Exploring Answer Set Programming for Provenance Graph-Based Cyber Threat Detection: A Novel Approach

Discover a novel approach to cybersecurity threat detection in this 22-minute conference talk from the 27th International Symposium on Practical Aspects of Declarative Languages (PADL'25). Learn how researchers Fang Li, Fei Zuo, and Gopal Gupta leverage Answer Set Programming (ASP) to model and analyze provenance graphs for enhanced cybersecurity. Explore how their ASP-based representation captures complex relationships between system entities, including temporal and causal dependencies, enabling sophisticated capabilities like attack path tracing, data exfiltration detection, and anomaly identification. See how the declarative nature of ASP allows for concise expression of complex security patterns and policies, supporting both real-time threat detection and forensic analysis. Through case studies and experimental results, understand how this approach effectively handles large-scale provenance graphs while providing expressive querying and maintaining extensibility to adapt to evolving cyber threats. This ACM SIGPLAN-sponsored presentation introduces a powerful, flexible, and explainable framework advancing the development of effective threat detection and forensic investigation tools.