LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering

<div>Two different behavior provenance graphs. Checking mail is a normal behavior and word macro virus is a threat behavior.</div>

Security and Communication Networks

Figure 3: LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering 