{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T13:25:59Z","timestamp":1740144359472,"version":"3.37.3"},"reference-count":44,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"11","license":[{"start":{"date-parts":[[2018,11,1]],"date-time":"2018-11-01T00:00:00Z","timestamp":1541030400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61772415","61375040"],"award-info":[{"award-number":["61772415","61375040"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"111 International Collaboration Program of China"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2018,11]]},"DOI":"10.1109\/tifs.2018.2833048","type":"journal-article","created":{"date-parts":[[2018,5,3]],"date-time":"2018-05-03T19:05:25Z","timestamp":1525374325000},"page":"2913-2928","source":"Crossref","is-referenced-by-count":5,"title":["Probabilistically Inferring Attack Ramifications Using Temporal Dependence Network"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2389-701X","authenticated-orcid":false,"given":"Yuan","family":"Yang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2152-720X","authenticated-orcid":false,"given":"Zhongmin","family":"Cai","sequence":"additional","affiliation":[]},{"given":"Chunyan","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Junjie","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"journal-title":"Process Hollowing","year":"2017","key":"ref39"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_6"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2291066"},{"journal-title":"The Linux Audit Framework","year":"2017","key":"ref32"},{"journal-title":"Event Tracing for Windows","year":"2017","key":"ref31"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1117\/12.604240"},{"journal-title":"Stuxnet","year":"2017","key":"ref37"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_1"},{"journal-title":"Probabilistic Reasoning in Intelligent Systems Networks of Plausible Inference","year":"1988","author":"pearl","key":"ref35"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818011"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"journal-title":"W32 stuxnet Dossier","year":"2017","author":"falliere","key":"ref40"},{"key":"ref11","first-page":"144","article-title":"System-level support for intrusion recovery","author":"bacs","year":"2012","journal-title":"Proc DIMVA"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_16"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.09.004"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.05.029"},{"key":"ref16","first-page":"419","article-title":"Automatic generation of remediation procedures for malware infections","author":"paleari","year":"2010","journal-title":"Proc USENIX Security07"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2014.2367322"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2016.2641452"},{"key":"ref19","first-page":"79","article-title":"A graphical model to assess the impact of multi-step attacks","volume":"15","author":"albanese","year":"2017","journal-title":"J Defense Model Simul Appl Methodol Technol"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368511"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.22"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/IWIA.2005.9"},{"key":"ref6","first-page":"89","article-title":"Intrusion recovery using selective re-execution","author":"kim","year":"2010","journal-title":"Proc OSDI"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70567-3_22"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2007.70765"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.88"},{"key":"ref7","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"Proc NDSS"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945467"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref20","first-page":"1","article-title":"Mission cyber security situation assessment using impact dependency graphs","author":"jakobson","year":"2011","journal-title":"Proc Int Conf Inf Fusion"},{"key":"ref22","first-page":"16","article-title":"Probabilistic mission impact assessment based on widespread local events","author":"motzek","year":"2015","journal-title":"NATO IST-128 Workshop Assessing Mission Impact of Cyberattacks"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.11.005"},{"key":"ref42","first-page":"38","article-title":"Provenance-aware tracing of worm break-in and contaminations: A process coloring approach","author":"jiang","year":"2006","journal-title":"Proc ICDCS"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.52"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2162062"},{"key":"ref44","first-page":"703","article-title":"Indirect causes in dynamic Bayesian networks revisited","author":"motzek","year":"2015","journal-title":"Proc IJCAI"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.8"},{"journal-title":"Apache Benchmark","year":"2017","key":"ref43"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.16"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/8361165\/08353880.pdf?arnumber=8353880","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:22:29Z","timestamp":1642004549000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8353880\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11]]},"references-count":44,"journal-issue":{"issue":"11"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2018.2833048","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2018,11]]}}}