{"id":"https://openalex.org/W2889379876","doi":"https://doi.org/10.1109/tdsc.2018.2867595","title":"Pagoda: A Hybrid Approach to Enable Efficient Real-Time Provenance Based Intrusion Detection in Big Data Environments","display_name":"Pagoda: A Hybrid Approach to Enable Efficient Real-Time Provenance Based Intrusion Detection in Big Data Environments","publication_year":2018,"publication_date":"2018-08-29","ids":{"openalex":"https://openalex.org/W2889379876","doi":"https://doi.org/10.1109/tdsc.2018.2867595","mag":"2889379876"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2018.2867595","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2018.2867595","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://escholarship.org/uc/item/9sq6p8dn","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054468864","display_name":"Yulai Xie","orcid":"https://orcid.org/0000-0001-5757-4396"},"institutions":[{"id":"https://openalex.org/I4210138186","display_name":"Wuhan National Laboratory for Optoelectronics","ror":"https://ror.org/03c9ncn37","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210138186"]},{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yulai Xie","raw_affiliation_strings":["Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"],"affiliations":[{"raw_affiliation_string":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China","institution_ids":["https://openalex.org/I4210138186","https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057421680","display_name":"Dan Feng","orcid":"https://orcid.org/0000-0002-4674-6006"},"institutions":[{"id":"https://openalex.org/I4210138186","display_name":"Wuhan National Laboratory for Optoelectronics","ror":"https://ror.org/03c9ncn37","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210138186"]},{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Feng","raw_affiliation_strings":["Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"],"affiliations":[{"raw_affiliation_string":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China","institution_ids":["https://openalex.org/I4210138186","https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065831190","display_name":"Yuchong Hu","orcid":"https://orcid.org/0000-0003-1265-7141"},"institutions":[{"id":"https://openalex.org/I4210138186","display_name":"Wuhan National Laboratory for Optoelectronics","ror":"https://ror.org/03c9ncn37","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210138186"]},{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuchong Hu","raw_affiliation_strings":["Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China"],"affiliations":[{"raw_affiliation_string":"Wuhan National Laboratory for Optoelectronics, School of Computer, Huazhong University of Science and Technology, Wuhan, P.R. China","institution_ids":["https://openalex.org/I4210138186","https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100760409","display_name":"Li Yan","orcid":"https://orcid.org/0000-0002-9746-6274"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yan Li","raw_affiliation_strings":["TuneUp.ai in San Francisco Bay Area, CA, USA"],"affiliations":[{"raw_affiliation_string":"TuneUp.ai in San Francisco Bay Area, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064448638","display_name":"Staunton Sample","orcid":null},"institutions":[{"id":"https://openalex.org/I185103710","display_name":"University of California, Santa Cruz","ror":"https://ror.org/03s65by71","country_code":"US","type":"education","lineage":["https://openalex.org/I185103710"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Staunton Sample","raw_affiliation_strings":["Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA"],"affiliations":[{"raw_affiliation_string":"Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA","institution_ids":["https://openalex.org/I185103710"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029994088","display_name":"Darrell D. E. Long","orcid":"https://orcid.org/0000-0002-0822-0740"},"institutions":[{"id":"https://openalex.org/I185103710","display_name":"University of California, Santa Cruz","ror":"https://ror.org/03s65by71","country_code":"US","type":"education","lineage":["https://openalex.org/I185103710"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Darrell Long","raw_affiliation_strings":["Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA"],"affiliations":[{"raw_affiliation_string":"Jack Baskin School of Engineering, University of California, Santa Cruz, CA, USA","institution_ids":["https://openalex.org/I185103710"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5054468864"],"corresponding_institution_ids":["https://openalex.org/I4210138186","https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":2.5397,"has_fulltext":false,"cited_by_count":69,"citation_normalized_percentile":{"value":0.90475352,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"17","issue":"6","first_page":"1283","last_page":"1296"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8027661442756653},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7203617095947266},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.627437949180603},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.47917547821998596},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.47483307123184204},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4576820433139801},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4363703429698944},{"id":"https://openalex.org/keywords/pagoda","display_name":"Pagoda","score":0.41392824053764343},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.1986556053161621},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.1135500967502594},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.09620204567909241}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8027661442756653},