LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering

<table class="table-group" id="tab4"><tr><td><table class="table"><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr class="thead"><td class="align_left">Scenario</td><td class="align_center">Min distance</td><td class="align_center">Number of graphs</td><td class="align_center">Accuracy (%)</td></tr><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr><td class="align_left">OceanLotus [<a href="/journals/scn/2022/4577141/#B37" target="_blank">37</a>]</td><td class="align_center">11.468</td><td class="align_center">1</td><td class="align_center">100</td></tr><tr><td class="align_left">APT28 [<a href="/journals/scn/2022/4577141/#B38" target="_blank">38</a>]</td><td class="align_center">10.734</td><td class="align_center">1</td><td class="align_center">100</td></tr><tr><td class="align_left">Kimsuky [<a href="/journals/scn/2022/4577141/#B39" target="_blank">39</a>]</td><td class="align_center">9.278</td><td class="align_center">1</td><td class="align_center">100</td></tr><tr><td class="align_left">Unknown attack 1</td><td class="align_center">3.136</td><td class="align_center">1</td><td class="align_center">100</td></tr><tr><td class="align_left">Unknown attack 2</td><td class="align_center">5.121</td><td class="align_center">1</td><td class="align_center">100</td></tr><tr><td class="align_left">Cyber weapons</td><td class="align_center">4.257</td><td class="align_center">2</td><td class="align_center">100</td></tr><tr><td class="align_left">Check mails</td><td class="align_center">0.594</td><td class="align_center">483</td><td class="align_center">72.3</td></tr><tr class="table-tr"><td colspan="4"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Clustering result of some scenarios.</div>

Security and Communication Networks

tab4

Table 4

Table 4: LogKernel: A Threat Hunting Approach Based on Behaviour Provenance Graph and Graph Kernel Clustering 