{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T16:59:16Z","timestamp":1771261156493,"version":"3.50.1"},"reference-count":26,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,5,5]]},"DOI":"10.1109\/cscwd64889.2025.11033670","type":"proceedings-article","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T17:24:40Z","timestamp":1750699480000},"page":"2436-2441","source":"Crossref","is-referenced-by-count":1,"title":["Pegasus: Accelerating Provenance Graph-based Intrusion Detection Methods"],"prefix":"10.1109","author":[{"given":"Pengcheng","family":"Bi","sequence":"first","affiliation":[{"name":"School of Cyber Security, University of Chinese Academy of Sciences,Beijing,China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qi","family":"Wang","sequence":"additional","affiliation":[{"name":"National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuan","family":"Xu","sequence":"additional","affiliation":[{"name":"National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianning","family":"Zang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaochun","family":"Yun","sequence":"additional","affiliation":[{"name":"Zhongguancun National Laboratory,Beijing,China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_30"},{"key":"ref2","doi-asserted-by":"crossref","DOI":"10.1145\/2939672.2939783","article-title":"Fast Memory-efficient Anomaly Detection in Streaming Heterogeneous Graphs","volume-title":"CoRR abs\/1602.04844","author":"Manzoor","year":"2016"},{"key":"ref3","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"26th USENIX Security Symposium (USENIX Security 17).","author":"Hossain","year":"2017"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref9","volume-title":"Understand tasks and back stack","year":"2020"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616580"},{"key":"ref12","article-title":"Back-propagating system dependency impact for attack investigation","volume-title":"Proceedings of the USENIX Security Symposium","author":"Fang","year":"2022"},{"key":"ref13","first-page":"3005","article-title":"ATLAS: A Sequence-based Learning Approach for Attack Investigation","volume-title":"30th USENIX Security Symposium (USENIX Security 21).","author":"Alsahcel","year":"2021"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1602.05629"},{"key":"ref16","volume-title":"Transparent Computing Engagement 3 Data Release.","year":"2018"},{"key":"ref17","first-page":"6575","article-title":"DISTDET: A cost-effective distributed cyber threat detection system","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium (USENIX Security\u201923).","author":"Dong","year":"2023"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.66"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP.2019.00021"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623732"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939754"},{"key":"ref22","article-title":"Pytorch-biggraph: A large-scale graph embedding system","author":"Lerer","year":"2019","journal-title":"CoRR, abs\/1903.12287"},{"key":"ref23","volume-title":"Euler.","year":"2019"},{"key":"ref24","volume-title":"Janusgraph.","year":"2020"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2016.0075"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2463676.2467799"}],"event":{"name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","location":"Compiegne, France","start":{"date-parts":[[2025,5,5]]},"end":{"date-parts":[[2025,5,7]]}},"container-title":["2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11033175\/11033221\/11033670.pdf?arnumber=11033670","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T07:03:39Z","timestamp":1750748619000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11033670\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,5]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/cscwd64889.2025.11033670","relation":{},"subject":[],"published":{"date-parts":[[2025,5,5]]}}}