{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T18:46:43Z","timestamp":1773168403759,"version":"3.50.1"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/tdsc.2019.2960353","type":"journal-article","created":{"date-parts":[[2019,12,17]],"date-time":"2019-12-17T21:04:05Z","timestamp":1576616645000},"page":"1-1","source":"Crossref","is-referenced-by-count":21,"title":["P-Gaussian: Provenance-Based Gaussian Distribution for Detecting Intrusion Behavior Variants Using High Efficient and Real Time Memory Databases"],"prefix":"10.1109","author":[{"given":"Yulai","family":"Xie","sequence":"first","affiliation":[]},{"given":"Yafeng","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Dan","family":"Feng","sequence":"additional","affiliation":[]},{"given":"Darrell","family":"Long","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref71","first-page":"241","article-title":"Kernel-supported cost-effective audit logging for causality tracking","author":"ma","year":"2018","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref39","first-page":"1","article-title":"Trusted computing and provenance: Better together","author":"lyle","year":"2010","journal-title":"Proc USENIX Workshop Theory Practice Provenance"},{"key":"ref38","first-page":"319","article-title":"Trustworthy whole-system provenance for the linux kernel","author":"bates","year":"2015","journal-title":"Proc Usenix Security"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"ref32","first-page":"25","article-title":"Transparent result caching","author":"vahdat","year":"1998","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SSDM.2004.1311219"},{"key":"ref30","first-page":"1","article-title":"Story book: An efficient extensible provenance framework","author":"spillane","year":"2009","journal-title":"Proc TaPP'09 First Workshop on the Theory and Practice of Provenance"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref34","first-page":"525","article-title":"Eidetic systems","author":"devecsery","year":"2014","journal-title":"Proc USENIX Symp Operating Syst Design Implementation"},{"key":"ref60","first-page":"12","article-title":"Automated provenance analytics: A regular grammar based approach with applications in security","author":"lemay","year":"2017","journal-title":"Proc USENIX Workshop Theory Practice Provenance"},{"key":"ref62","first-page":"188","article-title":"Improving the performance of signature-based network intrusion detection sensors by multi-threading","author":"haagdorens","year":"2004","journal-title":"Proc 5th Int Conf Inf Security Appl"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS.2012.6269577"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046741"},{"key":"ref28","first-page":"1","article-title":"Layering in provenance systems","author":"muniswamy-reddy","year":"2009","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_14"},{"key":"ref27","first-page":"1","article-title":"Provenance-aware storage systems","author":"muniswamy-reddy","year":"2006","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCNT.2018.8494130"},{"key":"ref66","doi-asserted-by":"crossref","first-page":"528","DOI":"10.1109\/TIFS.2015.2503271","article-title":"Fast detection of transformed data leaks","volume":"11","author":"shu","year":"2016","journal-title":"IEEE Trans Inf Forensics Security"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref67","first-page":"70,72","article-title":"Forensic computer analysis: An introduction","volume":"25","author":"farmer","year":"2000","journal-title":"Dr Dobb's J"},{"key":"ref68","first-page":"38","article-title":"Provenance-aware tracing of worm break-in and contaminations: A process coloring approach","author":"jiang","year":"2006","journal-title":"Proc IEEE Int Conf Distrib Comput Syst"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"ref2","year":"2017"},{"key":"ref1","year":"2013"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2012.105"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382232"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177728796"},{"key":"ref24","year":"0"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2867595"},{"key":"ref26","first-page":"1","article-title":"FRAPpuccino: Fault-detection through runtime analysis of provenance","author":"han","year":"2017","journal-title":"Proc USENIX Workshop Hot Topics Cloud Comput"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.02.005"},{"key":"ref50","first-page":"579","article-title":"Trends and lessons from three years fighting malicious extensions","author":"jagpal","year":"2015","journal-title":"Proc USENIX Conf Security Symp"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2646641"},{"key":"ref59","first-page":"1","article-title":"Anomaly-based intrusion detection of IoT device sensor data using provenance graphs","author":"nwafor","year":"2018","journal-title":"Proc 1st Int Workshop Security Privacy Internet-of-Things"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813654"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2379690.2379695"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref54","first-page":"79","article-title":"Data mining approaches for intrusion detection","author":"lee","year":"1998","journal-title":"Proc Conf USENIX Security Symp"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_13"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref40","first-page":"1","article-title":"The case of the fake picasso: Preventing history forgery with secure provenance","volume":"9","author":"hasan","year":"2009","journal-title":"Proc USENIX Conf File Storage Technol"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1516512.1516519"},{"key":"ref14","article-title":"String similarity via greedy string tiling and running karp-rabin matching","author":"wise","year":"1993"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"},{"key":"ref16","first-page":"171","article-title":"Using provenance to aid in personal file search","author":"shah","year":"2007","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1047915.1047918"},{"key":"ref18","first-page":"6","article-title":"A Gaussian distribution-based lightweight intrusion detection model","volume":"15","author":"wang","year":"2015","journal-title":"Int J Comput Sci Netw Security"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2011.07.010"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.4304\/jnw.6.4.638-645"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.40"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24106-2_23"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2396761.2398511"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.7763\/IJIET.2016.V6.702"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2821095"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref48","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantics aware execution partitioning","author":"ma","year":"2017","journal-title":"Proc Usenix Security Symp"},{"key":"ref47","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243776"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2501986"},{"key":"ref43","year":"0"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/4358699\/08935406.pdf?arnumber=8935406","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:37:45Z","timestamp":1642005465000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8935406\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":71,"URL":"https:\/\/doi.org\/10.1109\/tdsc.2019.2960353","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}