{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T14:24:02Z","timestamp":1763562242199,"version":"3.45.0"},"reference-count":69,"publisher":"Association for Computing Machinery (ACM)","issue":"1","funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Things"],"published-print":{"date-parts":[[2026,2,28]]},"abstract":"\n In IoT platforms, devices and sensors can interact with each other via smart apps that utilize automation settings preconfigured by users, resulting in significant amounts of potential forensic data. Existing IoT forensic approaches can pinpoint relevant data sources for specific activities in smart environments using static code analysis and instrumentation techniques. However, recent IoT platforms like SmartThings no longer run application code on their infrastructure, making access to source code impossible for existing IoT forensic solutions. To bridge this gap, this paper introduces\n ForenThings<\/jats:italic>\n , an interactive framework for crime scene reconstruction in smart environments. The main idea is to convert each IoT device and smart app to a responsive agent, enabling them to participate in a forensic investigation of a security incident collaboratively. Instead of relying on static code analysis or instrumentation, ForenThings reconstructs the scene from the device and app events forwarded by the IoT platform. We develop a ForenThings prototype for the SmartThings platform and test its effectiveness for both normal scenarios and 12 real-world IoT attack scenarios. The evaluation shows that ForenThings can achieve 100% data provenance coverage in reconstructing various crime scenes in a smart environment with negligible runtime and resource overhead.\n <\/jats:p>","DOI":"10.1145\/3772067","type":"journal-article","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T11:56:11Z","timestamp":1760702171000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["ForenThings: An Interactive Framework for Crime Scene Reconstruction in IoT Forensics"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2570-9369","authenticated-orcid":false,"given":"Ehsan","family":"Khodayarseresht","sequence":"first","affiliation":[{"name":"Concordia Institute for Information Systems Engineering (CIISE), Concordia University","place":["Montreal, Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-7298-0144","authenticated-orcid":false,"given":"Sofya","family":"Smolyakova","sequence":"additional","affiliation":[{"name":"Concordia University","place":["Montreal, Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6376-4062","authenticated-orcid":false,"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[{"name":"Carleton University","place":["Ottawa, Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9744-5280","authenticated-orcid":false,"given":"Armin","family":"Mansouri","sequence":"additional","affiliation":[{"name":"Concordia University","place":["Montreal, Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6501-4214","authenticated-orcid":false,"given":"Suryadipta","family":"Majumdar","sequence":"additional","affiliation":[{"name":"Concordia University","place":["Montreal, Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3612-1934","authenticated-orcid":false,"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[{"name":"University of Padua","place":["Padova, Italy"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,19]]},"reference":[{"key":"e_1_3_3_2_2","first-page":"3390","volume-title":"Proceedings of the 2021 IEEE International Conference on Big Data (Big Data)","author":"Adkisson Mary","year":"2021","unstructured":"Mary Adkisson, Jeffrey C. Kimmell, Maanak Gupta, and Mahmoud Abdelsalam. 2021. Autoencoder-based anomaly detection in smart farming ecosystem. In Proceedings of the 2021 IEEE International Conference on Big Data (Big Data). IEEE, 3390\u20133399."},{"key":"e_1_3_3_3_2","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/SecDev61143.2024.00014","volume-title":"Proceedings of the 2024 IEEE Secure Development Conference (SecDev)","author":"Alam Mahbub","year":"2024","unstructured":"Mahbub Alam, Siwei Zhang, Eric Rodriguez, Akib Nafis, and Endadul Hoque. 