We often talk about it and you already know it, recommendation systems are taking over the world! (you wish)
Today we are talking about SHADEWATCHER. It is a tool that uses the principles of collaborative recommender systems to perform attack detection.
This system uses data provenance analysis on audit records to search for anomalies or known attack patterns. It addresses limitations of existing approaches such as generating false alarms, relying on expert knowledge, and producing coarse-grained detection signals. SHADEWATCHER uses graph neural networks to improve detection effectiveness and is equipped with dynamic updates to better generalize to false alarms.
In the end, this tool is quite effective! The system was evaluated against real-life and simulated cyber-attack scenarios and showed high precision and recall rates and was able to identify threats from nearly a million system entity interactions within seconds.
So, does this tool have a good future for attack detection?