[SECURITY-L] Devil in the Noise: Detecting Advanced Persistent Threats with Backbone Extraction

Quarta Agosto 13 16:56:57 -03 2025

Retransmitindo Convite de Palestra.

Prezados membros do CT-MON e comunidade de Redes e Sistemas Distribuídos,

Desde o ano passado, o Comitê Técnico de Monitoramento de Redes da RNP vem
organizando palestras de pesquisadores convidados e convidando a comunidade
brasileira para participar e se engajar às atividades do CT-Mon. Em 2024
tivemos nomes como Mark Crovella (Boston University) e Marco Fiore (IMDEA
Espanha).

Na segunda-feira, dia 18/08/2025, às 11hs teremos mais uma palestra. Segue
abaixo mais informações e convidamos a todos a participarem.

Pedimos desculpas por eventuais duplicações e que nos ajudem enviando esse
convite aos seus respectivos grupos de pesquisa e pessoas interessadas.

Palestrante: Fabrício Murai
Instituição: Worcester Polytechnic Institute (WPI)
Data e hora: 18/08/2025, às 11hs
Link: *https://conferenciaweb.rnp.br/rnp/ct-mon
<https://conferenciaweb.rnp.br/rnp/ct-mon> *

Título da palestra: Devil in the Noise: Detecting Advanced Persistent
Threats with Backbone Extraction

Breve resumo da palestra: In the dynamically developing field of cyber
security, the detection and differentiated analysis of system attacks
represents a constant challenge. While conventional methods primarily
analyze raw data to detect anomalies, data provenance shows promising
results to advance host intrusion detection systems. However, detecting
slow-and-low attacks such as APT campaigns still poses a challenge.
Therefore, this work presents backbone extraction as a crucial
preprocessing step, filtering out irrelevant edges to detect residuals with
distinctive node and edge distributions that indicate security threats. By
applying our methodology to state-of-the-art benchmark datasets, we
observed an increase in the performance of one-class classifiers by up to
62% on F1-score and 48% on recall in the Streamspot dataset and by up to
40% on F1-score and 33% on recall in the DARPA3 THEIA dataset. Moreover,
our results indicate mitigation of the dependency explosion problem and
underscore the ability of our methodology to improve the detection
landscape by shrinking graph sizes without losing essential aspects capable
of characterizing attacks.

[image: image.png]

Breve CV: Dr. Fabricio Murai is an Assistant Professor in Computer Science,
AI and Data Science at WPI. Before joining, Fabricio Murai was a tenured
faculty member in the Department of Computer Science at the Universidade
Federal de Minas Gerais, Brazil. He received his Ph.D. in Computer Science
at University of Massachusetts, Amherst in 2016.  Dr. Murai's research
focuses on developing innovative AI techniques that (i) leverage the
interconnections among real-world entities, (ii) enhance our comprehension
of society through the analysis of online data, and (iii) ensure equitable
outcomes in high-stakes applications. He has published in top conferences
in the field of AI and Data Mining, such as the AAAI Conference on
Artificial Intelligence, ACM SIGKDD Conference on Knowledge Discovery and
Data Mining, SIAM International Conference on Data Mining, as well as top
scientific journals such as Data Mining and Knowledge Discovery, ACM TKDD
and PLOS ONE.

---
Antonio A. de A. Rocha, Associate Professor
Computer Science Department (DCC)
Institute of Computing (IC)
Fluminense Federal University (UFF)
http://www.ic.uff.br/~arocha

Computer Security Incident Response Team - CSIRT
Diretoria Executiva de Tecnologia da Informação e Comunicação - DETIC
Universidade Estadual de Campinas - Unicamp
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20250813/c1ccd817/attachment-0001.html>
-------------- Próxima Parte ----------
Um anexo não-texto foi limpo...
Nome: image.png
Tipo: image/png
Tamanho: 591970 bytes
Descrição: não disponível
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20250813/c1ccd817/attachment-0001.png>