FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Mati Ur Rehman, Hadi Ahmadi, Wajih Ul Hassan
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
In the realm of modern cybersecurity, the detection of highly sophisticated cyberattacks, particularly **Advanced Persistent Threats (APTs)**, remains a formidable challenge. These stealthy and protracted attacks target critical organizations and governments, incurring significant financial losses, with the IBM Data Breach Report 2023 citing an average global cost of $4.45 million per APT attack—a 15% increase over three years. Moreover, 97% of organizations have reported an increase in cyber threats since 2022, with the average lifecycle of an attack spanning 277 days from identification to containment. Addressing this pressing need, the talk "FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning" introduces an innovative anomaly-based intrusion detection system designed to combat these evolving threats.
AI review
FLASH presents a technically sound and impactful approach to provenance-based intrusion detection, effectively addressing long-standing issues of efficiency and false positives. The novel GNN embedding recycling technique, combined with temporal-aware semantic featurization, delivers a robust solution for detecting APTs and zero-days with fine-grained alerts and minimal overhead. This is a pragmatic advancement for real-world defense.