Can Data Provenance Put an End to the Data Breach?

  title={Can Data Provenance Put an End to the Data Breach?},
  author={Adam Bates and Wajih Ul Hassan},
  journal={IEEE Security \& Privacy},
In September 2017, the world awoke to the news that Equifax, a consumer reporting agency and one of the pillars of the American credit system, fell prey to a data breach that led to the exposure of 147 million individuals' personal information. For Equifax, the coming weeks would include high-profile executive resignations, a steep drop in its stock prices, and an infamously ill-conceived public outreach effort; however, eventually the public's attention turned elsewhere. After all, Equifax was… 

Figures from this paper

Tactical Provenance Analysis for Endpoint Detection and Response Systems

An effort to bring the benefits of data provenance to commercial EDR tools by introducing the notion of Tactical Provenance Graphs (TPGs) that, rather than encoding low-level system event dependencies, reason about causal dependencies between EDR-generated threat alerts.

Privacy Leaks Protection in Music Streaming Services Using an Intelligent Permissions Management System

  • Qian Wang
  • Computer Science
    Computational intelligence and neuroscience
  • 2022
This paper suggests designing an intelligent consensus policy management system based on the Markov chain approach that would analyze the present status of the consensus elements for future development and anticipates the possibility of possible breaches of sensitive personal data.

Confrontation-Wi-Fi Risks and Data Breach

A New Password manager with PWNING check is introduced in this paper which helps to every organisation to keep the user-account data safe and will enlighten the wisdom of every internet user and acts as guard.

Comprehending Taiwan ATM Heist: From Cyber-attack Phases to Investigation Processes

  • Da-Yu Kao
  • Computer Science
    2020 22nd International Conference on Advanced Communication Technology (ICACT)
  • 2020
An incident investigation strategy from ISO/IEC 27043:2015 is proposed to embed cyber-attack phases and detect ATM heist and it is demonstrated how this strategy can provide investigators with exceptional abilities to interpret evidence.

Efficient Feature Selection for Static Analysis Vulnerability Prediction

This paper examines features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction and investigates the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors.

Increasing Cyber Defense in the Music Education Sector Using Blockchain Zero-Knowledge Proof Identification

  • Ying Zhang
  • Computer Science
    Computational intelligence and neuroscience
  • 2022
This work proposes a single and robust identification scheme based on an innovative zero-knowledge proof (ZNP) system, which allows one side of communication to convince the other of its validity.



Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs

It is shown that Winnower dramatically reduces storage and network overhead associated with aggregating system audit logs, by as much as 98%, without sacrificing the important information needed for attack investigation, and represents a significant step forward for security monitoring in distributed systems.

NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage

NODOZE generates alert dependency graphs that are two orders of magnitude smaller than those generated by traditional tools without sacrificing the vital information needed for the investigation, and decreases the volume of false alarms by 84%, saving analysts’ more than 90 hours of investigation time per week.

High Accuracy Attack Provenance via Binary-based Execution Partition

The technique, called BEEP, has negligible runtime overhead (< 1.4%) and low space overhead (12.28% on average) and is effective in capturing the minimal causal graph for every attack case the authors have studied, without any dependence explosion.

LogGC: garbage collecting audit log

This paper identifies and overcome the unique challenges of garbage collection in the context of computer forensic analysis, which makes LogGC different from traditional memory GC techniques.

HERCULE: attack story reconstruction via community discovery on correlated log graph

HerCULE is an automated multi-stage log-based intrusion analysis system inspired by graph analytics research in social network analysis that can reconstruct attack behaviors from a spectrum of cyber attacks that involve multiple stages with high accuracy and low false positive rates.

PROV-DM: The PROV Data Model

This document introduces the provenance concepts found in PROV and defines PROV-DM types and relations.

Backtracking intrusions

The goal of BackTracker is to identify automatically potential sequences of steps that occurred in an intrusion to identify files and processes that could have affected that detection point and displays chains of events in a dependency graph.

The numbers game : How many alerts is too many to handle ? ” Aug . 2018

  • 2013

Actions taken by Equifax and federal agencies in response to the 2017 breach , ” Aug . 2018 . [ Online ]

  • “ Introducing Microsoft Azure Sentinel , intelligent security analytics for your entire enterprise , ” Microsoft Corporation , Feb . 2019 Introduction to polygraphs

The numbers game : How many alerts is too many to handle ? ” Aug . 2018

  • 2013