Kunal Mukherjee

System provenance analysis has become the predominant approach for defending against sophisticated attackers. System provenance analysis captures causal and informational flow dependencies by correlating telemetry data across key system resources such as processes, files, and network sockets. These dependencies are efficiently represented as system prove- nance graphs, which are directed, heterogeneous, and multi-attributed. These system prove- nance graphs can be used by Provenance-based Intrusion Detection Systems (PIDSs) to train adaptive behavioral Machine Learning (ML) models for intrusion detection tasks. PIDSs can effectively thwart Advanced Persistent Threat (APT) actors and Fileless Malware writers since they can measure the program behavioral deviations. Graph Neural Networks (GNNs) are the de-facto standard for learning from graphs. Consequently, GNN-based PIDS can detect zero-day and mimicry attacks by measuring deviations in program behavior.

Despite their undeniable advantages, modern PIDSs still face several open problems: (1) current system provenance analysis techniques are designed primarily for resource-rich en- vironments, leaving IoT ecosystems vulnerable; (2) the resilience of PIDS against dedicated adversaries have not been fully examined; (3) GNN-based PIDS operate as black-box models, lacking transparency in their detection decisions.

This dissertation addresses these three key challenges in system provenance analysis: ex- tending provenance analysis to IoT environments, improving robustness against adversarial attacks, and enhancing the explainability of GNN-based PIDS.

First, we introduce ProvIoT, a federated edge-cloud security framework that brings PIDSs to resource-constrained IoT devices. ProvIoT leverages federated learning to minimize network and computational overhead while maintaining high accuracy in detecting stealthy attacks, even in diverse real-world environments.

Next, we present ProvNinja, an adversarial testing framework designed to evaluate the robustness of PIDSs against realistic evasive attacks. ProvNinja generates adversarial attack variants that closely mimic benign system behaviors, allowing it to effectively test the resilience of State-of-The-Art (SOTA) PIDSs. Our experiments reveal vulnerabilities in current security models, leading to reduced detection rates in realistic attack scenarios.

Finally, we develop ProvExplainer, an explainability framework for GNN-based PIDSs to provide interpretable, security-focused explanations. ProvExplainer projects the GNN’s decision boundaries onto the interpretable surrogate model’s feature space (e.g., discrimi- native subgraph patterns). By integrating with SOTA GNN explainers, ProvExplainer improves both precision and recall in explaining stealthy attacks (i.e., APTs campaigns and Fileless malware) detections, offering a transparent and verifiable tool for security operations.

Together, these contributions offer scalable, robust, and explainable security solutions for increasingly interconnected and vulnerable digital infrastructure.

We present PROVNINJA, a framework designed to generate adversarial attacks that aim to elude provenance-based Machine Learning (ML) security detectors. PROVNINJA is designed to identify and craft adversarial attack vectors that statistically mimic and impersonate system programs.

Leveraging the benign execution profile of system processes commonly observed across a multitude of hosts and networks, our research proposes an efficient and effective method to probe evasive alternatives and devise stealthy attack vectors that are difficult to distinguish from benign system behaviors. PROVNINJA's suggestions for evasive attacks, originally derived in the feature space, are then translated into system actions, leading to the realization of actual evasive attack sequences in the problem space.

When evaluated against State-of-The-Art (SOTA) detector models using two realistic Advanced Persistent Threat (APT) scenarios and a large collection of fileless malware samples, PROVNINJA could generate and realize evasive attack variants, reducing the detection rates by up to 59%. We also assessed PROVNINJA under varying assumptions on adversaries' knowledge and capabilities. While PROVNINJA primarily considers the black-box model, we also explored two contrasting threat models that consider blind and white-box attack scenarios.

Internet of Things (IoT) devices have increased drastically in complexity and prevalence within the last decade. Alongside the proliferation of IoT devices and applications, attacks targeting them have gained popularity. Recent large-scale attacks such as Mirai and VPNFilter highlight the lack of comprehensive defenses for IoT devices. Existing security solutions are inadequate against skilled adversaries with sophisticated and stealthy attacks against IoT devices. Powerful provenance-based intrusion detection systems have been successfully deployed in resource-rich servers and desktops to identify advanced stealthy attacks. However, IoT devices lack the memory, storage, and computing resources to directly apply these provenance analysis techniques on the device.

This paper presents ProvIoT, a novel federated edge-cloud security framework that enables on-device syscall-level behavioral anomaly detection in IoT (IoT) devices. ProvIoT applies federated learning techniques to overcome data and privacy limitations while minimizing network overhead. Infrequent on-device training of the local model requires less than 10% CPU overhead; syncing with the global models requires sending and receiving ∼2MB over the network. During normal offline operation, ProvIoT periodically incurs less than 10% CPU overhead and less than 65MB memory usage for data summarization and anomaly detection. Our evaluation using heterogeneous real-world IoT applications shows that ProvIoT detects fileless malware and stealthy APT attacks with an average F1 score of 0.97, confirming its effectiveness. ProvIoT is a step towards extending provenance analysis to resource-constrained IoT devices, beginning with well-resourced IoT devices such as the RaspberryPi, Jetson Nano, and Google TPU.

Provenance-based Intrusion Detection System (PIDS) is getting widely deployed for safeguarding enterprises across various verticals against sophisticated cyberattacks such as Advanced Persistent Threat (APT) campaigns. Rich in detail, provenance data are essentially finegrained activities of users logged at their endpoints. Therefore, a security breach of provenance data can result in the leak of private information pertaining to users and the enterprise they work for (e.g., the clients to which a user often communicates), raising significant privacy concerns. In this work, we propose a novel privacy-preserving solution, ProvDP, specifically tailored to protect the privacy of provenance data and focusing on provenance graphs. Our approach introduces multiple technical contributions: (1) a novel method for converting provenance graphs to and from provenance trees, enabling us to harness properties of trees to develop privacy-preserving techniques while preserving the semantic value of provenance graphs, (2) a novel subtree differential privacy framework for providing privacy guarantee on these provenance trees, and (3) empirical evidence that the application of differential privacy does not diminish the detection accuracy of PIDSes. Our evaluation demonstrates that PIDS trained on differentially private data maintain utility while preserving privacy.

Transparency and interpretability are crucial for enhancing cus- tomer confidence and user engagement, especially when dealing with black-box Machine Learning (ML)-based recommendation systems. Modern recommendation systems increasingly leverage Graph Neural Network (GNN) due to their superior recommenda- tion relevance and diversity performance compared to traditional methods. Consequently, the explainability of GNN is of paramount importance, particularly in Link Prediction (LP) tasks, as recom- mending relevant items to users can be framed as predicting links between users and relevant items. The explainability of GNN mod- els has been a well-studied field, but existing methods primarily focus on node or graph-level tasks, leaving a gap in explanation techniques for LP.

This work introduces Z-REx, a GNN-based explanation frame- work designed explicitly for heterogeneous link prediction tasks. Z-REx generates explanations using structural and attribute per- turbation to identify critical substructures and key feature sub- sets. Z-REx reduces the perturbation search space by leveraging domain-specific knowledge that offers more contextually relevant and human-interpretable explanations. In our experimentation, we show the efficacy of Z-REx in generating explanations for ZiGNN, a GNN-based recommendation engine, using a real-world real-estate dataset from Zillow Group, Inc. We also compare Z-REx with State- of-The-Art (SOTA) GNN explainers and show Z-REx's superiority.

Advanced cyber threats (e.g., Fileless Malware and Advanced Persistent Threat (APT)) have driven the adoption of provenance-based security solutions. These solutions employ Machine Learning (ML) models for behavioral modeling and critical security tasks such as malware and anomaly detection. However, the opacity of ML-based security models limits their broader adoption, as the lack of transparency in their decision-making processes restricts explainability and verifiability. We tailored our solution towards Graph Neural Network (GNN)-based security solutions since recent studies employ GNNs to comprehensively digest system provenance graphs for security critical tasks.

