An End-to-End Framework for Functionality-Embedded Provenance Graph Construction and Threat Interpretation

ArXi:2603.17100v1 Announce Type: cross Provenance graphs model causal system-level interactions from logs, enabling anomaly detectors to learn normal behavior and detect deviations as attacks. However, existing approaches rely on brittle, manually engineered rules to build provenance graphs, lack functional context for system entities, and provide limited for analyst investigation.