{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:40:09Z","timestamp":1770226809537,"version":"3.49.0"},"reference-count":28,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,5,10]],"date-time":"2021-05-10T00:00:00Z","timestamp":1620604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,5,10]],"date-time":"2021-05-10T00:00:00Z","timestamp":1620604800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,5,10]],"date-time":"2021-05-10T00:00:00Z","timestamp":1620604800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100012470","name":"CERN","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100012470","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,5,10]]},"DOI":"10.1109\/infocomwkshps51825.2021.9484532","type":"proceedings-article","created":{"date-parts":[[2021,8,11]],"date-time":"2021-08-11T01:15:31Z","timestamp":1628644531000},"page":"1-6","source":"Crossref","is-referenced-by-count":2,"title":["ACTracker: A Fast and Efficient Attack Investigation Method Based on Event Causality"],"prefix":"10.1109","author":[{"given":"Erteng","family":"Hu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anmin","family":"Fu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiyi","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Linjie","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yantao","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yin","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2014.2320725"},{"key":"ref11","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data[C]","author":"hossain","year":"2017","journal-title":"26th USENIX Security Symposium (USENIX Security 17)"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101945"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2917223"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24329"},{"key":"ref18","article-title":"Linux auditd","year":"0"},{"key":"ref19","article-title":"Event Tracing","year":"0"},{"key":"ref28","article-title":"Windows Remote Management","year":"0"},{"key":"ref4","article-title":"High Accuracy Attack Provenance via Binary-based Execution Partition[C]","author":"lee","year":"2013","journal-title":"NDSS"},{"key":"ref27","article-title":"Privilege Escalation","year":"0"},{"key":"ref3","article-title":"Enriching Intrusion Alerts Through Multi-Host Causality[C]","author":"king","year":"2005","journal-title":"NDSS"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-9129-7_5"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2011.262"},{"key":"ref1","year":"0","journal-title":"APT Notes"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611974348.9"},{"key":"ref22","article-title":"A poisoning attack against online anomaly detection[C]","author":"kloft","year":"2007","journal-title":"Workshop on Machine Learning in Adversarial Environments for Computer Security"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref24","article-title":"CVE-2014-6271","year":"0"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2384716.2384777"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref25","article-title":"Pass-the-hash attacks: Tools and Mitigation","year":"2010"}],"event":{"name":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","location":"Vancouver, BC, Canada","start":{"date-parts":[[2021,5,10]]},"end":{"date-parts":[[2021,5,13]]}},"container-title":["IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9484327\/9484428\/09484532.pdf?arnumber=9484532","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T15:48:17Z","timestamp":1652197697000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9484532\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,10]]},"references-count":28,"URL":"https:\/\/doi.org\/10.1109\/infocomwkshps51825.2021.9484532","relation":{},"subject":[],"published":{"date-parts":[[2021,5,10]]}}}