{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:16:54Z","timestamp":1763968614255,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3679048","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"263-277","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["AudiTrim: A Real-time, General, Efficient, and Low-overhead Data Compaction System for Intrusion Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-4084-2397","authenticated-orcid":false,"given":"Hongbin","family":"Sun","sequence":"first","affiliation":[{"name":"Zhongguancun Laboratory, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7094-8890","authenticated-orcid":false,"given":"Su","family":"Wang","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6587-820X","authenticated-orcid":false,"given":"Zhiliang","family":"Wang","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-3674-8100","authenticated-orcid":false,"given":"Zheyu","family":"Jiang","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0807-5934","authenticated-orcid":false,"given":"Dongqi","family":"Han","sequence":"additional","affiliation":[{"name":"Beijing University of Posts and Telecommunications, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6109-6737","authenticated-orcid":false,"given":"Jiahai","family":"Yang","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. MITRE ATT&CK. https:\/\/attack.mitre.org\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2021. Event Tracing for Windows (ETW). https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/event-tracing-for-windows\u2013etw-."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. Linux Kernel Audit Subsystem. https:\/\/github.com\/linux-audit\/audit-kernel."},{"key":"e_1_3_2_1_4_1","volume-title":"11th International Workshop on Theory and Practice of Provenance (TaPP 2019","author":"Barre Mathieu","year":"2019","unstructured":"Mathieu Barre, Ashish Gehani, and Vinod Yegneswaran. 2019. Mining Data Provenance to Detect Advanced Persistent Threats. In 11th International Workshop on Theory and Practice of Provenance (TaPP 2019). USENIX Association, Philadelphia, PA. https:\/\/www.usenix.org\/conference\/tapp2019\/presentation\/barre"},{"key":"e_1_3_2_1_5_1","volume-title":"11th International Workshop on Theory and Practice of Provenance (TaPP 2019","author":"Berrada Ghita","year":"2019","unstructured":"Ghita Berrada and James Cheney. 2019. Aggregating unsupervised provenance anomaly detectors. In 11th International Workshop on Theory and Practice of Provenance (TaPP 2019). USENIX Association, Philadelphia, PA. https:\/\/www.usenix.org\/conference\/tapp2019\/presentation\/berrada"},{"key":"e_1_3_2_1_6_1","volume-title":"Practical Intrusion Detection and Investigation using Whole-system Provenance. arXiv preprint arXiv:2308.05034","author":"Cheng Zijun","year":"2023","unstructured":"Zijun Cheng, Qiujian Lv, Jinyuan Liang, Yan Wang, Degang Sun, Thomas Pasquier, and Xueyuan Han. 2023. Kairos:: Practical Intrusion Detection and Investigation using Whole-system Provenance. arXiv preprint arXiv:2308.05034 (2023)."},{"volume-title":"The Case for Learned Provenance Graph Storage Systems","author":"Ding Hailun","key":"e_1_3_2_1_7_1","unstructured":"Hailun Ding, Juan Zhai, Dong Deng, and Shiqing Ma. 2023. The Case for Learned Provenance Graph Storage Systems. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/ding-hailun-provenance"},{"key":"e_1_3_2_1_8_1","volume-title":"DISTDET: A Cost-Effective Distributed Cyber Threat Detection System","author":"Dong Feng","year":"2023","unstructured":"Feng Dong, Liu Wang, Xu Nie, Fei Shao, Haoyu Wang, Ding Li, Xiapu Luo, and Xusheng Xiao. 2023. DISTDET: A Cost-Effective Distributed Cyber Threat Detection System. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/dong-feng"},{"key":"e_1_3_2_1_9_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Fang Pengcheng","year":"2022","unstructured":"Pengcheng Fang, Peng Gao, Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang\u00a0Fanny Ye, Zhuotao Liu, and Xusheng Xiao. 2022. { Back-Propagating} System Dependency Impact for Attack Investigation. In 31st USENIX Security Symposium (USENIX Security 22). 2461\u20132478."},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security Symposium. 2987\u20133004","author":"Fei Peng","year":"2021","unstructured":"Peng Fei, Zhou Li, Zhiying Wang, Xiao Yu, Ding Li, and Kangkook Jee. 2021. SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression.. In USENIX Security Symposium. 2987\u20133004."},{"volume-title":"Data compression and database performance","author":"Graefe Goetz","key":"e_1_3_2_1_11_1","unstructured":"Goetz Graefe and Leonard\u00a0D Shapiro. 1990. Data compression and database performance. University of Colorado, Boulder, Department of Computer Science."},{"key":"e_1_3_2_1_12_1","volume-title":"Inductive representation learning on large graphs. Advances in neural information processing systems 30","author":"Hamilton Will","year":"2017","unstructured":"Will Hamilton, Zhitao Ying, and Jure Leskovec. 2017. Inductive representation learning on large graphs. Advances in neural information processing systems 30 (2017)."},{"key":"e_1_3_2_1_13_1","volume-title":"Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Han Xueyuan","year":"2020","unstructured":"Xueyuan Han, Thomas F.