LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering

<div>The provenance graph for the macro viruses attack scenario. Rectangles represent processes, diamonds represent IPs, and rounded rectangles represent files.</div>

Security and Communication Networks

fig2

Figure 2

Figure 2: LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering 