Provenance-based Forensic and Incident Analysis

Lead Research Organisation: University of Bristol
Department Name: Computer Science

Abstract

This research aims to develop AI based techniques for detecting and interpreting cyberattacks using provenance graphs. Recent work has shown the effectiveness of graph-based machine learning models at detecting attacks in provenance data. However, provenance graphs are extremely complex and thus detected attacks remain difficult to interpret by humans. Therefore, this project will investigate and develop explainable and interpretable machine learning methods for helping humans understand, for example, where an attack originated from, the steps involved in the attack, and the impact of the attack.

Publications

10 25 50

Studentship Projects

Project Reference Relationship Related To Start End Student Name
EP/S022465/1 01/04/2019 30/09/2027
2280675 Studentship EP/S022465/1 23/09/2019 30/09/2023 Priyanka Keshav Badva