{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:58:05Z","timestamp":1773511085507,"version":"3.50.1"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2020,11,1]],"date-time":"2020-11-01T00:00:00Z","timestamp":1604188800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,11,1]],"date-time":"2020-11-01T00:00:00Z","timestamp":1604188800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,11,1]],"date-time":"2020-11-01T00:00:00Z","timestamp":1604188800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1705261"],"award-info":[{"award-number":["U1705261"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61821003"],"award-info":[{"award-number":["61821003"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"CCF-NSFOCUS Kun Peng research fund"},{"name":"Wuhan Application Basic Research Program","award":["2017010201010104"],"award-info":[{"award-number":["2017010201010104"]}]},{"name":"Hubei Natural Science and Technology Foundation","award":["2017CFB304"],"award-info":[{"award-number":["2017CFB304"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2020,11,1]]},"DOI":"10.1109\/tdsc.2018.2867595","type":"journal-article","created":{"date-parts":[[2018,8,29]],"date-time":"2018-08-29T19:18:15Z","timestamp":1535570295000},"page":"1283-1296","source":"Crossref","is-referenced-by-count":57,"title":["Pagoda: A Hybrid Approach to Enable Efficient Real-Time Provenance Based Intrusion Detection in Big Data Environments"],"prefix":"10.1109","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5757-4396","authenticated-orcid":false,"given":"Yulai","family":"Xie","sequence":"first","affiliation":[{"name":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"}]},{"given":"Dan","family":"Feng","sequence":"additional","affiliation":[{"name":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1265-7141","authenticated-orcid":false,"given":"Yuchong","family":"Hu","sequence":"additional","affiliation":[{"name":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9746-6274","authenticated-orcid":false,"given":"Yan","family":"Li","sequence":"additional","affiliation":[{"name":"TuneUp.ai in San Francisco Bay Area, CA, USA"}]},{"given":"Staunton","family":"Sample","sequence":"additional","affiliation":[{"name":"Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0822-0740","authenticated-orcid":false,"given":"Darrell","family":"Long","sequence":"additional","affiliation":[{"name":"Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2501986"},{"key":"ref38","year":"2000"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"ref32","first-page":"525","article-title":"Eidetic systems","author":"devecsery","year":"2014","journal-title":"Proc USENIX Symp on Operating System Design and Implementation"},{"key":"ref31","first-page":"3","article-title":"Transparent result caching","author":"vahdat","year":"1998","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref30","article-title":"Story Book: An efficient extensible provenance framework","author":"spillane","year":"2009","journal-title":"Proc 1st Workshop Theory Practice Provenance"},{"key":"ref37","year":"0"},{"key":"ref36","first-page":"15","article-title":"Provenance for the cloud","author":"muniswamy-reddy","year":"2010","journal-title":"Proc USENIX Conf File Storage Technol"},{"key":"ref35","first-page":"10","article-title":"Layering in provenance systems","author":"muniswamy-reddy","year":"2009","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref34","first-page":"319","article-title":"Trustworthy whole-system provenance for the Linux kernel","author":"bates","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref28","first-page":"1","article-title":"Using provenance to aid in personal file search","author":"shah","year":"2007","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref27","first-page":"5:1","article-title":"Application of named graphs towards custom provenance views","author":"gibson","year":"2009","journal-title":"Proc Workshop Theory Practice Provenance"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref2","year":"0"},{"key":"ref1","year":"0"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382232"},{"key":"ref22","article-title":"Monet: A next generation DBMS kernel for query-intensive application","author":"boncz","year":"2002"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref24","first-page":"1","article-title":"The case of the fake Picasso: Preventing history forgery with secure provenance","author":"hasan","year":"2009","journal-title":"Proc USENIX Conf File Storage Technol"},{"key":"ref23","first-page":"1","article-title":"Trusted computing and provenance: Better together","author":"lyle","year":"2010","journal-title":"Proc 2nd Workshop Theory Practice Provenance"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44503-X_20"},{"key":"ref25","first-page":"43","article-title":"Provenance-aware storage systems","author":"muniswamy-reddy","year":"2006","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2012.05.004"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_7"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23268"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_13"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.34"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.005"},{"key":"ref53","first-page":"2014","article-title":"Learning convolutional neural networks for graphs","author":"niepert","year":"2016","journal-title":"Proc Int Conf Mach Learn"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20505-7_26"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1142\/S0218213006003028"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref40","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantics aware execution partitioning","author":"ma","year":"2017","journal-title":"Proc USENIX Conf Secur Symp"},{"key":"ref12","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref16","year":"2015"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.02.005"},{"key":"ref18","first-page":"1","article-title":"Automated provenance analytics: A regular grammar based approach with applications in security","author":"lemay","year":"2017","journal-title":"Proc USENIX Workshop Theory Practice Provenance"},{"key":"ref19","first-page":"1","article-title":"FRAPpuccino: Fault-detection through runtime analysis of provenance","author":"han","year":"2017","journal-title":"Proc of Workshop on Hot Topics in Cloud Computing"},{"key":"ref4","year":"2017"},{"key":"ref3","year":"2017"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref7","first-page":"79","article-title":"Data mining approaches for intrusion detection","author":"lee","year":"1998","journal-title":"The Proceedings of the 7th USENIX Security Symposium"},{"key":"ref49","first-page":"255","article-title":"Anomaly detection over noisy data using learned probability distributions","author":"eskin","year":"2000","journal-title":"Proc Int Conf Mach Learn"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043584"},{"key":"ref48","first-page":"89","article-title":"Intrusion recovery using selective re-execution","author":"kim","year":"2010","journal-title":"Proc 9th USENIX Conf Operating Syst Des Implementation"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref42","first-page":"1","article-title":"Provenance-based intrusion detection: Opportunities and challenges","author":"han","year":"2018","journal-title":"Proc Workshop Theory Practice Provenance"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref44","first-page":"16","article-title":"Applying provenance in APT monitoring and analysis","author":"jenkinson","year":"2017","journal-title":"Proc USENIX Workshop Theory Practice Provenance"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/9250030\/08450016.pdf?arnumber=8450016","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,15]],"date-time":"2024-01-15T21:42:09Z","timestamp":1705354929000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8450016\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,1]]},"references-count":58,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2018.2867595","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,1]]}}}