{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T06:07:32Z","timestamp":1769926052932,"version":"3.49.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030051709","type":"print"},{"value":"9783030051716","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-05171-6_6","type":"book-chapter","created":{"date-parts":[[2018,12,5]],"date-time":"2018-12-05T10:52:06Z","timestamp":1544007126000},"page":"107-126","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["ProPatrol: Attack Investigation via Extracted High-Level Tasks"],"prefix":"10.1007","author":[{"given":"Sadegh","family":"M. Milajerdi","sequence":"first","affiliation":[]},{"given":"Birhanu","family":"Eshete","sequence":"additional","affiliation":[]},{"given":"Rigel","family":"Gjomemo","sequence":"additional","affiliation":[]},{"given":"Venkat N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,5]]},"reference":[{"key":"6_CR1","unstructured":"Multiprocess firefox. https:\/\/developer.mozilla.org\/en-US\/Firefox\/Multiprocess_Firefox"},{"key":"6_CR2","unstructured":"Systemtap. https:\/\/sourceware.org\/systemtap\/"},{"key":"6_CR3","unstructured":"Bates, A., Tian, D.J., Butler, K.R., Moyer, T.: Trustworthy whole-system provenance for the Linux kernel. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 319\u2013334 (2015)"},{"key":"6_CR4","unstructured":"Chow, J., Garfinkel, T., Chen, P.M.: Decoupling dynamic program analysis from execution in virtual environments. In: USENIX 2008 Annual Technical Conference on Annual Technical Conference, pp. 1\u201314 (2008)"},{"key":"6_CR5","unstructured":"Corporation, M.: Apt1: exposing one of china\u2019s cyber espionage units. Technical report (2013)"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-35170-9_6","volume-title":"Middleware 2012","author":"A Gehani","year":"2012","unstructured":"Gehani, A., Tariq, D.: SPADE: support for provenance auditing in distributed environments. In: Narasimhan, P., Triantafillou, P. (eds.) Middleware 2012. LNCS, vol. 7662, pp. 101\u2013120. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35170-9_6"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., De Lara, E.: The taser intrusion recovery system. In: ACM SIGOPS Operating Systems Review, vol. 39, pp. 163\u2013176. ACM (2005)","DOI":"10.1145\/1095810.1095826"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Lemay, M., Aguse, N., Bates, A., Moyer, T.: Towards scalable cluster auditing through grammatical inference over provenance graphs. In: Network and Distributed Systems Security Symposium (2018)","DOI":"10.14722\/ndss.2018.23141"},{"key":"6_CR9","unstructured":"Hossain, M.N., et al.: SLEUTH: real-time attack scenario reconstruction from COTS audit data. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 487\u2013504. USENIX Association, Vancouver (2017)"},{"key":"6_CR10","unstructured":"Hossain, M.N., Wang, J., Sekar, R., Stoller, S.D.: Dependence-preserving data compaction for scalable forensic analysis. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1723\u20131740. USENIX Association, Baltimore (2018)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Ji, Y., et al.: Rain: refinable attack investigation with on-demand inter-process information flow tracking. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 377\u2013390. ACM (2017)","DOI":"10.1145\/3133956.3134045"},{"key":"6_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-540-73614-1_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Johns","year":"2007","unstructured":"Johns, M., Winter, J.: Protecting the intranet against \u201cJavaScript Malware\u201d and related attacks. In: M. H\u00e4mmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 40\u201359. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73614-1_3"},{"key":"6_CR13","unstructured":"Keizer, G.: Enterprises to get locked-down Windows 10 in six months. https:\/\/www.computerworld.com\/article\/3232749\/microsoft-windows\/enterprises-to-get-locked-down-windows-10-in-six-months.html . Accessed 08 Oct 2018"},{"key":"6_CR14","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/2365864.2151042","volume":"47","author":"VP Kemerlis","year":"2012","unstructured":"Kemerlis, V.P., Portokalidis, G., Jee, K., Keromytis, A.D.: libdft: practical dynamic data flow tracking for commodity systems. ACM SIGPLAN Not. 47, 121\u2013132 (2012)","journal-title":"ACM SIGPLAN Not."},{"key":"6_CR15","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1145\/1165389.945467","volume":"37","author":"ST King","year":"2003","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. ACM SIGOPS Oper. Syst. Rev. 37, 223\u2013236 (2003)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"6_CR16","unstructured":"King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: NDSS (2005)"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Kwon, Y., et al.: MCI: modeling-based causality inference in audit logging for attack investigation. In: Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) (2018)","DOI":"10.14722\/ndss.2018.23306"},{"key":"6_CR18","unstructured":"Lee, K.H., Zhang, X., Xu, D.: High accuracy attack provenance via binary-based execution partition. In: NDSS (2013)"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Lee, K.H., Zhang, X., Xu, D.: Loggc: garbage collecting audit log. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1005\u20131016. ACM (2013)","DOI":"10.1145\/2508859.2516731"},{"key":"6_CR20","unstructured":"Ma, S., Zhai, J., Wang, F., Lee, K.H., Zhang, X., Xu, D.: MPI: multiple perspective attack investigation with semantics aware execution partitioning. In: USENIX Security (2017)"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Ma, S., Zhang, X., Xu, D.: Protracer: towards practical provenance tracing by alternating between logging and tainting (2016)","DOI":"10.14722\/ndss.2016.23350"},{"key":"6_CR22","unstructured":"Mathew, S.J.: Social engineering leads apt attack vectors. http:\/\/www.darkreading.com\/vulnerabilities-and-threats\/social-engineering-leads-apt-attack-vectors\/d\/d-id\/1100142?"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE (2019)","DOI":"10.1109\/SP.2019.00026"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Ming, J., Wu, D., Wang, J., Xiao, G., Liu, P.: Straight taint: decoupled offline symbolic taint analysis. In: Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering, pp. 308\u2013319. ACM (2016)","DOI":"10.1145\/2970276.2970299"},{"key":"6_CR25","unstructured":"Muniswamy-Reddy, K.K., Holland, D.A., Braun, U., Seltzer, M.I.: Provenance-aware storage systems. In: USENIX Annual Technical Conference, General Track, pp. 43\u201356 (2006)"},{"key":"6_CR26","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software (2005)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Pohly, D.J., McLaughlin, S., McDaniel, P., Butler, K.: Hi-fi: collecting high-fidelity whole-system provenance. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 259\u2013268. ACM (2012)","DOI":"10.1145\/2420950.2420989"},{"key":"6_CR28","unstructured":"Sar, C., Cao, P.: Lineage file system. http:\/\/crypto.stanford.edu\/cao\/lineage.html (2005)"},{"issue":"11","key":"6_CR29","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/1037187.1024404","volume":"39","author":"G. Edward Suh","year":"2004","unstructured":"Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. ACM Sigplan Not. 39, 85\u201396 (2004)","journal-title":"ACM SIGPLAN Notices"},{"key":"6_CR30","unstructured":"Team, T.C.: Chromium Project Process Model. https:\/\/www.chromium.org\/developers\/design-documents\/process-models . Accessed 05 Oct 2018"},{"key":"6_CR31","unstructured":"Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: USENIX Security, pp. 121\u2013136 (2006)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Xu, Z., et al.: High fidelity data reduction for big data security dependency analyses. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 504\u2013516. ACM (2016)","DOI":"10.1145\/2976749.2978378"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116\u2013127. ACM (2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-05171-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T15:25:35Z","timestamp":1573053935000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-05171-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030051709","9783030051716"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-05171-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bangalore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iciss.org.in","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"51","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"45% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}