Exploring Answer Set Programming for Provenance Graph-Based Cyber Threat Detection: A Novel Approach
Fang Li, Fei Zuo, Gopal Gupta
TL;DR
This paper introduces a novel ASP-based framework for analyzing provenance graphs in cybersecurity, enabling complex queries, real-time threat detection, and forensic analysis with high scalability and adaptability.
Contribution
It presents an innovative ASP-based model for provenance graph analysis, enhancing security reasoning, threat detection, and forensic capabilities in cybersecurity.
Findings
Effective handling of large-scale provenance graphs
Enhanced expressiveness for complex security queries
Demonstrated threat detection and forensic analysis capabilities
Abstract
Provenance graphs are useful and powerful tools for representing system-level activities in cybersecurity; however, existing approaches often struggle with complex queries and flexible reasoning. This paper presents a novel approach using Answer Set Programming (ASP) to model and analyze provenance graphs. We introduce an ASP-based representation that captures intricate relationships between system entities, including temporal and causal dependencies. Our model enables sophisticated analysis capabilities such as attack path tracing, data exfiltration detection, and anomaly identification. The declarative nature of ASP allows for concise expression of complex security patterns and policies, facilitating both real-time threat detection and forensic analysis. We demonstrate our approach's effectiveness through case studies showcasing its threat detection capabilities. Experimental results…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsTopic Modeling · Logic, Reasoning, and Knowledge · Semantic Web and Ontologies