{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:40Z","timestamp":1750220680452,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,4,26]],"date-time":"2021-04-26T00:00:00Z","timestamp":1619395200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,4,26]]},"DOI":"10.1145\/3422337.3447831","type":"proceedings-article","created":{"date-parts":[[2021,4,10]],"date-time":"2021-04-10T07:57:52Z","timestamp":1618041472000},"page":"161-172","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["UTrack"],"prefix":"10.1145","author":[{"given":"Yue","family":"Li","sequence":"first","affiliation":[{"name":"College of William and Mary, Williamsburg, VA, USA"}]},{"given":"Zhenyu","family":"Wu","sequence":"additional","affiliation":[{"name":"Google Inc., New York, NY, USA"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"Virginia Tech, Arlington, VA, USA"}]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}]},{"given":"Zhichun","family":"Li","sequence":"additional","affiliation":[{"name":"Stellar Cyber, Santa Clara, CA, USA"}]},{"given":"Kangkook","family":"Jee","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}]},{"given":"Junghwan","family":"Rhee","sequence":"additional","affiliation":[{"name":"University of Central Oklahoma, Edmond, OK, USA"}]},{"given":"Haifeng","family":"Chen","sequence":"additional","affiliation":[{"name":"NEC Laboratories America, Princeton, NJ, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,4,26]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660347"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1384529.1375473"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"crossref","unstructured":"Richard Atterer Monika Wnuk and Albrecht Schmidt. 2006. Knowing the user's every move: user activity tracking for website usability evaluation and implicit interaction. In WWW .  Richard Atterer Monika Wnuk and Albrecht Schmidt. 2006. Knowing the user's every move: user activity tracking for website usability evaluation and implicit interaction. In WWW .","DOI":"10.1145\/1135777.1135811"},{"key":"e_1_3_2_2_4_1","unstructured":"BALABIT. 2015. Privileged Account Analytics - User Behavior Analytics Security Solution. https:\/\/www.balabit.com\/privileged-account-analytics.  BALABIT. 2015. Privileged Account Analytics - User Behavior Analytics Security Solution. https:\/\/www.balabit.com\/privileged-account-analytics."},{"key":"e_1_3_2_2_5_1","volume-title":"Rebecca Isaacs, and Richard Mortier.","author":"Barham Paul","year":"2004","unstructured":"Paul Barham , Austin Donnelly , Rebecca Isaacs, and Richard Mortier. 2004 . Using Magpie for Request Extraction and Workload Modelling.. In USENIX OSDI . Paul Barham, Austin Donnelly, Rebecca Isaacs, and Richard Mortier. 2004. Using Magpie for Request Extraction and Workload Modelling.. In USENIX OSDI ."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/2228298.2228319"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920265"},{"volume-title":"NDSS.","author":"Danezis George","key":"e_1_3_2_2_9_1","unstructured":"George Danezis and Prateek Mittal . 2009. SybilInfer: Detecting Sybil Nodes using Social Networks .. In NDSS. San Diego, CA . George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting Sybil Nodes using Social Networks.. In NDSS. San Diego, CA."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"e_1_3_2_2_11_1","unstructured":"David Devecsery Michael Chow Xianzheng Dou Jason Flinn and Peter M Chen. 2014. Eidetic Systems.. In USENIX OSDI. 525--540.  David Devecsery Michael Chow Xianzheng Dou Jason Flinn and Peter M Chen. 2014. Eidetic Systems.. In USENIX OSDI. 525--540."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315284"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653694"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"crossref","unstructured":"Ashvin Goel Kenneth Po Kamran Farhadi Zheng Li and Eyal De Lara. 2005. The taser intrusion recovery system. In ACM SOSP. 163--176.  Ashvin Goel Kenneth Po Kamran Farhadi Zheng Li and Eyal De Lara. 2005. The taser intrusion recovery system. In ACM SOSP. 163--176.","DOI":"10.1145\/1095809.1095826"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/335191.335372"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Wajih Ul Hassan Mark Lemay Nuraini Aguse Adam Bates and Thomas Moyer. 2018. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. In NDSS .  Wajih Ul Hassan Mark Lemay Nuraini Aguse Adam Bates and Thomas Moyer. 2018. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. In NDSS .","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_2_18_1","volume-title":"26th USENIX Security Symposium. 487--504","author":"Hossain Md Nahid","year":"2017","unstructured":"Md Nahid Hossain , Sadegh M Milajerdi , Junao Wang , Birhanu Eshete , Rigel Gjomemo , R Sekar , Scott Stoller , and VN Venkatakrishnan . 2017 . SLEUTH: Real-time attack scenario reconstruction from COTS audit data . In 26th USENIX Security Symposium. 487--504 . Md Nahid Hossain, Sadegh M Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R Sekar, Scott Stoller, and VN Venkatakrishnan. 2017. SLEUTH: Real-time attack scenario reconstruction from COTS audit data. In 26th USENIX Security Symposium. 487--504."},{"key":"e_1_3_2_2_19_1","unstructured":"IBM. 2016. IBM QRadar User Behavior Analytics. https:\/\/www.ibm.com\/cz-en\/marketplace\/qradar-user-behavior-analytics.  IBM. 2016. IBM QRadar User Behavior Analytics. https:\/\/www.ibm.com\/cz-en\/marketplace\/qradar-user-behavior-analytics."},{"key":"e_1_3_2_2_20_1","unstructured":"Johna Till Johnsons. 2015. User behavioral analytics tools can thwart security attacks. http:\/\/searchsecurity.techtarget.com\/feature\/User-behavioral-analytics-tools-can-thwart-security-attacks.  Johna Till Johnsons. 2015. User behavioral analytics tools can thwart security attacks. http:\/\/searchsecurity.techtarget.com\/feature\/User-behavioral-analytics-tools-can-thwart-security-attacks."},{"key":"e_1_3_2_2_21_1","unstructured":"Taesoo Kim Xi Wang Nickolai Zeldovich and M Frans Kaashoek. 2010. Intrusion Recovery Using Selective Re-execution.. In USENIX OSDI. 89--104.  Taesoo Kim Xi Wang Nickolai Zeldovich and M Frans Kaashoek. 2010. Intrusion Recovery Using Selective Re-execution.. In USENIX OSDI. 89--104."},{"key":"e_1_3_2_2_22_1","volume-title":"Backtracking intrusions. ACM SOSP","author":"King Samuel T","year":"2003","unstructured":"Samuel T King and Peter M Chen . 2003. Backtracking intrusions. ACM SOSP ( 2003 ), 223--236. Samuel T King and Peter M Chen. 2003. Backtracking intrusions. ACM SOSP (2003), 223--236."},{"key":"e_1_3_2_2_23_1","volume-title":"Dominic G Lucchetti, and Peter M Chen.","author":"King Samuel T","year":"2005","unstructured":"Samuel T King , Zhuoqing Morley Mao , Dominic G Lucchetti, and Peter M Chen. 2005 . Enriching Intrusion Alerts Through Multi-Host Causality.. In NDSS . Samuel T King, Zhuoqing Morley Mao, Dominic G Lucchetti, and Peter M Chen. 2005. Enriching Intrusion Alerts Through Multi-Host Causality.. In NDSS ."},{"key":"e_1_3_2_2_24_1","unstructured":"Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013a. High Accuracy Attack Provenance via Binary-based Execution Partition.. In NDSS .  Kyu Hyung Lee Xiangyu Zhang and Dongyan Xu. 2013a. High Accuracy Attack Provenance via Binary-based Execution Partition.. In NDSS ."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_2_26_1","volume-title":"Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu.","author":"Ma Shiqing","year":"2015","unstructured":"Shiqing Ma , Kyu Hyung Lee , Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu. 2015 . Accurate, low cost and instrumentation-free security audit logging for windows. In ACM ACSAC. 401--410. Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu. 2015. Accurate, low cost and instrumentation-free security audit logging for windows. In ACM ACSAC. 401--410."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.47"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135830"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2011.257"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"crossref","unstructured":"Madhu Shashanka Min-Yi Shen and Jisheng Wang. 2016. User and entity behavior analytics for enterprise security. In 2016 IEEE Big Data . 1867--1874.  Madhu Shashanka Min-Yi Shen and Jisheng Wang. 2016. User and entity behavior analytics for enterprise security. In 2016 IEEE Big Data . 1867--1874.","DOI":"10.1109\/BigData.2016.7840805"},{"key":"e_1_3_2_2_34_1","volume-title":"I'm not a human: Breaking the Google reCAPTCHA. Black Hat,(i)","author":"Sivakorn Suphannee","year":"2016","unstructured":"Suphannee Sivakorn , Jason Polakis , and Angelos D Keromytis . 2016. I'm not a human: Breaking the Google reCAPTCHA. Black Hat,(i) ( 2016 ), 1--12. Suphannee Sivakorn, Jason Polakis, and Angelos D Keromytis. 2016. I'm not a human: Breaking the Google reCAPTCHA. Black Hat,(i) (2016), 1--12."},{"key":"e_1_3_2_2_35_1","unstructured":"Splunk. 2015. Splunk User Behavior Analytics. https:\/\/www.splunk.com\/en_us\/products\/premium-solutions\/user-behavior-analytics.html.  