{"id":"https://openalex.org/W3185045103","doi":"https://doi.org/10.1109/infocomwkshps51825.2021.9484532","title":"ACTracker: A Fast and Efficient Attack Investigation Method Based on Event Causality","display_name":"ACTracker: A Fast and Efficient Attack Investigation Method Based on Event Causality","publication_year":2021,"publication_date":"2021-05-10","ids":{"openalex":"https://openalex.org/W3185045103","doi":"https://doi.org/10.1109/infocomwkshps51825.2021.9484532","mag":"3185045103"},"language":"en","primary_location":{"id":"doi:10.1109/infocomwkshps51825.2021.9484532","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocomwkshps51825.2021.9484532","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001479442","display_name":"Erteng Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Erteng Hu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048592388","display_name":"Anmin Fu","orcid":"https://orcid.org/0000-0002-1632-5737"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Anmin Fu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100764274","display_name":"Zhiyi Zhang","orcid":"https://orcid.org/0000-0003-0442-5885"},"institutions":[{"id":"https://openalex.org/I4210164386","display_name":"Hebei Science and Technology Department","ror":"https://ror.org/05k812a28","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210164386"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhiyi Zhang","raw_affiliation_strings":["Science and Technology on Communication Networks Laboratory, Shijiazhuang, China"],"affiliations":[{"raw_affiliation_string":"Science and Technology on Communication Networks Laboratory, Shijiazhuang, China","institution_ids":["https://openalex.org/I4210164386"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100697216","display_name":"Lin\u2010Jie Zhang","orcid":"https://orcid.org/0000-0001-6702-8313"},"institutions":[{"id":"https://openalex.org/I4210164386","display_name":"Hebei Science and Technology Department","ror":"https://ror.org/05k812a28","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210164386"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linjie Zhang","raw_affiliation_strings":["Science and Technology on Communication Networks Laboratory, Shijiazhuang, China"],"affiliations":[{"raw_affiliation_string":"Science and Technology on Communication Networks Laboratory, Shijiazhuang, China","institution_ids":["https://openalex.org/I4210164386"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047185733","display_name":"Yantao Guo","orcid":"https://orcid.org/0000-0002-0272-784X"},"institutions":[{"id":"https://openalex.org/I4210164386","display_name":"Hebei Science and Technology Department","ror":"https://ror.org/05k812a28","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210164386"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yantao Guo","raw_affiliation_strings":["Science and Technology on Communication Networks Laboratory, Shijiazhuang, China"],"affiliations":[{"raw_affiliation_string":"Science and Technology on Communication Networks Laboratory, Shijiazhuang, China","institution_ids":["https://openalex.org/I4210164386"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100411655","display_name":"Yin Liu","orcid":"https://orcid.org/0000-0002-0408-5967"},"institutions":[{"id":"https://openalex.org/I4210164386","display_name":"Hebei Science and Technology Department","ror":"https://ror.org/05k812a28","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210164386"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yin Liu","raw_affiliation_strings":["Science and Technology on Communication Networks Laboratory, Shijiazhuang, China"],"affiliations":[{"raw_affiliation_string":"Science and Technology on Communication Networks Laboratory, Shijiazhuang, China","institution_ids":["https://openalex.org/I4210164386"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5001479442"],"corresponding_institution_ids":["https://openalex.org/I36399199"],"apc_list":null,"apc_paid":null,"fwci":0.1528,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.49628731,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7692756652832031},{"id":"https://openalex.org/keywords/causality","display_name":"Causality (physics)","score":0.7321407794952393},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5673671364784241},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.526495635509491},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.5202149748802185},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.5186497569084167},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.5135000348091125},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5112929344177246},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.508820116519928},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4522847831249237},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43766412138938904},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.42039209604263306},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3672282099723816},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2282629907131195},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.10768324136734009}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7692756652832031},{"id":"https://openalex.org/C64357122","wikidata":"https://www.wikidata.org/wiki/Q1149766","display_name":"Causality (physics)","level":2,"score":0.7321407794952393},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5673671364784241},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.526495635509491},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.5202149748802185},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.5186497569084167},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.5135000348091125},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5112929344177246},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.508820116519928},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4522847831249237},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43766412138938904},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42039209604263306},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3672282099723816},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2282629907131195},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.10768324136734009},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infocomwkshps51825.2021.9484532","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocomwkshps51825.2021.9484532","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320313559","display_name":"CERN","ror":"https://ror.org/01ggx4157"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W196083541","https://openalex.org/W1969381345","https://openalex.org/W1978502884","https://openalex.org/W2052569240","https://openalex.org/W2518012597","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2946156608","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2962785074","https://openalex.org/W2978956219","https://openalex.org/W3007878096","https://openalex.org/W3016038045","https://openalex.org/W3036196948","https://openalex.org/W3093703327","https://openalex.org/W3099203541","https://openalex.org/W4205777466"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W2327631927","https://openalex.org/W2093568763","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202"],"abstract_inverted_index":{"The":[0,175],"emerging":[1],"advanced":[2],"persistent":[3],"threats":[4],"(APT)":[5],"have":[6],"become":[7,61],"a":[8,62,70,81,108,132,170,188],"significant":[9],"threat":[10,87],"to":[11,40,58,139,141,152],"enterprise":[12],"network":[13,146],"security.":[14],"Carrying":[15],"out":[16],"the":[17,23,27,34,37,78,99,112,118,126,157,161],"attack's":[18],"causality":[19,45,75,113],"analysis":[20,46],"can":[21,182],"help":[22],"cyber":[24],"analyst":[25],"understand":[26,59],"APT":[28],"attack":[29,50,74,185],"process":[30],"and":[31,47,72,89,148],"safely":[32],"recover":[33],"system":[35,167],"from":[36],"attack.":[38],"How":[39],"quickly":[41,106],"perform":[42],"an":[43,49],"efficient":[44,73],"generate":[48],"dependency":[51,109],"graph":[52,84,110],"that":[53,179],"is":[54],"easy":[55],"for":[56],"analysts":[57],"has":[60],"problem.":[63],"In":[64],"this":[65],"paper,":[66],"we":[67],"propose":[68],"ACTracker,":[69],"fast":[71],"tracker.":[76],"Firstly,":[77],"tracker":[79],"generates":[80],"complete":[82],"provenance":[83,93,123,127],"based":[85,97,155],"on":[86,98,156],"alert":[88],"then":[90],"calculates":[91],"each":[92,103,122,153],"path's":[94],"anomaly":[95,100,119,150],"score":[96,101],"of":[102,114,121,136,144,172],"event.":[104],"ACTracker":[105],"constructs":[107],"describing":[111],"attacks":[115],"by":[116,168],"considering":[117],"degree":[120],"path":[124],"in":[125,160,187],"graph.":[128],"We":[129,164],"also":[130],"design":[131],"novel":[133],"statistical":[134],"method":[135],"event":[137,154],"frequency":[138],"adapt":[140],"different":[142],"scales":[143],"corporate":[145],"environments":[147],"assign":[149],"scores":[151],"event's":[158],"rarity":[159],"current":[162],"environment.":[163],"evaluate":[165],"our":[166,180],"simulating":[169],"variety":[171],"real-world":[173],"attacks.":[174],"experimental":[176],"results":[177],"show":[178],"solution":[181],"effectively":[183],"track":[184],"activities":[186],"short":[189],"time.":[190]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}