Skip to content
/ provdp Public

ProvDP: Differential Privacy for System Provenance Dataset

License

BSD-3-Clause license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kunmukh/provdp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
DP
DP
 
 
GNN-based-IDS
GNN-based-IDS
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ProvDP: Differential Privacy for System Provenance Dataset

Reproducibility artifacts for the paper ProvDP: Differential Privacy for System Provenance Dataset.

Environment Setup

  1. Create a new virtual environment: pip -m venv venv or conda create --name provdp python=3.11
  2. Activate virtual environment: source venv/bin/activate or conda activate provdp
  3. Install dependencies via pip install -r requirements.txt

Note: Scripts are ran using python -m to avoid having to manipulate the PYTHONPATH environment variable.

Directory Structure

Directory Description
DP Directory containing the code and data to execute the DP algorithm.
GNN-based-IDS Directory containing the code and data files for GNN-based IDS execution.

ProvDP

  • To run the ProvDP pipeline, run the following command. More information on the arguments can be found in the parse_args() function in perturb.py.
$ python -m src.cli.perturb -i ../FiveDirections/benign-500 -o ../FiveDirections/benign-500-dp --epsilon 1 --alpha 0.7 --beta 0.1 --gamma 0.1 --eta 0.1

ProvNinja [1]

  • Driver script for Prov-GAT, which is a GAT based IDS that detects anomalous graphs.
  • Separated the benign and malicious graphs from the FiveDirections DARPA Transparent Computing Dataset and stored them in FiveDirections directory.
  • ProvDP processed FiveDirections benign and anomalous graphs are available in FiveDirections-DP directory.
$ python provgat.py -if 768 -hf 64 -lr 0.001 -e 50 -n 7 -bs 16 -dl 'C:\Users\prov-dp\GNN-based-IDS\Data\FiveDirections\\' --device cpu -at 0.01
$ python provgat.py -if 768 -hf 64 -lr 0.001 -e 50 -n 7 -bs 16 -dl 'C:\Users\prov-dp\GNN-based-IDS\Data\FiveDirections-DP\\' --device cpu -at 0.01

Citing Us

@inproceedings{mukherjee2025provDP,
	title        = {ProvDP: Differential Privacy for System Provenance Dataset},
	author       = {Kunal Mukherjee and Jonathan Yu and Partha De and Dinil Mon Divakaran},
	year         = 2025,
	booktitle    = {23rd Conference on Applied Cryptography and Network Security (ACNS)},
	series       = {ACNS '25}
}

References

[1] K. Mukherjee, et al., “Evading Provenance-Based ML Detectors with Adversarial System Actions,” in USENIX Security Symposium (SEC), 2023.

About

ProvDP: Differential Privacy for System Provenance Dataset

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages