| Citation |
Title |
| [Anderson'72b] |
Computer Security Technology Planning Study, Volume 2 |
| [Anderson'80] | Computer Security Threat Modeling and Surveillance |
| [TSSEC'85] | Trusted Computer System Evaluation Criteria |
| [TSSEC'88] | A Guide to Understanding Audit in Trusted Systems |
| [Sebring'88] | Expert Systems in Intrusion Detection: A Case Study |
| [Seiden'90] | The auditing facility for a VMM security kernel |
| [Hofmeyr'98] | Intrusion Detection Using Sequences of System Calls |
| [Du'16] | DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning |
| [Ede'22] | DeepCASE: Semi-Supervised Contextual Analysis of Security Events |
| [Shen'18] | Tiresias: Predicting Security Events Through Deep Learning |
| [Alahmadi'22] | 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms |
| [Kokulu'19] | Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues |
| [Stevens'18] | The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level |
| [Hielscher'23] | Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers |
| [Mink'23] | Everybody’s Got ML, Tell Me What Else You Have: Practitioners’ Perception of ML-Based Security Tools and Explanations |
| [Kersten'23] | Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center |
| [Schlette'24] | Do You Play It by the Books? A Study on Incident Response Playbooks and Influencing Factors |
| [Vermeer'22] | Alert Alchemy: SOC Workflows and Decisions in the Management of NIDS Rules |
| [Shreeve'23] | Making Sense of the Unknown: How Managers Make Cyber Security Decisions |
| [Woods'23] | Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys |
| [Arce'24] | Economics of incident response panels in cyber insurance |
| [Gumusel'24] | Understanding Legal Professionals’ Practices and Expectations in Data Breach Incident Reporting |
| [Kasturi'20] | TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks |
| [Jin'23] | Sharing cyber threat intelligence: Does it really help? |
| [Li'22] | AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports |
| [Bouwman'22] | Helping hands: Measuring the impact of a large threat intelligence sharing community |
| [Hassan'20] | Tactical Provenance Analysis for Endpoint Detection and Response Systems |
| [Kwon'21] | C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis |
| [Fang'22] | Back-Propagating System Dependency Impact for Attack Investigation |
| [Milajerdi'21] | POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting |
| [Xu'22] | DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation |
| [Ding'23] | AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts |
| [Zeng'21] | WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics |
| [Alsaheel'21] | ATLAS: A Sequence-based Learning Approach for Attack Investigation |
| [Jia'24] | MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning |
| [Goyal'23] | Sometimes, You Aren't What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems |
| [Zeng'22] | ShadeWatcher: Recommendation-guided Cyber Threat Analysis using System Audit Records |
| [Yang'23] | PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding |
| [Wang'20] | You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis |
| [Cheng'24] | KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance |
| [Rehman'24] | FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning |
| [Goyal'24] | R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection |
| [Li'24] | NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation |
| [Uetz'24] | You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks |
| [Jing'23] | Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation |
| [Gandhi'23] | Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability |
| [Paccagnella'20] | Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks |
