Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

KAIROS – New Intrusion Detection Approach to Enhance Performance

Structured audit logs, known as provenance graphs, outline system execution history, and recent studies investigate using them for automated host intrusion detection, stressing on APTs mainly.

The following cybersecurity researchers from their respective institutions and universities conducted a new study in which they unveiled “KAIROS”:-

  • Zijun Cheng (School of Cyber Security, University of Chinese Academy of Sciences, China, Institute of Information Engineering, Chinese Academy of Sciences, China)
  • Qiujian Lv (Institute of Information Engineering, Chinese Academy of Sciences, China)
  • Jinyuan Liang (University of British Columbia, British Columbia, Canada)
  • Degang Sun (Institute of Information Engineering, Chinese Academy of Sciences, China)
  • Thomas Pasquier (University of British Columbia, British Columbia, Canada)
  • Xueyuan Han (Wake Forest University, North Carolina, United States)

While KAIROS is the new practical intrusion detection approach that improves the performance of the detection.

KAIROS utilizes the unique graph neural network encoder-decoder to learn temporal provenance graph structural changes, and then it measures the degree of the unusual event effectively.

New intrusion detection employs kernel-level causal dependency graphs. It detects provenance malicious events that may appear identical but differ due to temporal or spatial aspects.

System-level Data Provenance

The data provenance at the system level tracks flows among kernel objects like:-

  • Processes
  • Files
  • Sockets

While the provenance graph models the interactions with directed edges representing system call results.

KAIROS primarily analyzes the network-wide kernel interactions, which is essential for detecting complex intrusions like APTs that span hosts and applications.

Provenance summary graph (Source – Arxiv)

KAIROS Intrusion Detection

KAIROS detects APTs, and reconstructs scenarios without prior attack knowledge, but assumes existing system hardening for audit framework security.

For anomaly detection in provenance graphs, correlating anomalies based on kernel object info flows, KAIROS utilizes advanced deep graph learning with causal dependencies.

Not only that, even for efficient human-in-the-loop forensic analysis, KAIROS also offers concise, insightful summary graphs.

Here below, we have mentioned the four major components of the architecture of KAIROS:-

  • Graph Construction and Representation
  • Graph Learning
  • Anomaly Detection
  • Anomaly Investigation
KAIROS’ architecture (Source – Arxiv)

Besides this, for datasets, researchers opted two options:-

  • Manzoor et al.
  • DARPA

Here, the researchers utilized DARPA’s TC and OpTC program datasets, simulating real-world APTs on enterprise networks. 

While the red team launched attacks on security-critical services while engaging in benign activities. A separate team employed provenance capture systems (CADETS, ClearScope, THEIA) across platforms for host activity recording.

KAIROS is one of the first systems in its category that detects anomalies and forms attack graphs without prior information. Apart from this, it excels in real-time monitoring, outperforms competitors, and adds minimal load.

Source: https://cybersecuritynews.com/kairos-intrusion-detection/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO