HADES introduces the first provenance IDS for cross-machine tracing in AD attacks using logon session based execution partitioning, on-demand anomaly detection, and a triage algorithm, outperforming open-source and commercial detectors in evaluations.
Elastic Detection Rules
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2024 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
HADES: Detecting Active Directory Attacks via Whole Network Provenance Analytics
HADES introduces the first provenance IDS for cross-machine tracing in AD attacks using logon session based execution partitioning, on-demand anomaly detection, and a triage algorithm, outperforming open-source and commercial detectors in evaluations.