{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:26:55Z","timestamp":1773512815686,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSFC","award":["61872180"],"award-info":[{"award-number":["61872180"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243763","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T17:38:33Z","timestamp":1539711513000},"page":"1324-1337","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":75,"title":["NodeMerge"],"prefix":"10.1145","author":[{"given":"Yutao","family":"Tang","sequence":"first","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}]},{"given":"Ding","family":"Li","sequence":"additional","affiliation":[{"name":"NEC Laboratories America Inc, Princeton, NJ, USA"}]},{"given":"Zhichun","family":"Li","sequence":"additional","affiliation":[{"name":"NEC Laboratories America Inc, Princeton, VA, USA"}]},{"given":"Mu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Cornell University, Ithaca, NY, USA"}]},{"given":"Kangkook","family":"Jee","sequence":"additional","affiliation":[{"name":"NEC Laboratories America Inc, Princeton, NJ, USA"}]},{"given":"Xusheng","family":"Xiao","sequence":"additional","affiliation":[{"name":"Case Western Reserve University, Cleveland, OH, USA"}]},{"given":"Zhenyu","family":"Wu","sequence":"additional","affiliation":[{"name":"NEC Laboratories America Inc, Princeton, NJ, USA"}]},{"given":"Junghwan","family":"Rhee","sequence":"additional","affiliation":[{"name":"NEC Laboratories America Inc, Princeton, NJ, USA"}]},{"given":"Fengyuan","family":"Xu","sequence":"additional","affiliation":[{"name":"Nanjing University, Nanjing, China"}]},{"given":"Qun","family":"Li","sequence":"additional","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"abcNEWS. 2015. Anthem Cyber Attack. http:\/\/abcnews.go.com\/Business\/anthem-cyber-attack-things-happen-personal-information\/story?id=28747729 Retrieved August 2017 from  abcNEWS. 2015. Anthem Cyber Attack. http:\/\/abcnews.go.com\/Business\/anthem-cyber-attack-things-happen-personal-information\/story?id=28747729 Retrieved August 2017 from"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"crossref","unstructured":"J. A. Ambrose J. Peddersen S. Parameswaran A. Labios and Y. Yachide. 2014. SDG2KPN: System Dependency Graph to function-level KPN generation of legacy code for MPSoCs 2014 19th Asia and South Pacific Design Automation Conference (ASP-DAC). 267--273.  J. A. Ambrose J. Peddersen S. Parameswaran A. Labios and Y. Yachide. 2014. SDG2KPN: System Dependency Graph to function-level KPN generation of legacy code for MPSoCs 2014 19th Asia and South Pacific Design Automation Conference (ASP-DAC). 267--273.","DOI":"10.1109\/ASPDAC.2014.6742901"},{"key":"e_1_3_2_2_3_1","unstructured":"The Linux audit framework. 2016. https:\/\/wiki.archlinux.org\/index.php\/Audit_framework.  The Linux audit framework. 2016. https:\/\/wiki.archlinux.org\/index.php\/Audit_framework."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062180"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664274"},{"key":"e_1_3_2_2_7_1","unstructured":"Tom Brant and Joel Santo Domingo. 2018. SSD vs. HDD: What's the Difference? https:\/\/www.pcmag.com\/article2\/0 2817 2404258 00.asp.  Tom Brant and Joel Santo Domingo. 2018. SSD vs. HDD: What's the Difference? https:\/\/www.pcmag.com\/article2\/0 2817 2404258 00.asp."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1376616.1376715"},{"key":"e_1_3_2_2_9_1","unstructured":"DARKReading. 2011. Sony reports 24.5 million more accounts hacked. http:\/\/www.darkreading.com\/attacks-and-breaches\/sony-reports-245-million-more-accounts-hacked\/d\/d-id\/1097499 Retrieved August 2017 from  DARKReading. 2011. Sony reports 24.5 million more accounts hacked. http:\/\/www.darkreading.com\/attacks-and-breaches\/sony-reports-245-million-more-accounts-hacked\/d\/d-id\/1097499 Retrieved August 2017 from"},{"key":"e_1_3_2_2_10_1","unstructured":"Barbara Filkins. 2016. IT Security Spending Trends. https:\/\/www.sans.org\/reading-room\/whitepapers\/analyst\/security-spending-trends-36697.  Barbara Filkins. 2016. IT Security Spending Trends. https:\/\/www.sans.org\/reading-room\/whitepapers\/analyst\/security-spending-trends-36697."},{"key":"e_1_3_2_2_11_1","unstructured":"Forbes. 2017. Equifax Data Breach Impacts 143 Million Americans. https:\/\/www.forbes.com\/sites\/leemathews\/2017\/09\/07\/equifax-data-breach-impacts-143-million-americans\/a7bd9db356f8.  Forbes. 2017. Equifax Data Breach Impacts 143 Million Americans. https:\/\/www.forbes.com\/sites\/leemathews\/2017\/09\/07\/equifax-data-breach-impacts-143-million-americans\/a7bd9db356f8."},{"key":"e_1_3_2_2_12_1","volume-title":"SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection 27th USENIX Security Symposium (USENIX Security 18)","author":"Gao Peng","year":"2018"},{"key":"e_1_3_2_2_13_1","volume-title":"2018 b. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data 2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Gao Peng"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335372"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629080.1629082"},{"key":"e_1_3_2_2_17_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Hasan Ragib","year":"2009"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2006.69"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053034"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_2_21_1","volume-title":"Comparison of lossless data compression algorithms for text data. Indian journal of computer science and engineering","author":"Kodituwakku SR","year":"2010"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866314"},{"key":"e_1_3_2_2_23_1","unstructured":"Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013 a. High Accuracy Attack Provenance via Binary-based Execution Partition. NDSS.  Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013 a. High Accuracy Attack Provenance via Binary-based Execution Partition. NDSS."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1454008.1454027"},{"key":"e_1_3_2_2_26_1","volume-title":"2014 23rd Wireless and Optical Communication Conference (WOCC). 1--5.","author":"Liu J."},{"key":"e_1_3_2_2_27_1","volume-title":"Towards a Timely Causality Analysis for Enterprise Security Proceedings of NDSS Symposium","author":"Liu Yushan","year":"2018"},{"key":"e_1_3_2_2_28_1","unstructured":"Gordon Fyodor Lyon. 2009. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure.   Gordon Fyodor Lyon. 2009. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818039"},{"key":"e_1_3_2_2_30_1","unstructured":"Shiqing Ma Xiangyu Zhang and Dongyan Xu. 2016. ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. In NDSS.  Shiqing Ma Xiangyu Zhang and Dongyan Xu. 2016. ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting. In NDSS."},{"key":"e_1_3_2_2_31_1","unstructured":"Microsoft. 2017. ETW events in the common language runtime. https:\/\/msdn.microsoft.com\/en-us\/library\/ff357719(v=vs.110).aspx.  Microsoft. 2017. ETW events in the common language runtime. https:\/\/msdn.microsoft.com\/en-us\/library\/ff357719(v=vs.110).aspx."},{"key":"e_1_3_2_2_32_1","unstructured":"State Minimization\/Reduction. {n. d.}. http:\/\/www2.elo.utfsm.cl\/ lsb\/elo211\/aplicaciones\/katz\/chapter9\/chapter09.doc2.html.  State Minimization\/Reduction. {n. d.}. http:\/\/www2.elo.utfsm.cl\/ lsb\/elo211\/aplicaciones\/katz\/chapter9\/chapter09.doc2.html."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"crossref","unstructured":"J. Ouyang H. Luo Z. Wang J. Tian C. Liu and K. Sheng. 2010. FPGA implementation of GZIP compression and decompression for IDC services 2010 International Conference on Field-Programmable Technology. 265--268.  J. Ouyang H. Luo Z. Wang J. Tian C. Liu and K. Sheng. 2010. FPGA implementation of GZIP compression and decompression for IDC services 2010 International Conference on Field-Programmable Technology. 265--268.","DOI":"10.1109\/FPT.2010.5681489"},{"key":"e_1_3_2_2_34_1","unstructured":"Igor Pavlov. 2014. 7-zip. (2014).  Igor Pavlov. 2014. 7-zip. (2014)."},{"key":"e_1_3_2_2_35_1","unstructured":"Amazon S3 Price. {n. d.}. https:\/\/aws.amazon.com\/s3\/pricing\/.  Amazon S3 Price. {n. d.}. https:\/\/aws.amazon.com\/s3\/pricing\/."},{"key":"e_1_3_2_2_36_1","unstructured":"Redhat. 2017. The Linux audit framework. https:\/\/github.com\/linux-audit\/.  Redhat. 2017. The Linux audit framework. https:\/\/github.com\/linux-audit\/."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"crossref","unstructured":"M. Rezvani A. Ignjatovic E. Bertino and S. Jha. 2014. Provenance-aware security risk analysis for hosts and network flows 2014 IEEE Network Operations and Management Symposium (NOMS). 1--8.  M. Rezvani A. Ignjatovic E. Bertino and S. Jha. 2014. Provenance-aware security risk analysis for hosts and network flows 2014 IEEE Network Operations and Management Symposium (NOMS). 1--8.","DOI":"10.1109\/NOMS.2014.6838250"},{"key":"e_1_3_2_2_38_1","unstructured":"Julian Seward. 1998. bzip2.  Julian Seward. 1998. bzip2."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWIA.2005.9"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2011.76"},{"key":"e_1_3_2_2_41_1","unstructured":"Techcrunch. 2017. Target Says Credit Card Data Breach Cost It 162M Dollars In 2013--14. https:\/\/techcrunch.com\/2015\/02\/25\/target-says-credit-card-data-breach-cost-it-162m-in-2013--14\/.  Techcrunch. 2017. Target Says Credit Card Data Breach Cost It 162M Dollars In 2013--14. https:\/\/techcrunch.com\/2015\/02\/25\/target-says-credit-card-data-breach-cost-it-162m-in-2013--14\/."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","volume-title":"Top Down FP-Growth for Association Rule Mining","author":"Wang Ke","DOI":"10.1007\/3-540-47887-6_34"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2396761.2398511"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2700264"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/18.841161"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590309"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.01.002"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"crossref","unstructured":"M. H. Zibaeenejad and J. G. Thistle. 2015. Dependency graph: An algorithm for analysis of generalized parameterized networks 2015 American Control Conference (ACC). 696--702.  M. H. Zibaeenejad and J. G. Thistle. 2015. Dependency graph: An algorithm for analysis of generalized parameterized networks 2015 American Control Conference (ACC). 696--702.","DOI":"10.1109\/ACC.2015.7170816"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2007.19"}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243763","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243763","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:08:17Z","timestamp":1750212497000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243763"}},"subtitle":["Template Based Efficient Data Reduction For Big-Data Causality Analysis"],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":51,"alternative-id":["10.1145\/3243734.3243763","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243763","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}