top of page

SHADEWATCHER Recommendation-guided Cyber Threat Analysis

We often talk about it and you already know it, recommendation systems are taking over the world! (you wish)

Today we are talking about SHADEWATCHER. It is a tool that uses the principles of collaborative recommender systems to perform attack detection.

This system uses data provenance analysis on audit records to search for anomalies or known attack patterns. It addresses limitations of existing approaches such as generating false alarms, relying on expert knowledge, and producing coarse-grained detection signals. SHADEWATCHER uses graph neural networks to improve detection effectiveness and is equipped with dynamic updates to better generalize to false alarms.

In the end, this tool is quite effective! The system was evaluated against real-life and simulated cyber-attack scenarios and showed high precision and recall rates and was able to identify threats from nearly a million system entity interactions within seconds.

So, does this tool have a good future for attack detection?

Recent Posts

See All

The article introduces AI-powered investigation capabilities in Chronicle Security Operations, a platform by Google Cloud. It highlights the challenges faced by security teams in investigating and res

What is Sigma ? Sigma is a project presented as a generic and open signature format for SIEM detection rules. The idea is to provide a structured form in which researchers or analysts can describe the

Follow our adventures !

  • Discord
  • Twitter
  • Linkedin

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page