Splunk. 2015. Splunk User Behavior Analytics. https:\/\/www.splunk.com\/en_us\/products\/premium-solutions\/user-behavior-analytics.html."},{"key":"e_1_3_2_2_36_1","unstructured":"Byung-Chul Tak Chunqiang Tang Chun Zhang Sriram Govindan Bhuvan Urgaonkar and Rong N Chang. 2009. vPath: Precise Discovery of Request Processing Paths from Black-Box Observations of Thread and Network Activities.. In USENIX ATC .  Byung-Chul Tak Chunqiang Tang Chun Zhang Sriram Govindan Bhuvan Urgaonkar and Rong N Chang. 2009. vPath: Precise Discovery of Request Processing Paths from Black-Box Observations of Thread and Network Activities.. In USENIX ATC ."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1140103.1140280"},{"key":"e_1_3_2_2_38_1","unstructured":"Mike Tierney. 2015. The Rise of User Behavior Analytics. http:\/\/www.veriato.com\/company\/blog\/veriato-blog\/2015\/12\/15\/the-rise-of-user-behavior-analytics.  Mike Tierney. 2015. The Rise of User Behavior Analytics. http:\/\/www.veriato.com\/company\/blog\/veriato-blog\/2015\/12\/15\/the-rise-of-user-behavior-analytics."},{"key":"e_1_3_2_2_39_1","unstructured":"Roy Hodgman Tod Beardsley. 2015. RAPID 7 Research Report: Understanding User Behavior Analytics.  Roy Hodgman Tod Beardsley. 2015. RAPID 7 Research Report: Understanding User Behavior Analytics."},{"key":"e_1_3_2_2_40_1","unstructured":"Trustwave. 2015. Trustwave global security report. https:\/\/www2.trustwave.com\/rs\/815-RFM-693\/images\/2015_TrustwaveGlobalSecurityReport.pdf.  Trustwave. 2015. Trustwave global security report. https:\/\/www2.trustwave.com\/rs\/815-RFM-693\/images\/2015_TrustwaveGlobalSecurityReport.pdf."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"crossref","unstructured":"Melissa Turcotte and Juston Shane Moore. 2017. Technical Report LA-UR-17--21663: User Behavior Analytics.  Melissa Turcotte and Juston Shane Moore. 2017. Technical Report LA-UR-17--21663: User Behavior Analytics.","DOI":"10.2172\/1345176"},{"key":"e_1_3_2_2_42_1","unstructured":"VARONIS. 2016. User Behavior Analytics. https:\/\/www.varonis.com\/user-behavior-analytics\/.  VARONIS. 2016. User Behavior Analytics. https:\/\/www.varonis.com\/user-behavior-analytics\/."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851275.1851226"},{"key":"e_1_3_2_2_44_1","volume-title":"Science","volume":"321","author":"Ahn Luis Von","year":"2008","unstructured":"Luis Von Ahn , Benjamin Maurer , Colin McMillen , David Abraham , and Manuel Blum . 2008 . recaptcha: Human-based character recognition via web security measures . Science , Vol. 321 , 5895 (2008), 1465--1468. Luis Von Ahn, Benjamin Maurer, Colin McMillen, David Abraham, and Manuel Blum. 2008. recaptcha: Human-based character recognition via web security measures. Science , Vol. 321, 5895 (2008), 1465--1468."},{"volume-title":"Protecting Web Contents against Persistent Distributed Crawlers","author":"Wan Shengye","key":"e_1_3_2_2_45_1","unstructured":"Shengye Wan , Yue Li , and Kun Sun . 2017. Protecting Web Contents against Persistent Distributed Crawlers . In IEEE ICC . Shengye Wan, Yue Li, and Kun Sun. 2017. Protecting Web Contents against Persistent Distributed Crawlers. In IEEE ICC ."},{"key":"e_1_3_2_2_46_1","unstructured":"Zhang Xu Zhenyu Wu Zhichun Li Kangkook Jee Junghwan Rhee Xusheng Xiao Fengyuan Xu Haining Wang and Guofei Jiang. 2016. High fidelity data reduction for big data security dependency analyses. In ACM CCS .  Zhang Xu Zhenyu Wu Zhichun Li Kangkook Jee Junghwan Rhee Xusheng Xiao Fengyuan Xu Haining Wang and Guofei Jiang. 2016. High fidelity data reduction for big data security dependency analyses. In ACM CCS ."}],"event":{"name":"CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event USA","acronym":"CODASPY '21"},"container-title":["Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422337.3447831","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3422337.3447831","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:03:21Z","timestamp":1750197801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422337.3447831"}},"subtitle":["Enterprise User Tracking Based on OS-Level Audit Logs"],"short-title":[],"issued":{"date-parts":[[2021,4,26]]},"references-count":46,"alternative-id":["10.1145\/3422337.3447831","10.1145\/3422337"],"URL":"https:\/\/doi.org\/10.1145\/3422337.3447831","relation":{},"subject":[],"published":{"date-parts":[[2021,4,26]]},"assertion":[{"value":"2021-04-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}