2024. iConPAL: LLM-guided policy authoring assistant for configuring IoT defenses. In Proceedings of the 2024 IEEE Secure Development Conference (SecDev). IEEE, 76\u201392."},{"key":"e_1_3_3_4_2","volume-title":"Proceedings of the SCITEPRESS-Science and Technology Publications","author":"Alenezi Ahmed","year":"2019","unstructured":"Ahmed Alenezi, Hany Atlam, Reem Alsagri, Madini Alassafi, and Gary Wills. 2019. IoT forensics: A state-of-the-art review, callenges and future directions. In Proceedings of the SCITEPRESS-Science and Technology Publications."},{"key":"e_1_3_3_5_2","unstructured":"Any Python Tree Data 2023. Retrieved from https:\/\/anytree.readthedocs.io\/en\/latest\/index.html"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3054968"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108040"},{"key":"e_1_3_3_8_2","unstructured":"Leonardo Babun Amit Kumar Sikder Abbas Acar and A. Selcuk Uluagac. 2018. IoTdots: A digital forensics framework for smart environments. arXiv:1809.00745. Retrieved from https:\/\/arxiv.org\/abs\/1809.00745 (2018)."},{"key":"e_1_3_3_9_2","volume-title":"Proceedings of the Network and Distributed Systems Symposium","author":"Babun Leonardo","year":"2022","unstructured":"Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Uluagac. 2022. The truth shall set thee free: Enabling practical forensic capabilities in smart environments. In Proceedings of the Network and Distributed Systems Symposium."},{"key":"e_1_3_3_10_2","volume-title":"Proceedings of the Privacy Enhancing Technologies Symposium (PETS) 2021","author":"Celik Z. B.","year":"2021","unstructured":"Z. B. Celik, Patrick McDaniel, A. S. Uluagac, and Leonardo Babun. 2021. Real-time analysis of privacy-(un) aware IoT applications. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS) 2021."},{"key":"e_1_3_3_11_2","first-page":"1687","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security 18)","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18). 1687\u20131704."},{"key":"e_1_3_3_12_2","volume-title":"Proceedings of the NDSS","author":"Celik Z. Berkay","year":"2019","unstructured":"Z. Berkay Celik, Gang Tan, and Patrick D. McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT.. In Proceedings of the NDSS."},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1049\/sfw2.12071"},{"key":"e_1_3_3_14_2","first-page":"S15\u2013S25","article-title":"Digital forensic approaches for Amazon Alexa ecosystem","volume":"22","author":"Chung Hyunji","year":"2017","unstructured":"Hyunji Chung, Jungheum Park, and Sangjin Lee. 2017. Digital forensic approaches for Amazon Alexa ecosystem. Digital Investigation 22 (2017), S15\u2013S25.","journal-title":"Digital Investigation"},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3450268.3453533"},{"key":"e_1_3_3_16_2","unstructured":"Cypher Query Language 2023. Retrieved from https:\/\/neo4j.com\/developer\/cypher\/"},{"key":"e_1_3_3_17_2","article-title":"HomeGuardian: Detecting anomaly events in smart home systems","volume":"2022","author":"Dai Xuan","year":"2022","unstructured":"Xuan Dai, Jian Mao, Jiawei Li, Qixiao Lin, and Jianwei Liu. 2022. HomeGuardian: Detecting anomaly events in smart home systems. Wireless Communications and Mobile Computing 2022 (2022), 8022033.","journal-title":"Wireless Communications and Mobile Computing"},{"key":"e_1_3_3_18_2","volume-title":"Infrastructure Monitoring with Amazon CloudWatch","author":"Diagboya Ewere","year":"2021","unstructured":"Ewere Diagboya. 2021. Infrastructure Monitoring with Amazon CloudWatch. Packt Publishing."},{"key":"e_1_3_3_19_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Ding Wenbo","year":"2021","unstructured":"Wenbo Ding, Hongxin Hu, and Long Cheng. 2021. IOTSAFE: Enforcing safety and security policy withreal IoT physical interaction discovery. In Proceedings of the Network and Distributed System Security Symposium."},{"key":"e_1_3_3_20_2","unstructured":"distilbert-base-uncased 2023. Retrieved from https:\/\/huggingface.co\/distilbert-base-uncased"},{"key":"e_1_3_3_21_2","doi-asserted-by":"crossref","first-page":"636","DOI":"10.1109\/SP.2016.44","volume-title":"Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP)","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 636\u2013654."