Sometimes Simpler is Better - A Comprehensive Analysis of State-of-the-Art Provenance-Based Intrusion Detection Systems

Explore a comprehensive research presentation that critically examines the practical viability of provenance-based intrusion detection systems (PIDSs) through implementation and analysis of eight state-of-the-art systems within a unified framework. Discover how researchers identified nine key shortcomings that prevent these systems from real-world deployment despite their reported near-perfect detection performance in academic settings. Learn about extensive experimental evaluations using cybersecurity-oriented metrics that quantify the impact of these limitations, and examine proposed solutions for addressing practical deployment challenges. Understand how the research demonstrates that simpler approaches often outperform complex systems, with a basic neural network achieving state-of-the-art detection performance on five of seven DARPA datasets while providing faster, lighter, and real-time detection capabilities. Gain insights into critical open research challenges that remain unaddressed in current literature and explore the researchers' open-source framework and pre-processed datasets designed to support consistent evaluation and future advancements in provenance-based intrusion detection.