Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach
Reviewed by Pithpith:DFBMAVYIopen to challenge →
read the original abstract
We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representation of the attack timelines where individual nodes represent malicious activity detections with connections describing the potential attack paths. This work demonstrates adaptability to different attack patterns through implementing a novel method for parsing and classifying alert graphs while maintaining efficacy despite potentially low-dimension node features.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection
CSTS is introduced as a canonical, AI-ready telemetry substrate that harmonizes heterogeneous cyber data into a common representation supporting anomaly detection, graph learning, and agentic AI.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.