{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T16:21:55Z","timestamp":1780762915014,"version":"3.54.1"},"reference-count":42,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002324"],"award-info":[{"award-number":["62002324"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U22B2028"],"award-info":[{"award-number":["U22B2028"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1936215"],"award-info":[{"award-number":["U1936215"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Zhejiang Provincial Natural Science Foundation of China","award":["LQ21F020016"],"award-info":[{"award-number":["LQ21F020016"]}]},{"name":"Zhejiang Provincial Natural Science Foundation of China","award":["LY20F020027"],"award-info":[{"award-number":["LY20F020027"]}]},{"name":"Zhejiang Provincial Key Research and Development","award":["2021C01117"],"award-info":[{"award-number":["2021C01117"]}]},{"name":"Major Program of Natural Science Foundation of Zhejiang Province","award":["LD22F020002"],"award-info":[{"award-number":["LD22F020002"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2023,11]]},"DOI":"10.1109\/tdsc.2023.3243667","type":"journal-article","created":{"date-parts":[[2023,2,9]],"date-time":"2023-02-09T18:33:38Z","timestamp":1675967618000},"page":"5247-5264","source":"Crossref","is-referenced-by-count":53,"title":["APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8657-662X","authenticated-orcid":false,"given":"Tiantian","family":"Zhu","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jinkai","family":"Yu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4426-3585","authenticated-orcid":false,"given":"Chunlin","family":"Xiong","sequence":"additional","affiliation":[{"name":"Department of Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1690-164X","authenticated-orcid":false,"given":"Wenrui","family":"Cheng","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3360-4025","authenticated-orcid":false,"given":"Qixuan","family":"Yuan","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4293-5850","authenticated-orcid":false,"given":"Jie","family":"Ying","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jiabo","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4810-7491","authenticated-orcid":false,"given":"Mingqi","family":"Lv","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0121-5324","authenticated-orcid":false,"given":"Ting","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuan","family":"Fan","sequence":"additional","affiliation":[{"name":"DAS-Security, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1002\/sam.11346"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60080-2_21"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIEC.2019.8784483"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68612-7_11"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-62223-7_12"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ISBAST.2014.7013108"},{"key":"ref13","first-page":"757","article-title":"UNVEIL: A large-scale, automated approach to detecting ransomware","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Kharaz"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref19","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Lee"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref21","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantic aware execution partitioning","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Ma"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872395"},{"key":"ref24","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref27","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ICITBS.2016.87"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101734"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.2991\/nceece-15.2016.187"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/3PGCIC.2014.41"},{"key":"ref35","article-title":"Sensitive data tracking using dynamic taint analysis","author":"Jung","year":"2014"},{"key":"ref36","first-page":"335","article-title":"NanoLog: A nanosecond scale logging system","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Yang"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3076288"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102282"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2821095"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref53","first-page":"241","article-title":"Kernel-supported cost-effective audit logging for causality tracking","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Ma"},{"key":"ref54","article-title":"Mining data provenance to detect advanced persistent threats","volume-title":"Proc. 11th Int. Workshop Theory Pract. Provenance","author":"Barre"},{"key":"ref55","article-title":"Aggregating unsupervised provenance anomaly detectors","volume-title":"Proc. 11th Int. Workshop Theory Pract. Provenance","author":"Berrada"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref63","first-page":"3023","article-title":"ELISE: A storage efficient logging system powered by redundancy reduction and representation learning","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Ding"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/DCC.2019.00087"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10314839\/10041816.pdf?arnumber=10041816","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,24]],"date-time":"2024-05-24T05:29:16Z","timestamp":1716528556000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10041816\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11]]},"references-count":42,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3243667","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11]]}}}