{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T10:50:51Z","timestamp":1779360651801,"version":"3.51.4"},"reference-count":41,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002324"],"award-info":[{"award-number":["62002324"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1936215"],"award-info":[{"award-number":["U1936215"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61772026"],"award-info":[{"award-number":["61772026"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004731","name":"Zhejiang Provincial Natural Science Foundation of China","doi-asserted-by":"publisher","award":["LQ21F020016"],"award-info":[{"award-number":["LQ21F020016"]}],"id":[{"id":"10.13039\/501100004731","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006579","name":"Ministry of Industry and Information Technology of China","doi-asserted-by":"publisher","award":["TC190H3WN"],"award-info":[{"award-number":["TC190H3WN"]}],"id":[{"id":"10.13039\/501100006579","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Zhejiang Provincial Key Research Projects","award":["2021C01117"],"award-info":[{"award-number":["2021C01117"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/tifs.2021.3076288","type":"journal-article","created":{"date-parts":[[2021,4,28]],"date-time":"2021-04-28T19:53:21Z","timestamp":1619639601000},"page":"3312-3325","source":"Crossref","is-referenced-by-count":40,"title":["General, Efficient, and Real-Time Data Compaction Strategy for APT Forensic Analysis"],"prefix":"10.1109","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8657-662X","authenticated-orcid":false,"given":"Tiantian","family":"Zhu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiayu","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1934-3057","authenticated-orcid":false,"given":"Linqi","family":"Ruan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4426-3585","authenticated-orcid":false,"given":"Chunlin","family":"Xiong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinkai","family":"Yu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yaosheng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yan","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4810-7491","authenticated-orcid":false,"given":"Mingqi","family":"Lv","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","year":"2020","journal-title":"The 2016 Phishing Susceptiblity Report"},{"key":"ref38","year":"2020","journal-title":"ATT&CK MITRE"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3062180"},{"key":"ref32","first-page":"319","article-title":"Trustworthy whole-system provenance for the linux kernel","author":"bates","year":"2015","journal-title":"Proc 24th Secur Symp"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872395"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref40","year":"2020","journal-title":"KDD99"},{"key":"ref11","first-page":"1","article-title":"Enriching intrusion alerts through multi-host causality","author":"king","year":"2005","journal-title":"Proc NDSS"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"ref13","year":"2020","journal-title":"ETW Events in the Common Language Runtime"},{"key":"ref14","year":"2020","journal-title":"Event Tracing for Windows (ETW)"},{"key":"ref15","year":"2020","journal-title":"The Linux Audit Framework"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref19","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","author":"hossain","year":"2017","journal-title":"Proc 26th Secur Symp"},{"key":"ref28","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantic aware execution partitioning","author":"ma","year":"2017","journal-title":"Proc 26th Secur Symp"},{"key":"ref4","year":"2020","journal-title":"M-Trends Reports 2020"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref3","year":"2020","journal-title":"11 Steps Attackers Took to Crack Target"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866314"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2014.6838250"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818039"},{"key":"ref2","year":"2020","journal-title":"Target hackers broke in via HVAC company"},{"key":"ref9","first-page":"1","article-title":"High accuracy attack provenance via binary-based execution partition","author":"lee","year":"2013","journal-title":"Proc NDSS"},{"key":"ref1","year":"2020","journal-title":"Stuxnet Worm Attack on Iranian Nuclear Facilities"},{"key":"ref20","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","author":"hossain","year":"2018","journal-title":"Proc 27th Secur Symp"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1453175.1453180"},{"key":"ref41","year":"2020","journal-title":"Transparent computing engagement 3"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2382553.2382555"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1037187.1024404"},{"key":"ref25","first-page":"378","article-title":"Defeating memory corruption attacks via pointer taintedness detection","author":"chen","year":"2005","journal-title":"Proc Int Conf Dependable Syst Netw"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9151439\/09417210.pdf?arnumber=9417210","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:52:47Z","timestamp":1652194367000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9417210\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":41,"URL":"https:\/\/doi.org\/10.1109\/tifs.2021.3076288","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}