{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T18:46:57Z","timestamp":1780512417760,"version":"3.54.1"},"reference-count":84,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2022YFB4501802"],"award-info":[{"award-number":["2022YFB4501802"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172009"],"award-info":[{"award-number":["62172009"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62141208"],"award-info":[{"award-number":["62141208"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Huawei Research Fund"},{"name":"CCF-Tencent Open Fund"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1109\/tdsc.2023.3277613","type":"journal-article","created":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T17:49:13Z","timestamp":1685382553000},"page":"1406-1423","source":"Crossref","is-referenced-by-count":8,"title":["Detecting Malicious Websites From the Perspective of System Provenance Analysis"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2613-5224","authenticated-orcid":false,"given":"Peng","family":"Jiang","sequence":"first","affiliation":[{"name":"Key Laboratory of High-Confidence Software Technologies (MOE) School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jifan","family":"Xiao","sequence":"additional","affiliation":[{"name":"Key Laboratory of High-Confidence Software Technologies (MOE) School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7558-9137","authenticated-orcid":false,"given":"Ding","family":"Li","sequence":"additional","affiliation":[{"name":"Key Laboratory of High-Confidence Software Technologies (MOE) School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hongyi","family":"Yu","sequence":"additional","affiliation":[{"name":"Advanced Institute of Information Technology, Hangzhou, Zhejiang, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5562-5102","authenticated-orcid":false,"given":"Yu","family":"Bai","sequence":"additional","affiliation":[{"name":"Advanced Institute of Information Technology, Hangzhou, Zhejiang, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5064-5286","authenticated-orcid":false,"given":"Yao","family":"Guo","sequence":"additional","affiliation":[{"name":"Key Laboratory of High-Confidence Software Technologies (MOE) School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xiangqun","family":"Chen","sequence":"additional","affiliation":[{"name":"Key Laboratory of High-Confidence Software Technologies (MOE) School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Web threats","year":"2019"},{"key":"ref2","article-title":"Why web-based malware is the most serious threat to your business","year":"2017"},{"key":"ref3","article-title":"What is a drive-by download and how can it infect your computer?","year":"2019"},{"key":"ref4","first-page":"379","article-title":"PhishTime: Continuous longitudinal measurement of the effectiveness of anti-phishing blacklists","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Oest","year":"2020"},{"key":"ref5","article-title":"What is Cryptojacking? How to prevent, detect, and recover from it","author":"Nadeau","year":"2020"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"ref7","article-title":"[Heads-up] 40 percent of malicious URLs found on good domains. YIKES","author":"Sjouwerman","year":"2019"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345656"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23319"},{"key":"ref11","first-page":"637","article-title":"Revolver: An automated approach to the detection of evasive web-based malware","volume-title":"Proc. 22nd USENIX Secur. Symp.","author":"Kapravelos"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355599"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"ref14","first-page":"639","article-title":"SAQL: A stream-based query system for real-time abnormal system behavior detection","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Gao"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE48307.2020.00151"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611975673.78"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref20","article-title":"SIGL: Securing software installations through deep graph learning","author":"Han","year":"2020"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.013"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2015.04.001"},{"key":"ref25","article-title":"Cryptomining malware","year":"2020"},{"key":"ref26","article-title":"Coinhive cryptojacking service to shut down in march 2019","author":"Cimpanu","year":"2019"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SysSec.2011.9"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SSIRI.2010.17"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/522"},{"key":"ref39","article-title":"Alexa top sites","year":"2020"},{"key":"ref40","volume-title":"Cuckoo Malware Analysis","author":"Oktavianto","year":"2013"},{"key":"ref41","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Hossain"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00015"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1177\/1536867X1201200202"},{"key":"ref44","volume-title":"Practical Nonparametric Statistics","author":"Conover","year":"1999"},{"issue":"86","key":"ref45","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"van der Maaten","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v039.i11"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427255"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"ref50","first-page":"110","article-title":"Ensemble learning","volume":"2","author":"Dietterich","year":"2002","journal-title":"Handbook Brain Theory Neural Netw."},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/S0893-6080(05)80023-1"},{"key":"ref52","first-page":"231","article-title":"Neural network ensembles, cross validation, and active learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Krogh"},{"key":"ref54","article-title":"model stacking\u201d to improve machine learning predictions","year":"2021"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/34.709601"},{"issue":"3","key":"ref56","first-page":"61","article-title":"Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods","volume":"10","author":"Platt","year":"1999","journal-title":"Adv. Large Margin Classifiers"},{"key":"ref58","first-page":"263","article-title":"Mathematics for machine learning","volume-title":"Mathematics for Machine Learning","year":"2020"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1002\/9780470977811.ch1"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-08968-2_16"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.2307\/2346830"},{"issue":"1","key":"ref63","doi-asserted-by":"crossref","first-page":"126","DOI":"10.2307\/2982840","article-title":"Mixture Models: Inference and Applications to Clustering","volume":"152","author":"Geary","year":"1989","journal-title":"J. Roy. Stat. Soc. Ser. A"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.5555\/2980539.2980649"},{"key":"ref66","article-title":"Large-scale automatic classification of phishing pages","author":"Whittaker","year":"2010"},{"key":"ref67","volume-title":"An Empirical Analysis of Phishing Blacklists","author":"Sheng","year":"2009"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"ref69","first-page":"1","article-title":"Identifying suspicious URLs: An application of large-scale misc learning","volume-title":"Proc. 26th Annu. Int. Conf. Mach. Learn.","author":"Ma"},{"key":"ref70","first-page":"361","article-title":"Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Oest"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2017.7996831"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3138825"},{"key":"ref73","article-title":"Malicious URL detection using machine learning: A survey","author":"Sahoo","year":"2020"},{"key":"ref74","article-title":"Campaign evolution: Darkleech to pseudo-Darkleech and beyond","author":"Duncan","year":"2016"},{"key":"ref75","article-title":"Rampant Apache website attack hits visitors with highly malicious software","year":"2013"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920267"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359813"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref79","first-page":"169","article-title":"Nozzle: A defense against heap-spraying code injection attacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Ratanaworabhan"},{"key":"ref80","first-page":"3","article-title":"Zozzle: Low-overhead mostly static JavaScript malware detection","volume-title":"Proc. USENIX Secur. Symp.","author":"Curtsinger"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/2487788.2487942"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"ref84","first-page":"18","article-title":"FRAPpuccino: Fault-detection through runtime analysis of provenance","volume-title":"Proc. 9th USENIX Workshop Hot Top. Cloud Comput.","author":"Han"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.02.005"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref89","first-page":"1705","article-title":"Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Ji"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243776"},{"key":"ref91","first-page":"319","article-title":"Trustworthy whole-system provenance for the Linux kernel","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Bates"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref93","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","volume-title":"Proc. 27th {USENIX} Secur. Symp.","author":"Hossain"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_22"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"ref98","article-title":"CVE-2019\u20138339, a falco capacity related vulnerability","author":"Stemm","year":"2019"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10530496\/10138105.pdf?arnumber=10138105","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,15]],"date-time":"2024-05-15T17:46:26Z","timestamp":1715795186000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10138105\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5]]},"references-count":84,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3277613","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5]]}}}