},{"key":"e_1_3_3_22_2","first-page":"531","volume-title":"Proceedings of the 25th USENIX security symposium (USENIX Security 16)","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the 25th USENIX security symposium (USENIX Security 16). 531\u2013548."},{"key":"e_1_3_3_23_2","unstructured":"Fiddler Classic 2022. Retrieved from https:\/\/www.telerik.com\/fiddler\/fiddler-classic"},{"key":"e_1_3_3_24_2","unstructured":"Flair Framework 2023. Retrieved from https:\/\/flairnlp.github.io\/"},{"key":"e_1_3_3_25_2","article-title":"Flow interaction graph analysis: Unknown encrypted malicious traffic detection","author":"Fu Chuanpu","year":"2024","unstructured":"Chuanpu Fu, Qi Li, and Ke Xu. 2024. Flow interaction graph analysis: Unknown encrypted malicious traffic detection. IEEE\/ACM Transactions on Networking 32, 4 (2024), 2972\u20132987.","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"e_1_3_3_26_2","first-page":"4223","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security 21)","author":"Fu Chenglong","year":"2021","unstructured":"Chenglong Fu, Qiang Zeng, and Xiaojiang Du. 2021. \\(\\lbrace\\) HAWatcher \\(\\rbrace\\) : \\(\\lbrace\\) Semantics-aware \\(\\rbrace\\) anomaly detection for appified smart homes. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 21). 4223\u20134240."},{"key":"e_1_3_3_27_2","first-page":"639","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security 18)","author":"Gao Peng","year":"2018","unstructured":"Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal. 2018. \\(\\lbrace\\) SAQL \\(\\rbrace\\) : A stream-based query system for \\(\\lbrace\\) Real-time \\(\\rbrace\\) abnormal system behavior detection. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18). 639\u2013656."},{"key":"e_1_3_3_28_2","unstructured":"Graphviz 2023. Retrieved from https:\/\/pypi.org\/project\/graphviz\/"},{"key":"e_1_3_3_29_2","doi-asserted-by":"crossref","first-page":"1172","DOI":"10.1109\/SP40000.2020.00096","volume-title":"Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP)","author":"Hassan Wajih Ul","year":"2020","unstructured":"Wajih Ul Hassan, Adam Bates, and Daniel Marino. 2020. Tactical provenance analysis for endpoint detection and response systems. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1172\u20131189."},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"e_1_3_3_31_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Hassan Wajih Ul","year":"2020","unstructured":"Wajih Ul Hassan, Mohammad Ali Noureddine, Pubali Datta, and Adam Bates. 2020. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In Proceedings of the Network and Distributed System Security Symposium."},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897886"},{"key":"e_1_3_3_33_2","unstructured":"IoTFlow Implementation 2024. Retrieved from https:\/\/github.com\/SecPriv\/iotflow"},{"key":"e_1_3_3_34_2","first-page":"2","volume-title":"Proceedings of the NDSS","volume":"2","author":"Jia Yunhan Jack","year":"2017","unstructured":"Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash, and SJ Unviersity. 2017. ContexloT: Towards providing contextual integrity to appified IoT platforms.. In Proceedings of the NDSS, Vol. 2. San Diego, 2\u20132."},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2022.10.119"},{"issue":"14","key":"e_1_3_3_36_2","doi-asserted-by":"crossref","first-page":"13056","DOI":"10.1109\/JIOT.2023.3259975","article-title":"Public blockchain-based data integrity verification for low-power IoT devices","volume":"10","author":"Khor Jing Huey","year":"2023","unstructured":"Jing Huey Khor, Michail Sidorov, Ming Tze Ong, and Shen Yik Chua. 2023. Public blockchain-based data integrity verification for low-power IoT devices. IEEE Internet of Things Journal 10, 14 (2023), 13056\u201313064.","journal-title":"IEEE Internet of Things Journal"},{"key":"e_1_3_3_37_2","article-title":"Optimizing logging and monitoring in heterogeneous cloud environments for IoT and edge