{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,11]],"date-time":"2026-01-11T05:16:48Z","timestamp":1768108608771,"version":"3.49.0"},"reference-count":33,"publisher":"IEEE","license":[{"start":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T00:00:00Z","timestamp":1569888000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T00:00:00Z","timestamp":1569888000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T00:00:00Z","timestamp":1569888000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,10]]},"DOI":"10.1109\/icct46805.2019.8947201","type":"proceedings-article","created":{"date-parts":[[2020,1,3]],"date-time":"2020-01-03T00:42:22Z","timestamp":1578012142000},"page":"1418-1426","source":"Crossref","is-referenced-by-count":10,"title":["Needle in a Haystack: Attack Detection from Large-Scale System Audit"],"prefix":"10.1109","author":[{"given":"Han","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aiping","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rong","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref33","first-page":"156","article-title":"Intrusion detection via static analysis","author":"wagner","year":"2000","journal-title":"Proceedings 2001 IEEE Symposium on Security and Privacy S&P 2001 SECPRI"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45474-8_11"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2821095"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813654"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2005.62"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1095809.1095826"},{"key":"ref13","first-page":"487","article-title":"{SLEUTH}: Real-time attack scenario reconstruction from {COTS} audit data","author":"hossain","year":"2017","journal-title":"26th USENIX Security Symposium ( USENIX Security 17)"},{"key":"ref14","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","author":"hossain","year":"2018","journal-title":"27th USENIX Security Symposium ( USENIX Security 18)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1402946.1402970"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2365864.2151042"},{"key":"ref17","volume":"14","author":"kruegel","year":"2004","journal-title":"Intrusion Detection and Correlation Challenges and Solutions"},{"key":"ref18","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"NDSS"},{"key":"ref19","first-page":"120","article-title":"A data mining framework for building intrusion detection models","author":"lee","year":"1999","journal-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat No 99CB36344)"},{"key":"ref28","first-page":"1","article-title":"Diagnosing performance changes by comparing request flows","volume":"5","author":"sambasivan","year":"2011","journal-title":"NSDI"},{"key":"ref4","year":"2018","journal-title":"Transparent computing engagement 3"},{"key":"ref27","first-page":"9","article-title":"Pip: Detecting the unexpected in distributed systems","volume":"6","author":"reynolds","year":"2006","journal-title":"NSDI"},{"key":"ref3","year":"2018","journal-title":"SNORT"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.12"},{"key":"ref29","first-page":"144","article-title":"A fast automaton-based method for detecting anomalous program behaviors","author":"sekar","year":"2000","journal-title":"Proceedings 2001 IEEE Symposium on Security and Privacy S&P 2001 SECPRI"},{"key":"ref5","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2666356.2594299","article-title":"Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps","volume":"49","author":"arzt","year":"2014","journal-title":"ACM SIGPLAN Notices"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_30"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/11890850_18"},{"key":"ref2","year":"2018","journal-title":"APT Notes"},{"key":"ref9","first-page":"20","article-title":"X-trace: A pervasive network tracing framework","author":"fonseca","year":"2007","journal-title":"Proceedings of the 4th USENIX Conference on Networked Systems Design & Implementation"},{"key":"ref1","year":"2018","journal-title":"Adversarial Tactics Techniques & Common Knowledge"},{"key":"ref20","first-page":"1111","article-title":"{MPI}: Multiple perspective attack investigation with semantic aware execution partitioning","author":"shiqing","year":"2017","journal-title":"26th USENIX Security Symposium ( USENIX Security 17)"},{"key":"ref22","article-title":"Holmes: real-time apt detection through correlation of suspicious information flows","author":"milajerdi","year":"2018","journal-title":"arXiv preprint arXiv 1810 06008"},{"key":"ref21","article-title":"Protracer: Towards practical provenance tracing by alternating between logging and tainting","author":"shiqing","year":"2016","journal-title":"NDSS"},{"key":"ref24","first-page":"2435","volume":"31","author":"paxson","year":"1999","journal-title":"Bro a system for detecting network intruders in realtime Computer networks"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2012.6195642"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"}],"event":{"name":"2019 IEEE 19th International Conference on Communication Technology (ICCT)","location":"Xi'an, China","start":{"date-parts":[[2019,10,16]]},"end":{"date-parts":[[2019,10,19]]}},"container-title":["2019 IEEE 19th International Conference on Communication Technology (ICCT)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8943077\/8946993\/08947201.pdf?arnumber=8947201","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,17]],"date-time":"2022-07-17T21:55:16Z","timestamp":1658094916000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8947201\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10]]},"references-count":33,"URL":"https:\/\/doi.org\/10.1109\/icct46805.2019.8947201","relation":{},"subject":[],"published":{"date-parts":[[2019,10]]}}}