{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T08:31:00Z","timestamp":1770539460907,"version":"3.49.0"},"reference-count":45,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,12,10]],"date-time":"2020-12-10T00:00:00Z","timestamp":1607558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,12,10]],"date-time":"2020-12-10T00:00:00Z","timestamp":1607558400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,12,10]],"date-time":"2020-12-10T00:00:00Z","timestamp":1607558400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,12,10]]},"DOI":"10.1109\/bigdata50022.2020.9378294","type":"proceedings-article","created":{"date-parts":[[2021,3,19]],"date-time":"2021-03-19T17:10:21Z","timestamp":1616173821000},"page":"1031-1040","source":"Crossref","is-referenced-by-count":9,"title":["Towards an Open Format for Scalable System Telemetry"],"prefix":"10.1109","author":[{"given":"Teryl","family":"Taylor","sequence":"first","affiliation":[]},{"given":"Frederico","family":"Araujo","sequence":"additional","affiliation":[]},{"given":"Xiaokui","family":"Shu","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","article-title":"Ansible","year":"2019"},{"key":"ref38","article-title":"go-audit","year":"2016"},{"key":"ref33","article-title":"Swarm: a Docker-native clustering system","year":"2019"},{"key":"ref32","article-title":"Production-grade container orchestration - Kubernetes","year":"2019"},{"key":"ref31","article-title":"Cve-2017-5941","year":"2017"},{"key":"ref30","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","author":"hossain","year":"2017","journal-title":"Usenix Security"},{"key":"ref37","article-title":"Helm: The package manger for kubernetes","year":"2019"},{"key":"ref36","article-title":"Kubernetes: Production-grade container orchestration","year":"2019"},{"key":"ref35","article-title":"Apache avro","year":"2012"},{"key":"ref34","article-title":"OpenShift: Container Application Platform by Red Hat, Built on Docker and Kubernetes","year":"2019"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015495"},{"key":"ref40","author":"robitaille","year":"2013"},{"key":"ref11","article-title":"Toward efficient querying of compressed network payloads","author":"taylor","year":"2012","journal-title":"USENIX ATC"},{"key":"ref12","article-title":"nprobe: an open source netflow probe for gigabit networks","author":"deri","year":"2003","journal-title":"Terena TNC"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3154448.3154455"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCNT.2018.8493766"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_5"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2790077"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243829"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref27","article-title":"Applying provenance in apt monitoring and analysis: Practical challenges for scalable, efficient and trustworthy distributed provenance","author":"jenkinson","year":"2017","journal-title":"TaPP USENIX"},{"key":"ref3","article-title":"Kernel-supported cost-effective audit logging for causality tracking","author":"ma","year":"2018","journal-title":"USENIX ATC"},{"key":"ref6","article-title":"MITRE ATT&CK Matrix for Enterprise Linux","year":"2019"},{"key":"ref29","article-title":"Holmes: Real-time apt detection through correlation of suspicious information flows","author":"milajerdi","year":"2018","journal-title":"IEEE S&P"},{"key":"ref5","article-title":"Introduction to Cisco IOS NetFlow&#x2013;A Technical Overview","year":"2012"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402980"},{"key":"ref2","article-title":"Sysdig","year":"2019"},{"key":"ref9","article-title":"Flowradar: A better netflow for data centers","author":"li","year":"2016","journal-title":"USENIX NSDI"},{"key":"ref1","article-title":"Linux audit framework","year":"2006"},{"key":"ref20","article-title":"Replay debugging for distributed applications","author":"geels","year":"2006","journal-title":"USENIX ATC"},{"key":"ref45","article-title":"Multithreading benchmarks","author":"maigre","year":"2016"},{"key":"ref22","article-title":"MPI: Multiple perspective attack investigation with semantics aware execution partitioning","author":"ma","year":"2017","journal-title":"Usenix Security"},{"key":"ref21","article-title":"osquery","year":"2006"},{"key":"ref42","article-title":"Wasabi s3 benchmark","year":"2019"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref41","article-title":"ab - apache http server benchmarking tool","year":"2019"},{"key":"ref23","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"NDSS"},{"key":"ref44","article-title":"Hibench big data benchmark suite","author":"chenzhao","year":"2019"},{"key":"ref26","article-title":"Transparent Computing","year":"2014"},{"key":"ref43","article-title":"Hammerdb tpc benchmarks","author":"hammer","year":"2019"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"}],"event":{"name":"2020 IEEE International Conference on Big Data (Big Data)","location":"Atlanta, GA, USA","start":{"date-parts":[[2020,12,10]]},"end":{"date-parts":[[2020,12,13]]}},"container-title":["2020 IEEE International Conference on Big Data (Big Data)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9377717\/9377728\/09378294.pdf?arnumber=9378294","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,27]],"date-time":"2022-06-27T11:37:50Z","timestamp":1656329870000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9378294\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,10]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/bigdata50022.2020.9378294","relation":{},"subject":[],"published":{"date-parts":[[2020,12,10]]}}}