A Dataset of Kernel Exploits Represented as System Provenance Graphs

CONTEXTS Dataset (A Dataset of Kernel Exploits Represented as Provenance Graphs) This repository contains datasets generated and used for testing CONTEXTS [1]. The datasets are in the form of provenance graphs captured by SPADE during system execution. The dataset includes the exploitation of kernel vulnerabilities, where:  All provenance graphs are initially pruned based on the Initial Pruning step of CONTEXTS. The identified Points of Interest, Waypoints, and Ground Truth are annotated on the provenance graph using the tags POI, WP, and GT, respectively. For each dataset, the query generated by CONTEXTS is provided. [1] Sareh Mohammadi, Hugo Kermabon-Bobinnec, Azadeh Tabiban, Lingyu Wang, Tomás Navarro Múnera, Yosr Jarraya, "CONnecting The EXtra doTS (CONTEXTS): Correlating External Information about Point of Interest for Attack Investigation." in IEEE Symposium on Security and Privacy (S&P), 2025.