16]
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
[Ede'22]
DeepCASE: Semi-Supervised Contextual Analysis of Security Events
[Shen'18]
Tiresias: Predicting Security Events Through Deep Learning
[Alahmadi'22]
99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms
[Kokulu'19]
Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
[Stevens'18]
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
[Hielscher'23]
Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers
[Mink'23]
Everybody’s Got ML, Tell Me What Else You Have: Practitioners’ Perception of ML-Based Security Tools and Explanations
[Kersten'23]
Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center
[Schlette'24]
Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing Factors
[Vermeer'22]
Alert Alchemy: SOC Workflows and Decisions in the Management of NIDS Rules
[Shreeve'23]
Making Sense of the Unknown: How Managers Make Cyber Security Decisions
[Woods'23]
Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys
[Arce'24]
Economics of incident response panels in cyber insurance
[Gumusel'24]
Understanding Legal Professionals’ Practices and Expectations in Data Breach Incident Reporting
[Kasturi'20]
TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks
[Jin'23]
Sharing cyber threat intelligence: Does it really help?
[Li'22]
AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports
[Bouwman'22]
Helping hands: Measuring the impact of a large threat intelligence sharing community
[Hassan'20]
Tactical Provenance Analysis for Endpoint Detection and Response Systems
[Kwon'21]
C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
[Fang'22]
Back-Propagating System Dependency Impact for Attack Investigation
[Milajerdi'21]
POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting
[Xu'22]
DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation
[Ding'23]
AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts
[Zeng'21]
WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics
[Alsaheel'21]
ATLAS: A Sequence-based Learning Approach for Attack Investigation
[Jia'24]
MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
[Goyal'23]
Sometimes, You Aren't What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems
[Zeng'22]
ShadeWatcher: Recommendation-guided Cyber Threat Analysis using System Audit Records
[Yang'23]
PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding
[Wang'20]
You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis
[Cheng'24]
KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance
[Rehman'24]
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
[Goyal'24]
R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection
[Li'24]
NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation
[Uetz'24]
You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks
[Jing'23]
Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation
[Gandhi'23]
Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability
[Paccagnella'20]
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
