{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:01:54Z","timestamp":1775815314538,"version":"3.50.1"},"reference-count":53,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key R&D Program of China","award":["2023YFB3106900"],"award-info":[{"award-number":["2023YFB3106900"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62302362"],"award-info":[{"award-number":["62302362"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62402364"],"award-info":[{"award-number":["62402364"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472337"],"award-info":[{"award-number":["62472337"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Innovation Fund of Xidian University","award":["YJSJ25012"],"award-info":[{"award-number":["YJSJ25012"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1109\/tdsc.2025.3599661","type":"journal-article","created":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T19:50:03Z","timestamp":1755546603000},"page":"7729-7745","source":"Crossref","is-referenced-by-count":1,"title":["Resist Dependency Explosion in Attack Investigation With Splittable Tag Propagation and Aggregation"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3265-4078","authenticated-orcid":false,"given":"Anyuan","family":"Sang","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9685-6107","authenticated-orcid":false,"given":"Yuchen","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi’an, China"}]},{"given":"Junbo","family":"Jia","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2750-7031","authenticated-orcid":false,"given":"Li","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-8207-1472","authenticated-orcid":false,"given":"Pengbin","family":"Feng","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5201-5074","authenticated-orcid":false,"given":"Lu","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4251-1143","authenticated-orcid":false,"given":"Jianfeng","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi’an, China"}]}],"member":"263","reference":[{"key":"ref1","first-page":"3005","article-title":"Atlas: A sequence-based learning approach for attack investigation","volume-title":"Proc. USENIX Secur. Symp.","author":"Alsaheel"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref6","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantic aware execution partitioning","volume-title":"Proc. USENIX Secur. Symp.","author":"Ma"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567997"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref9","first-page":"2461","article-title":"Back-propagating system dependency impact for attack investigation","volume-title":"Proc. USENIX Secur. Symp.","author":"Fang"},{"key":"ref10","first-page":"1","article-title":"Nodlink: An online system for fine-grained APT attack detection and investigation","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Shaofei"},{"key":"ref11","first-page":"373","article-title":"Airtag: Towards automated attack investigation by unsupervised learning with log texts","volume-title":"Proc. USENIX Secur. Symp.","author":"Ding"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872395"},{"key":"ref16","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Lee"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/sp46215.2023.10179405"},{"key":"ref21","first-page":"487","article-title":"Sleuth: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain"},{"key":"ref22","first-page":"2345","article-title":"$\\lbrace${SIGL$\\rbrace$}: Securing software installations through deep graph learning","volume-title":"Proc. USENIX Secur. Symp.","author":"Han"},{"key":"ref23","first-page":"1","article-title":"Enriching intrusion alerts through multi-host causality","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"King"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939783"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2960353"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref32","first-page":"905","article-title":"Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Shen"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/658"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1017\/S1351324916000334"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24329"},{"key":"ref40","first-page":"1199","article-title":"Evading provenance-based ML detectors with adversarial system actions","volume-title":"Proc. USENIX Secur. Symp.","author":"Kunal"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"ref42","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref45","volume-title":"Introduction to Information Retrieval","volume":"39","author":"Sch\u00fctze","year":"2008"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3208815"},{"key":"ref54","first-page":"5197","article-title":"Magic: Detecting advanced persistent threats via masked graph representation learning","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Jia"},{"key":"ref56","first-page":"4355","article-title":"Prographer: An anomaly detection system based on provenance graph embedding","volume-title":"Proc. 32nd USENIX Conf. Secur. Symp.","author":"Yang"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00005"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00139"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714925"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24207"},{"key":"ref61","first-page":"1199","article-title":"Evading $\\lbrace${provenance-based $\\rbrace$}$\\lbrace${ ML$\\rbrace$} detectors with adversarial system actions","volume-title":"Proc. USENIX Secur. Symp.","author":"Mukherjee","year":"2023"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3678890.3678916"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560570"},{"key":"ref64","first-page":"2987","article-title":"SEAL: Storage-efficient causality analysis on enterprise logs with query-friendly compression","volume-title":"Proc. USENIX Secur. Symp.","author":"Fei"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11242243\/11126976.pdf?arnumber=11126976","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T21:00:44Z","timestamp":1763154044000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11126976\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":53,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3599661","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11]]}}}