{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:21:43Z","timestamp":1742970103630,"version":"3.40.3"},"publisher-location":"Cham","reference-count":11,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575396"},{"type":"electronic","value":"9783031575402"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57540-2_3","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"28-39","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Comparative Analysis of Reduction Methods on Provenance Graphs for APT Attack Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7169-6721","authenticated-orcid":false,"given":"Jan Eske","family":"Gesell","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5335-5735","authenticated-orcid":false,"given":"Robin","family":"Buchta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8827-1802","authenticated-orcid":false,"given":"Kilian","family":"Dangendorf","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0671-9784","authenticated-orcid":false,"given":"Pascal","family":"Franzke","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7290-6037","authenticated-orcid":false,"given":"Felix","family":"Heine","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9497-0312","authenticated-orcid":false,"given":"Carsten","family":"Kleiner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"3_CR1","doi-asserted-by":"publisher","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Z\u00faquete, A. (eds.) Communications and Multimedia Security, pp. 63\u201372 (2014). https:\/\/doi.org\/10.1007\/978-3-662-44885-4_5","DOI":"10.1007\/978-3-662-44885-4_5"},{"key":"3_CR2","unstructured":"Dynamics, K.: TA5.1 ground truth report engagement 3 (2018). https:\/\/drive.google.com\/drive\/folders\/1ATro9_PaoNlg376yA_moI1MbJGF-_HaV"},{"key":"3_CR3","unstructured":"Hossain, M.N., Wang, J., Sekar, R., Stoller, S.D.: Dependence-preserving data compaction for scalable forensic analysis. In: 27th USENIX Security Symposium, pp. 1723\u20131740 (2018). https:\/\/seclab.cs.sunysb.edu\/seclab\/pubs\/usenix18.pdf"},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Inam, M., et al.: SoK: history is a vast early warning system: auditing the provenance of system intrusions. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2620\u20132638 (2023). https:\/\/doi.ieeecomputersociety.org\/10.1109\/SP46215.2023.10179405","DOI":"10.1109\/SP46215.2023.10179405"},{"key":"3_CR5","doi-asserted-by":"publisher","unstructured":"Lee, K.H., Zhang, X., Xu, D.: LogGC: garbage collecting audit log. In: 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1005\u20131016 (2013). https:\/\/doi.org\/10.1145\/2508859.2516731","DOI":"10.1145\/2508859.2516731"},{"key":"3_CR6","unstructured":"Ma, S., et al.: Kernel-supported cost-effective audit logging for causality tracking. In: 2018 USENIX Annual Technical Conference, pp. 241\u2013253 (2018). https:\/\/www.usenix.org\/system\/files\/conference\/atc18\/atc18-ma-shiqing.pdf"},{"key":"3_CR7","doi-asserted-by":"publisher","unstructured":"Michael, N., Mink, J., Liu, J., Gaur, S., Hassan, W.U., Bates, A.: On the forensic validity of approximated audit logs. In: Annual Computer Security Applications Conference, pp. 189\u2013202 (2020). https:\/\/doi.org\/10.1145\/3427228.3427272","DOI":"10.1145\/3427228.3427272"},{"key":"3_CR8","doi-asserted-by":"publisher","unstructured":"Tang, Y., et al.: NodeMerge: template based efficient data reduction for big-data causality analysis. In: 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1324\u20131337 (2018). https:\/\/doi.org\/10.1145\/3243734.3243763","DOI":"10.1145\/3243734.3243763"},{"key":"3_CR9","doi-asserted-by":"publisher","first-page":"3972","DOI":"10.1109\/TIFS.2022.3208815","volume":"17","author":"S Wang","year":"2022","unstructured":"Wang, S., et al.: THREATRACE: detecting and tracing host-based threats in node level through provenance graph learning. IEEE Trans. Inf. Forensics Secur. 17, 3972\u20133987 (2022). https:\/\/doi.org\/10.1109\/TIFS.2022.3208815","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"3_CR10","doi-asserted-by":"publisher","unstructured":"Xu, Z., et al.: High fidelity data reduction for big data security dependency analyses. In: 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 504\u2013516 (2016). https:\/\/doi.org\/10.1145\/2976749.2978378","DOI":"10.1145\/2976749.2978378"},{"issue":"7","key":"3_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3539605","volume":"55","author":"M Zipperle","year":"2022","unstructured":"Zipperle, M., Gottwalt, F., Chang, E., Dillon, T.: Provenance-based intrusion detection systems: a survey. ACM Comput. Surv. 55(7), 1\u201336 (2022). https:\/\/doi.org\/10.1145\/3539605","journal-title":"ACM Comput. Surv."}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57540-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:06:43Z","timestamp":1713985603000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57540-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575396","9783031575402"],"references-count":11,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57540-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}