\u00a0J.-M. Pasquier, Adam Bates, James Mickens, and Margo\u00a0I. Seltzer. 2020. Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/unicorn-runtime-provenance-based-detector-for-advanced-persistent-threats\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"e_1_3_2_1_16_1","volume-title":"NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Hassan Wajih\u00a0Ul","year":"2019","unstructured":"Wajih\u00a0Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/nodoze-combatting-threat-alert-fatigue-with-automated-provenance-triage\/"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Wajih\u00a0Ul Hassan Mohammad\u00a0Ali Noureddine Pubali Datta and Adam Bates. 2020. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In Network and distributed system security symposium.","DOI":"10.14722\/ndss.2020.24270"},{"key":"e_1_3_2_1_18_1","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Hossain Md\u00a0Nahid","year":"2017","unstructured":"Md\u00a0Nahid Hossain, Sadegh\u00a0M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott\u00a0D. Stoller, and V.\u00a0N. Venkatakrishnan. 2017. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 487\u2013504. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/hossain"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"e_1_3_2_1_20_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Hossain Md\u00a0Nahid","year":"2018","unstructured":"Md\u00a0Nahid Hossain, Junao Wang, Ofir Weisse, R Sekar, Daniel Genkin, Boyuan He, Scott\u00a0D Stoller, Gan Fang, Frank Piessens, Evan Downing, 2018. { Dependence-Preserving} data compaction for scalable forensic analysis. In 27th USENIX Security Symposium (USENIX Security 18). 1723\u20131740."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/JRPROC.1952.273898"},{"key":"e_1_3_2_1_22_1","unstructured":"Kyu Hyung Xiangyu Zhang and Dongyan Xu. 2013. High Accuracy Attack Provenance via Binary-based Execution Partition.. In NDSS Vol.\u00a016."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179405"},{"key":"e_1_3_2_1_24_1","volume-title":"MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation.. In NDSS, Vol.\u00a02. 4.","author":"Kwon Yonghwi","year":"2018","unstructured":"Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu\u00a0Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela\u00a0F Ciocarlie, 2018. MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation.. In NDSS, Vol.\u00a02. 4."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_1_26_1","volume-title":"USENIX Security Symposium. 1111\u20131128","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma, Juan Zhai, Fei Wang, Kyu\u00a0Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning.. In USENIX Security Symposium. 1111\u20131128."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939783"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427272"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00139"},{"key":"e_1_3_2_1_34_1","volume-title":"Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks. arXiv preprint arXiv:1905.12590","author":"Shen Yun","year":"2019","unstructured":"Yun Shen and Gianluca Stringhini. 2019. Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks. arXiv preprint arXiv:1905.12590 (2019)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"e_1_3_2_1_36_1","volume-title":"Advanced persistent threats and how to monitor and deter them. Network security","author":"Tankard Colin","year":"2011","unstructured":"Colin Tankard. 2011. Advanced persistent threats and how to monitor and deter them. Network security 2011, 8 (2011), 16\u201319."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3208815"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2971484"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833632"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"e_1_3_2_1_42_1","volume-title":"PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding","author":"Yang Fan","year":"2023","unstructured":"Fan Yang, Jiacen Xu, Chunlin Xiong, Zhou Li, and Kehuan Zhang. 2023. PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/yang-fan"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Le Yu Shiqing Ma Zhuo Zhang Guanhong Tao Xiangyu Zhang Dongyan Xu Vincent\u00a0E Urias Han\u00a0Wei Lin Gabriela\u00a0F Ciocarlie Vinod Yegneswaran 2021. ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation.. In NDSS.","DOI":"10.14722\/ndss.2021.24445"},{"key":"e_1_3_2_1_44_1","volume-title":"WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.. In NDSS.","author":"Zeng Jun","year":"2021","unstructured":"Jun Zeng, Zheng\u00a0Leong Chua, Yinfang Chen, Kaihang Ji, Zhenkai Liang, and Jian Mao. 2021. WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.. In NDSS."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3076288"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID '24","location":"Padua Italy"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3679048","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3679048","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3679048"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":46,"alternative-id":["10.1145\/3678890.3679048","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3679048","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}