{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,20]],"date-time":"2025-06-20T04:08:09Z","timestamp":1750392489099,"version":"3.41.0"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031957666","type":"print"},{"value":"9783031957673","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-95767-3_8","type":"book-chapter","created":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T12:25:17Z","timestamp":1750335917000},"page":"189-219","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["ProvDP: Differential Privacy for\u00a0System Provenance Dataset"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-9693-6520","authenticated-orcid":false,"given":"Kunal","family":"Mukherjee","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5457-0592","authenticated-orcid":false,"given":"Jonathan","family":"Yu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0975-8744","authenticated-orcid":false,"given":"Partha","family":"De","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8706-432X","authenticated-orcid":false,"given":"Dinil Mon","family":"Divakaran","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,20]]},"reference":[{"key":"8_CR1","unstructured":"The Linux audit framework (2015). https:\/\/github.com\/linux-audit\/"},{"key":"8_CR2","unstructured":"Deep graph library: Easy deep learning on graphs (2019). https:\/\/www.dgl.ai\/"},{"key":"8_CR3","unstructured":"Evasive attacker leverages solarwinds supply chain compromises with sunburst backdoor (2019). https:\/\/tinyurl.com\/bdz8s5yn"},{"key":"8_CR4","unstructured":"Event tracing for windows (ETW) - windows drivers $$|$$ Microsoft docs (2019). https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/event-tracing-for-windows--etw-"},{"key":"8_CR5","unstructured":"North Korea\u2019s Lazarus apt leverages windows update client, github in latest campaign (2019). https:\/\/tinyurl.com\/mr4h7d35"},{"key":"8_CR6","unstructured":"U.S. said to find North Korea ordered cyberattack on Sony (2019). https:\/\/tinyurl.com\/5da2h9bx"},{"key":"8_CR7","unstructured":"Wildpressure targets industrial in the middle east (2019). https:\/\/tinyurl.com\/mr2n8hdu"},{"key":"8_CR8","unstructured":"Extended detection and response (XDR) (2023). https:\/\/www.cybereason.com\/platform\/xdr"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723\u20131732 (2017)","DOI":"10.1145\/3097983.3098163"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: Disclosure: detecting botnet command and control servers through large-scale netflow analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 129\u2013138 (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"8_CR11","unstructured":"Cantrill, B.: Dtrace. In: Large Installation System Administration Conference (LISA) (2005)"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Cheng, Z., et al.: Kairos: practical intrusion detection and investigation using whole-system provenance. In: IEEE Symposium on Security and Privacy (SP) (2024)","DOI":"10.1109\/SP54263.2024.00005"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 202\u2013210 (2003)","DOI":"10.1145\/773153.773173"},{"key":"8_CR14","doi-asserted-by":"publisher","first-page":"S56","DOI":"10.1016\/j.diin.2017.02.001","volume":"20","author":"DM Divakaran","year":"2017","unstructured":"Divakaran, D.M., Fok, K.W., Nevat, I., Thing, V.L.: Evidence gathering for network security and forensics. Digit. Investig. 20, S56\u2013S65 (2017)","journal-title":"Digit. Investig."},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Dwork, C.: Differential privacy. In: International Colloquium on Automata, Languages, and Programming, pp. 1\u201312. Springer (2006)","DOI":"10.1007\/11787006_1"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Dwork, C., Roth, A., et\u00a0al.: The algorithmic foundations of differential privacy. Found. Trends\u00ae Theor. Comput. Sci. 9(3\u20134), 211\u2013407 (2014)","DOI":"10.1561\/0400000042"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Goyal, A., Wang, G., Bates, A.: R-caid: embedding root cause analysis within provenance-based intrusion detection. In: IEEE Symposium on Security and Privacy (SP) (2024)","DOI":"10.1109\/SP54263.2024.00253"},{"key":"8_CR18","unstructured":"Griffith, J., et al.: Scalable transparency architecture for research collaboration (STARC)-DARPA transparent computing (TC) program. Technical report (2020)"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Gysel, P., W\u00fcest, C., Nwafor, K., Ja\u0161ek, O., Ustyuzhanin, A., Divakaran, D.M.: Eagleeye: attention to unveil malicious event sequences from provenance graphs. arXiv preprint arXiv:2408.09217 (2024)","DOI":"10.1109\/eCrime66200.2024.00009"},{"key":"8_CR20","unstructured":"Han, X., et al.: SIGL: securing software installations through deep graph learning. In: USENIX Security Symposium (SEC) (2021)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., et al.: NoDoze: combatting threat alert fatigue with automated provenance triage. In: Network and Distributed System Security Symposium (NDSS) (2019)","DOI":"10.14722\/ndss.2019.23349"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Hay, M., Miklau, G., Jensen, D., Towsley, D., Weis, P.: Accurate estimation of the degree distribution of private networks. In: 2009 Ninth IEEE International Conference on Data Mining, pp. 169\u2013178. IEEE (2009)","DOI":"10.1109\/ICDM.2009.11"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Inam, M.A., et al.: SoK: history is a vast early warning system: auditing the provenance of system intrusions. In: IEEE Symposium on Security and Privacy (SP) (2023)","DOI":"10.1109\/SP46215.2023.10179405"},{"issue":"11","key":"8_CR24","doi-asserted-by":"publisher","first-page":"1146","DOI":"10.14778\/3402707.3402749","volume":"4","author":"V Karwa","year":"2011","unstructured":"Karwa, V., Raskhodnikova, S., Smith, A., Yaroslavtsev, G.: Private analysis of graph structure. Proc. VLDB Endow. 