applications","author":"Kim Changjong","year":"2023","unstructured":"Changjong Kim and Sunggon Kim. 2023. Optimizing logging and monitoring in heterogeneous cloud environments for IoT and edge applications. IEEE Internet of Things Journal 10, 24 (2023), 22611\u201322622.","journal-title":"IEEE Internet of Things Journal"},{"key":"e_1_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.03.042"},{"key":"e_1_3_3_39_2","first-page":"4","volume-title":"Proceedings of the NDSS","volume":"2","author":"Kwon Yonghwi","year":"2018","unstructured":"Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela F. Ciocarlie, Ashish Gehani, and V. Yegneswaran. 2018. MCI: Modeling-based causality inference in audit logging for attack investigation. In Proceedings of the NDSS, Vol. 2. 4."},{"key":"e_1_3_3_40_2","volume-title":"Proceedings of the NDSS","volume":"16","author":"Lee Kyu Hyung","year":"2013","unstructured":"Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. High accuracy attack provenance via binary-based execution partition. In Proceedings of the NDSS, Vol. 16."},{"key":"e_1_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2019.2927431"},{"key":"e_1_3_3_42_2","first-page":"1111","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security 17)","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. \\(\\lbrace\\) MPI \\(\\rbrace\\) : Multiple perspective attack investigation with semantic aware execution partitioning. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17). 1111\u20131128."},{"key":"e_1_3_3_43_2","article-title":"SmartTracer: Anomaly-driven provenance analysis based on device correlation in smart home systems","author":"Mao Jian","year":"2023","unstructured":"Jian Mao, Qixiao Lin, Shishi Zhu, Liran Ma, and Jianwei Liu. 2023. SmartTracer: Anomaly-driven provenance analysis based on device correlation in smart home systems. IEEE Internet of Things Journal 11, 4 (2023), 5731\u20135744.","journal-title":"IEEE Internet of Things Journal"},{"key":"e_1_3_3_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"e_1_3_3_45_2","doi-asserted-by":"crossref","first-page":"1137","DOI":"10.1109\/SP.2019.00026","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP)","author":"Milajerdi Sadegh M.","year":"2019","unstructured":"Sadegh M. Milajerdi, Rigel Gjomemo, Birhanu Eshete, Ramachandran Sekar, and VN Venkatakrishnan. 2019. Holmes: Real-time apt detection through correlation of suspicious information flows. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1137\u20131152."},{"issue":"11","key":"e_1_3_3_46_2","doi-asserted-by":"crossref","first-page":"8298","DOI":"10.1109\/TII.2022.3152814","article-title":"An advanced computing approach for IoT-botnet detection in industrial Internet of Things","volume":"18","author":"Nguyen Tu N.","year":"2022","unstructured":"Tu N. Nguyen, Quoc-Dung Ngo, Huy-Trung Nguyen, and Giang Long Nguyen. 2022. An advanced computing approach for IoT-botnet detection in industrial Internet of Things. IEEE Transactions on Industrial Informatics 18, 11 (2022), 8298\u20138306.","journal-title":"IEEE Transactions on Industrial Informatics"},{"key":"e_1_3_3_47_2","unstructured":"openHAB Logging 2023. Retrieved from https:\/\/www.openhab.org\/docs\/administration\/logging.html"},{"key":"e_1_3_3_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560644"},{"key":"e_1_3_3_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"e_1_3_3_50_2","unstructured":"Platfrom Architecture 2024. Retrieved from https:\/\/developer.smartthings.com\/docs\/getting-started\/architecture-of-smartthings"},{"key":"e_1_3_3_51_2","unstructured":"PROV-Overview 2023. Retrieved from https:\/\/www.w3.org\/TR\/prov-overview\/"},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2022.301441"},{"key":"e_1_3_3_53_2","doi-asserted-by":"crossref","unstructured":"Gerard Salton Anita Wong and Chung-Shu Yang. 1975. A vector space model for automatic indexing. Communications of the ACM 18 11 (1975) 613\u2013620.","DOI":"10.1145\/361219.361220"},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623211"},{"key":"e_1_3_3_55_2","first-page":"397","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security 17)","author":"Sikder Amit Kumar","year":"2017","unstructured":"Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. \\(\\lbrace\\) 6thSense \\(\\rbrace\\) : A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17). 