This paper systematically evaluates Provenance-based Intrusion Detection Systems (PIDSes) in real industrial scenarios, revealing that existing systems struggle with data heterogeneity, advanced attac…

The paper introduces Auto-Prov, an end-to-end framework that uses Large Language Models (LLMs) to automatically construct functional-embedded provenance graphs from diverse logs, enhancing anomaly det…

GRASP introduces a novel graph-based anomaly detection system that uses masked self-supervised classification on process provenance graphs to robustly identify unknown and unknown-unknown anomalous be…

NeuroTrace introduces a novel framework using Inference Provenance Graphs (IPGs) to analyze the information flow during deep neural network inference, demonstrating that this provenance provides a rob…

ProHunter is an efficient and accurate system that uses whole-system provenance graphs to proactively hunt for Advanced Persistent Threats (APTs), outperforming existing methods in both efficiency and…

This paper provides the first longitudinal analysis of log-based detection rule evolution in public repositories, finding that rule changes reflect ongoing operational trade-offs rather than steady co…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

This survey proposes a proactive, lifecycle-based framework, utilizing the C5 Interaction Model, to detect emerging adversarial synthetic narratives generated by GenAI, moving beyond traditional react…

This survey proposes a proactive, lifecycle-based framework, utilizing the C5 Interaction Model, to detect emerging adversarial synthetic narratives generated by Generative AI, moving beyond tradition…

The paper systematically evaluates various tabular representation learning techniques to automatically extract robust features from NetFlow data for network intrusion detection, finding that supervise…

GenDetect introduces a novel framework to rapidly generalize detection rules from single observed DeFi exploits, significantly improving resilience against subsequent, similar 'Imitative Attack Cascad…

The paper proposes ExAI5G, a logic-based explainable AI framework that integrates a Transformer-based IDS with XAI techniques to provide highly accurate and transparent intrusion detection for 5G netw…

The paper demonstrates that simpler, shallower Deep Neural Network architectures with reduced features and ReLU activations can inherently improve the robustness of ML-NIDS against gradient-based adve…

The paper proposes reframing mechanistic anomaly detection (MAD) as a functional attribution problem, using influence functions to measure how much a model's output depends on specific input samples,…

This Survey of Knowledge (SoK) identifies a disconnect between academic NIDS research and real-world operational contexts, proposing foundational changes to reshape future research.

SCAFDS introduces a novel, seven-stage graph attention system that models fraud propagation using co-occurrence edge features and generates forensically traceable SAR narratives, significantly improvi…

MA-IDS proposes a Multi-Agent RAG framework that uses LLMs and a self-building Experience Library to achieve explainable and self-improving intrusion detection for resource-constrained IoT networks.

The paper proposes a unified closed-loop threat taxonomy to systematically analyze and defend foundation models by explicitly framing the bidirectional security interactions between data and models.

The paper introduces Landseer, a modular framework designed to systematically evaluate and compose multiple machine learning defenses to address complex, real-world security requirements.

The paper evaluates AI's effectiveness in detecting network intrusions and cryptographic side-channel leakage, finding high accuracy in stable environments but performance degradation with novel traff…