MirGuard: Towards a Robust Provenance-based Intrusion Detection System Against Graph Manipulation Attacks

TL;DR

MirGuard introduces a novel framework combining logic-aware data augmentation and contrastive learning to enhance provenance-based intrusion detection systems against graph manipulation attacks, significantly improving robustness without compromising accuracy.

Contribution

This paper presents MirGuard, the first robust detection framework that uses logic-aware augmentation and contrastive learning to defend against graph manipulation attacks in PIDS.

Findings

MirGuard outperforms existing detectors in robustness against graph manipulation attacks.

The framework maintains high detection accuracy and efficiency.

Comprehensive evaluations confirm its effectiveness across multiple datasets.

Abstract

Learning-based Provenance-based Intrusion Detection Systems (PIDSes) have become essential tools for anomaly detection in host systems due to their ability to capture rich contextual and structural information, as well as their potential to detect unknown attacks. However, recent studies have shown that these systems are vulnerable to graph manipulation attacks, where attackers manipulate the graph structure to evade detection. While some previous approaches have discussed this type of attack, none have fully addressed it with a robust detection solution, limiting the practical applicability of PIDSes. To address this challenge, we propose MirGuard, a robust anomaly detection framework that combines logic-aware multi-view augmentation with contrastive representation learning. Rather than applying arbitrary structural perturbations, MirGuard introduces Logic-Aware Noise Injection (LNI) to generate semantically valid graph views, ensuring that all augmentations preserve the underlying causal semantics of the provenance data. These views are then used in a Logic-Preserving Contrastive Learning framework, which encourages the model to learn representations that are invariant to benign transformations but sensitive to adversarial inconsistencies. Comprehensive evaluations on multiple provenance datasets demonstrate that MirGuard significantly outperforms state-of-the-art detectors in robustness against various graph manipulation attacks without sacrificing detection performance and efficiency. Our work represents the first targeted study to enhance PIDS against such adversarial threats, providing a robust and effective solution to modern cybersecurity challenges.