397\u2013414."},{"key":"e_1_3_3_56_2","unstructured":"SmartThings 2022. Retrieved from https:\/\/www.smartthings.com\/"},{"key":"e_1_3_3_57_2","unstructured":"SmartThings API 2022. Retrieved from https:\/\/developer-preview.smartthings.com\/docs\/api\/public"},{"key":"e_1_3_3_58_2","unstructured":"SmartThings Groovy IDE 2022. Retrieved from https:\/\/graph.api.smartthings.com\/"},{"key":"e_1_3_3_59_2","unstructured":"SmartThings Open-Source Smart Apps 2023. Retrieved from https:\/\/github.com\/SmartThingsCommunity\/SmartThingsPublic"},{"key":"e_1_3_3_60_2","unstructured":"SmartThings SmartApp Basics 2022. Retrieved from https:\/\/developer-preview.smartthings.com\/docs\/connected-services\/smartapp-basics"},{"key":"e_1_3_3_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2962586"},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345662"},{"key":"e_1_3_3_63_2","volume-title":"Proceedings of the Network and Distributed Systems Symposium","author":"Wang Qi","year":"2018","unstructured":"Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and logging in the internet of things. In Proceedings of the Network and Distributed Systems Symposium."},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484551"},{"key":"e_1_3_3_65_2","volume-title":"Proceedings of the NDSS","author":"Yang Runqing","year":"2020","unstructured":"Runqing Yang, Shiqing Ma, Haitao Xu, Xiangyu Zhang, and Yan Chen. 2020. UIScope: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications.. In Proceedings of the NDSS."},{"key":"e_1_3_3_66_2","volume-title":"Proceedings of the NDSS","author":"Yu Le","year":"2021","unstructured":"Le Yu, Shiqing Ma, Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, Dongyan Xu, Vincent E. Urias, Han Wei Lin, Gabriela F. Ciocarlie, Vinod Yegneswaran, and Ashish Gehani. 2021. ALchemist: Fusing application and audit logs for precise attack provenance without instrumentation.. In Proceedings of the NDSS."},{"key":"e_1_3_3_67_2","doi-asserted-by":"publisher","DOI":"10.5555\/3698900.3698996"},{"key":"e_1_3_3_68_2","article-title":"Smartpatch: Verifying the authenticity of the trigger-event in the IoT platform","author":"Yuan Bin","year":"2022","unstructured":"Bin Yuan, Yuhan Wu, Maogen Yang, Luyi Xing, Xuchang Wang, Deqing Zou, and Hai Jin. 2022. Smartpatch: Verifying the authenticity of the trigger-event in the IoT platform. IEEE Transactions on Dependable and Secure Computing 20, 2 (2022), 1656\u20131674.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576842.3589161"},{"key":"e_1_3_3_70_2","article-title":"IB-IADR: Enabling identity-based integrity auditing and data recovery with fault localization for multi-cloud storage","author":"Zhao Jie","year":"2024","unstructured":"Jie Zhao, Hejiao Huang, Daojing He, Xiaojun Zhang, Yuan Zhang, and Kim-Kwang Raymond Choo. 2024. IB-IADR: Enabling identity-based integrity auditing and data recovery with fault localization for multi-cloud storage. IEEE Internet of Things Journal 11, 16 (2024), 27214\u201327231.","journal-title":"IEEE Internet of Things Journal"}],"container-title":["ACM Transactions on Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772067","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T14:20:18Z","timestamp":1763562018000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772067"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":69,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2,28]]}},"alternative-id":["10.1145\/3772067"],"URL":"https:\/\/doi.org\/10.1145\/3772067","relation":{},"ISSN":["2691-1914","2577-6207"],"issn-type":[{"type":"print","value":"2691-1914"},{"type":"electronic","value":"2577-6207"}],"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2024-02-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-21","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-11-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}