To enhance the explainability of GNN-based security models, we introduce PROVEXPLAINER, a framework offering instance-level security-aware explanations using an interpretable surrogate model. PROVEXPLAINER’s interpretable feature space consists of discriminant subgraph patterns and graph structural features which can be directly mapped to the system provenance problem space, making the explanations human understandable. Considering both the subgraph patterns and graph structural features, gives PROVEXPLAINER the unique advantage of providing explanations that are sensitive to both local and global contexts.

By considering prominent GNN architectures (e.g., GAT and GraphSAGE) for anomaly detection tasks, we show how PROVEXPLAINER outperformed the current state-of-the-art (SOTA) GNN explainers to deliver security domain and instance-specific explanations. We measure the explanation quality using fidelity+ /fidelity− metric as used by traditional GNN explanation literature, and we incorporate the precision/recall metric where we consider the accuracy of the explanation against the ground-truth. On real-world Fileless Malware and APT datasets, PROVEXPLAINER achieves up to 29% / 27% / 25% higher fidelity+, precision and recall (where higher values are better), and 12% lower fidelity− (where lower values are better) when compared against SOTA GNN explainers.

System provenance provides a rich forensic trail for analyzing stealthy cyberattacks such as Advanced Persistent Threat (APT) campaigns and fileless malware. However, traditional detection pipelines rely heavily on recognized patterns and lack end-to-end automated mechanisms to integrate external intelligence or reason iteratively about complex attack traces. Therefore, analysts are required to craft ad-hoc queries, correlate disparate evidence, and iteratively reconstruct attack narratives. These approaches often suffer from scalability bottlenecks, limited integration of external threat intelligence, and a lack of automated reasoning support for complex, multi-stage attack campaigns.

We introduce PROVSEEK, an LLM-powered agentic framework for automated provenance-driven forensic analysis and threat intelligence extraction. PROVSEEK employs specialized toolchains to dynamically retrieve relevant context by generating precise, context-aware queries that fuse a vectorized threat report knowledge base with data from system provenance databases. The framework resolves provenance queries, orchestrates multiple role-specific agents to mitigate hallucinations, and synthesizes structured, ground-truth verifiable forensic summaries. By combining agent orchestration with Retrieval-Augmented Generation (RAG) and chain-of-thought (CoT) reasoning, PROVSEEK enables adaptive multi-step analysis that iteratively refines hypotheses, verifies supporting evidence, and produces scalable, interpretable forensic explanations of attack behaviors. By combining provenance data with agentic reasoning, PROVSEEK establishes a new paradigm for grounded agentic forensics to investigate APTs.

We conduct a comprehensive evaluation on publicly available DARPA datasets, demonstrating that PROVSEEK outperforms retrieval-based methods for the intelligence extraction task, achieving a 34% improvement in contextual precision/recall; and for the threat detection task, PROVSEEK achieves 22%/29% higher precision/recall compared to both a baseline agentic AI approach and State-Of-The-Art (SOTA) Provenance-based Intrusion Detection System (PIDS).

The rise of graph-structured data has driven interest in graph learning and synthetic data generation. While successful in text and image domains, synthetic graph generation remains challenging — especially for real-world graphs with complex, heterogeneous schemas. Existing research has focused mostly on homogeneous structures with simple attributes, limiting their usefulness and relevance for application domains requiring semantic fidelity.

In this research, we introduce PROVCREATOR, a synthetic graph framework designed for complex heterogeneous graphs with high-dimensional node and edge attributes. PROVCREATOR formulates graph synthesis as a sequence generation task, enabling the use of transformer-based large language models. It features a versatile graph-to-sequence encoder-decoder that (1) losslessly encodes graph structure and attributes, (2) efficiently compresses large graphs for contextual modeling, and (3) supports end-to-end, learnable graph generation.

To validate our research, we evaluate PROVCREATOR on two challenging domains: system provenance graphs in cybersecurity and knowledge graphs from IntelliGraph Benchmark Dataset. In both cases, PROVCREATOR captures intricate dependencies between structure and semantics, enabling the generation of realistic and privacy-aware synthetic datasets