{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:13:35Z","timestamp":1773713615666,"version":"3.50.1"},"reference-count":61,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Software Quality and Runtime Environment Security of Cloud Platform Domain Name Resolution"},{"name":"Zhejiang Key Laboratory of Electrical Technology and System on Renewable Energy"},{"name":"Alibaba Group through Alibaba Innovative Research Program"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3635127","type":"journal-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T18:46:17Z","timestamp":1763750777000},"page":"3331-3342","source":"Crossref","is-referenced-by-count":0,"title":["Retriever: A Distributed Intrusion Detection System for NOS-Enabled Networks"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4970-6613","authenticated-orcid":false,"given":"Runmin","family":"Ou","sequence":"first","affiliation":[{"name":"College of Electrical Engineering, Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yijie","family":"Bai","sequence":"additional","affiliation":[{"name":"College of Electrical Engineering, Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1382-0679","authenticated-orcid":false,"given":"Yanjiao","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Electrical Engineering, Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bingchuan","family":"Tian","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ming","family":"Tang","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiming","family":"Ji","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4352-7497","authenticated-orcid":false,"given":"Ennan","family":"Zhai","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dennis","family":"Cai","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5043-9148","authenticated-orcid":false,"given":"Wenyuan","family":"Xu","sequence":"additional","affiliation":[{"name":"College of Electrical Engineering, Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","first-page":"2435","article-title":"SHARD: Fine-grained kernel specialization with context-aware hardening","volume-title":"Proc. Secur. Symp.","author":"Abubakar"},{"key":"ref2","article-title":"Charting the security landscape of programmable dataplanes","author":"Agape","year":"2018"},{"key":"ref3","first-page":"3005","article-title":"ATLAS: A sequence-based learning approach for attack investigation","volume-title":"Proc. USENIX Secur. Symp.","author":"Alsaheel"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2963724"},{"key":"ref5","first-page":"2787","article-title":"Translating embeddings for modeling multi-relational data","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Bordes"},{"key":"ref6","article-title":"Enterprise SONiC","year":"2024"},{"key":"ref7","first-page":"1733","article-title":"Norma: Towards practical network load testing","volume-title":"Proc. USENIX Symp. Networked Syst. Des. Implementation","author":"Chen","year":"2023"},{"key":"ref8","article-title":"ATT & CK","author":"Corporation","year":"2024"},{"key":"ref9","article-title":"Transparent computing (Archived)","year":"2024"},{"key":"ref10","article-title":"Transparent computing engagement 5 data release","year":"2020"},{"key":"ref11","first-page":"1","article-title":"DISTDET: A cost-effective distributed cyber threat detection system","volume-title":"Proc. USENIX Secur. Symp.","author":"Dong"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref13","article-title":"SONiC\u2013Open networking software for enterprise data center","year":"2024"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108698"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.54"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2022.0130667"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_10"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24207"},{"key":"ref20","volume-title":"Systems Performance: Enterprise and the Cloud","author":"Gregg","year":"2020"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3053371"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICWS.2017.13"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-12127-3_3"},{"key":"ref28","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. USENIX Secur. Symp.","author":"Hossain"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2021.3070843"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2022.07.030"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2022.01.030"},{"key":"ref32","first-page":"667","article-title":"IMap: Fast and scalable in-network scanning with programmable switches","volume-title":"Proc. USENIX Symp. Networked Syst. Des. Implementation","author":"Li"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3274526"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2017.2773081"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.09.004"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3472883.3486976"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i10.17049"},{"key":"ref38","first-page":"4756","article-title":"Towards more practical adversarial attacks on graph neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Ma"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3541890"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3098822.3098824"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref43","article-title":"Adversary-in-the-middle, technique T1157","year":"2020"},{"key":"ref44","article-title":"Automated Exfiltration: Traffic duplication, sub-technique T1020.001","year":"2020"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2018.8478973"},{"key":"ref46","article-title":"CVE-2023\u201325809","year":"2023"},{"key":"ref47","first-page":"1","article-title":"Building a bitcoin miner on an FPGA","volume-title":"Proc. South Symp. Microelectronics","author":"Oliveira"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243776"},{"key":"ref50","article-title":"auditd \u2014 linux audit daemon (manual page)","author":"Project","year":"2025"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00087"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v32i1.11535"},{"key":"ref53","article-title":"About SONiC","year":"2024"},{"key":"ref54","article-title":"SONiC-Powered networking for campuses: Making open networking and PoE as easy as pie","year":"2023"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33017152"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2017.2754499"},{"key":"ref57","first-page":"1","article-title":"How powerful are graph neural networks?","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Xu"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484551"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3219342"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3539605"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11264294.pdf?arnumber=11264294","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:17:04Z","timestamp":1773710224000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11264294\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":61,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3635127","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}