Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection
Lingzhi Wang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Network Security 1
In an era dominated by sophisticated **Advanced Persistent Threats (APTs)**, traditional intrusion detection systems (IDS) struggle to keep pace with the evolving tactics of cyber attackers. This talk by Lingzhi Wang at the NDSS Symposium introduces a novel approach to provenance-based intrusion detection, addressing a critical dilemma: how to achieve both high accuracy and exceptional efficiency. Titled "Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection," the work presents **CAPTAIN**, a system designed to transform the rigid, non-differentiable nature of rule-based detection into a flexible, learning-capable framework by integrating gradient-based optimization.
AI review
CAPTAIN is legitimate systems security research — the core idea of making taint-propagation rules differentiable so you can gradient-descend your way to better parameters is genuinely clever and not something I've seen packaged this way before. The problem it's solving (rule-based provenance IDS drowning in false positives, embedding-based IDS too heavy for production) is real and the parameterization approach (integrity scores, propagation rates, alarm thresholds as learnable scalars) is a clean framing. But the transcript reads like a summary document, not a talk, and the evaluation…