4(11), 1146\u20131157 (2011)","journal-title":"Proc. VLDB Endow."},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Kasiviswanathan, S.P., Nissim, K., Raskhodnikova, S., Smith, A.: Analyzing graphs with node differential privacy. In: Theory of Cryptography: 10th Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, 3\u20136 March 2013 Proceedings, pp. 457\u2013476. Springer (2013)","DOI":"10.1007\/978-3-642-36594-2_26"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (2003)","DOI":"10.1145\/945465.945467"},{"key":"8_CR27","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Towards a timely causality analysis for enterprise security. In: Network and Distributed System Security Symposium (NDSS) (2018)","DOI":"10.14722\/ndss.2018.23254"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data, pp. 19\u201330 (2009)","DOI":"10.1145\/1559845.1559850"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Miller, S., Childers, D.: Probability and random processes: with applications to signal processing and communications. Academic Press (2012)","DOI":"10.1016\/B978-0-12-386981-4.50011-4"},{"key":"8_CR31","unstructured":"Mukherjee, K., Harrison, Z., Balaneshin, S.: Z-rex: human-interpretable GNN explanations for real estate recommendations. arXiv preprint arXiv:2503.18001 (2025)"},{"key":"8_CR32","unstructured":"Mukherjee, K., et al.: Evading provenance-based ml detectors with adversarial system actions. In: USENIX Security Symposium (SEC) (2023)"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Mukherjee, K., et al.: Proviot: detecting stealthy attacks in IoT through federated edge-cloud security. In: International Conference on Applied Cryptography and Network Security, pp. 241\u2013268. Springer (2024)","DOI":"10.1007\/978-3-031-54776-8_10"},{"key":"8_CR34","unstructured":"Mukherjee, K., et al.: Interpreting GNN-based ids detections using provenance graph structural features. arXiv preprint arXiv:2306.00934 (2023)"},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 111\u2013125. IEEE (2008)","DOI":"10.1109\/SP.2008.33"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 173\u2013187. IEEE (2009)","DOI":"10.1109\/SP.2009.22"},{"issue":"1","key":"8_CR37","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1109\/TNET.2017.2765719","volume":"26","author":"I Nevat","year":"2017","unstructured":"Nevat, I., et al.: Anomaly detection and attribution in networks with temporally correlated traffic. IEEE\/ACM Trans. Networking 26(1), 131\u2013144 (2017)","journal-title":"IEEE\/ACM Trans. Networking"},{"key":"8_CR38","doi-asserted-by":"publisher","unstructured":"Nguyen, H.H., Imine, A., Rusinowitch, M.: Differentially private publication of social graphs at linear cost. In: Proceedings of the 2015 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, ASONAM 2015, pp. 596\u2013599. Association for Computing Machinery, New York (2015). https:\/\/doi.org\/10.1145\/2808797.2809385","DOI":"10.1145\/2808797.2809385"},{"key":"8_CR39","doi-asserted-by":"crossref","unstructured":"Nissim, K., Raskhodnikova, S., Smith, A.: Smooth sensitivity and sampling in private data analysis. In: Proceedings of the Thirty-Ninth Annual ACM Symposium on Theory of Computing, pp. 75\u201384 (2007)","DOI":"10.1145\/1250790.1250803"},{"key":"8_CR40","unstructured":"Rehman, M.U., Ahmadi, H., Hassan, W.U.: FLASH: a comprehensive approach to intrusion detection via provenance graph representation learning. In: IEEE Symposium on Security and Privacy (SP) (2024)"},{"key":"8_CR41","unstructured":"Veli\u010dkovi\u0107, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Wang, Q., et al.: You are what you do: hunting stealthy malware via data provenance analysis. In: Network and Distributed System Security Symposium (NDSS) (2020)","DOI":"10.14722\/ndss.2020.24167"},{"key":"8_CR43","unstructured":"Wang, T., et al.: Provcreator: synthesizing graph data with text attributes"},{"key":"8_CR44","unstructured":"Yuan, Q., Zhang, Z., Du, L., Chen, M., Cheng, P., Sun, M.: $$\\{$$PrivGraph$$\\}$$: differentially private graph data publication by exploiting community information. In: 32nd USENIX Security Symposium (USENIX Security 2023), pp. 3241\u20133258 (2023)"},{"key":"8_CR45","doi-asserted-by":"crossref","unstructured":"Zengy, J., et al.: Shadewatcher: recommendation-guided cyber threat analysis using system audit records. In: IEEE Symposium on Security and Privacy (SP) (2022)","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"8_CR46","doi-asserted-by":"publisher","first-page":"89390","DOI":"10.1109\/ACCESS.2019.2927365","volume":"7","author":"S Zhang","year":"2019","unstructured":"Zhang, S., Ni, W.: Graph embedding matrix sharing with differential privacy. IEEE Access 7, 89390\u201389399 (2019)","journal-title":"IEEE Access"},{"issue":"2","key":"8_CR47","doi-asserted-by":"publisher","first-page":"235","DOI":"10.26599\/TST.2021.9010018","volume":"27","author":"X Zheng","year":"2021","unstructured":"Zheng, X., Zhang, L., Li, K., Zeng, X.: Efficient publication of distributed and overlapping graph data under differential privacy. Tsinghua Sci. Technol. 27(2), 235\u2013243 (2021)","journal-title":"Tsinghua Sci. Technol."}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-95767-3_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T12:25:31Z","timestamp":1750335931000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-95767-3_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031957666","9783031957673"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-95767-3_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"20 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/acns2025.fordaysec.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}