A Dataset of Kernel Exploits Represented as System Provenance Graphs

CONTEXTS Dataset (A Dataset of Kernel Exploits Represented as Provenance Graphs) This repository contains different datasets generated and used for testing CONTEXTS[1]. The datasets are in the form of provenance graphs captured by SPADE during system execution. Each dataset contains the exploitation of kernel vulnarabilities, where  - All the provenance graphs are initially pruned based on the Initiall Pruning step of CONTEXTS.- The identified Point-of-Interest, Waypoints, and the Ground Truth are annotated on the provenance graph using POI, WP, and GT tags, respectively.- For each dataset, the query that is generated by CONTEXTS is provided. [1] Sareh Mohammadi, Hugo Kermabon-Bobinnec, Azadeh Tabiban, Lingyu Wang, Tomás Navarro Múnera, Yosr Jarraya, ***"CONnecting The EXtra doTS (CONTEXTS): Correlating External Information about Point of Interest for Attack Investigation."*** in IEEE Symposium on Security and Privacy (S&P), 2025.