2024.bib

@inproceedings{10.1007/978-3-031-57540-2_3,
  author = {Gesell, Jan Eske and Buchta, Robin and Dangendorf, Kilian and Franzke, Pascal and Heine, Felix and Kleiner, Carsten},
  editor = {Mosbah, Mohamed and S{\`e}des, Florence and Tawbi, Nadia and Ahmed, Toufik and Boulahia-Cuppens, Nora and Garcia-Alfaro, Joaquin},
  title = {Comparative Analysis of Reduction Methods on Provenance Graphs for APT Attack Detection},
  booktitle = {Foundations and Practice of Security},
  year = {2024},
  publisher = {Springer Nature Switzerland},
  address = {Cham},
  pages = {28--39},
  abstract = {Data reduction is a critical aspect of current research in advanced persistent threat attack detection. The challenge is handling the huge amount of data generated by system logging, which exposes dependencies among system entities, often depicted as provenance graphs. Data reduction methods aim to reduce the data size of provenance graphs, but their evaluation on non-public datasets limits the results' transferability and general applicability. This study compares state-of-the-art reduction methods for APT Attack Detection on publicly available provenance graph datasets, exploring their dependencies on graph characteristics and attack detection methods. One outcome of the work is that the effectiveness of many reduction methods depends highly on the underlying data. And secondly, using a reduction method does not necessarily negatively affect detection quality.},
  isbn = {978-3-031-57540-2}
}