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7203617095947266},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.627437949180603},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.47917547821998596},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47483307123184204},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4576820433139801},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4363703429698944},{"id":"https://openalex.org/C2780334700","wikidata":"https://www.wikidata.org/wiki/Q7124395","display_name":"Pagoda","level":2,"score":0.41392824053764343},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.1986556053161621},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.1135500967502594},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.09620204567909241},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tdsc.2018.2867595","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2018.2867595","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:escholarship.org:ark:/13030/qt9sq6p8dn","is_oa":true,"landing_page_url":"https://escholarship.org/uc/item/9sq6p8dn","pdf_url":null,"source":{"id":"https://openalex.org/S4306400115","display_name":"eScholarship (California Digital Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801248553","host_organization_name":"California Digital Library","host_organization_lineage":["https://openalex.org/I2801248553"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing, vol 17, iss 6","raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:escholarship.org:ark:/13030/qt9sq6p8dn","is_oa":true,"landing_page_url":"https://escholarship.org/uc/item/9sq6p8dn","pdf_url":null,"source":{"id":"https://openalex.org/S4306400115","display_name":"eScholarship (California Digital Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801248553","host_organization_name":"California Digital Library","host_organization_lineage":["https://openalex.org/I2801248553"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing, vol 17, iss 6","raw_type":"article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2184068523","display_name":null,"funder_award_id":"U1705261","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2413230818","display_name":null,"funder_award_id":"61821003","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":70,"referenced_works":["https://openalex.org/W17915278","https://openalex.org/W71388611","https://openalex.org/W111228695","https://openalex.org/W168132470","https://openalex.org/W169514714","https://openalex.org/W1444906800","https://openalex.org/W1495925570","https://openalex.org/W1496741998","https://openalex.org/W1543388142","https://openalex.org/W1552694902","https://openalex.org/W1559528097","https://openalex.org/W1575826986","https://openalex.org/W1583975142","https://openalex.org/W1585799956","https://openalex.org/W1858703999","https://openalex.org/W1883937078","https://openalex.org/W1941427975","https://openalex.org/W1973841765","https://openalex.org/W2009232481","https://openalex.org/W2016701760","https://openalex.org/W2038296020","https://openalex.org/W2049559208","https://openalex.org/W2066495802","https://openalex.org/W2081276694","https://openalex.org/W2093406244","https://openalex.org/W2096347345","https://openalex.org/W2106649514","https://openalex.org/W2123886726","https://openalex.org/W2126091978","https://openalex.org/W2129860818","https://openalex.org/W2139325411","https://openalex.org/W2170646878","https://openalex.org/W2291470926","https://openalex.org/W2293351723","https://openalex.org/W2295705535","https://openalex.org/W2295709271","https://openalex.org/W2397699236","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2604395162","https://openalex.org/W2614510834","https://openalex.org/W2747669027","https://openalex.org/W2751844787","https://openalex.org/W2752255600","https://openalex.org/W2790316935","https://openalex.org/W2792591096","https://openalex.org/W2912412735","https://openalex.org/W2963232610","https://openalex.org/W2963807402","https://openalex.org/W2964145825","https://openalex.org/W3101089035","https://openalex.org/W4205777466","https://openalex.org/W4255411440","https://openalex.org/W6600727874","https://openalex.org/W6602838686","https://openalex.org/W6606968511","https://openalex.org/W6628457668","https://openalex.org/W6629688422","https://openalex.org/W6632547301","https://openalex.org/W6634453735","https://openalex.org/W6634829514","https://openalex.org/W6678841256","https://openalex.org/W6696473490","https://openalex.org/W6712595259","https://openalex.org/W6713582119","https://openalex.org/W6737785282","https://openalex.org/W6743754048","https://openalex.org/W6743866659","https://openalex.org/W6751955181","https://openalex.org/W6758979328"],"related_works":["https://openalex.org/W2585206524","https://openalex.org/W2023342306","https://openalex.org/W2389517528","https://openalex.org/W2352478964","https://openalex.org/W2969525462","https://openalex.org/W825330086","https://openalex.org/W2267163368","https://openalex.org/W2768705687","https://openalex.org/W4281392026","https://openalex.org/W2133389611"],"abstract_inverted_index":{"Efficient":[0],"intrusion":[1,32,39,100,173],"detection":[2,40,68,71,117,154],"and":[3,34,44,70,92,112,138,166,188],"analysis":[4],"of":[5,60,86,182],"the":[6,28,35,46,55,64,83,93,116,121,125,153,163],"security":[7],"landscape":[8],"in":[9,49,124,162],"big":[10],"data":[11],"environments":[12],"present":[13],"challenge":[14],"for":[15],"today's":[16],"users.":[17],"Intrusion":[18],"behavior":[19,122],"can":[20,62,98,113],"be":[21],"described":[22],"by":[23,119],"provenance":[24,52,57,90,95,127,137,145],"graphs":[25],"that":[26,79,169],"record":[27,146],"dependency":[29],"relationships":[30],"between":[31],"processes":[33],"infected":[36],"files.":[37],"Existing":[38],"methods":[41],"typically":[42],"analyze":[43],"identify":[45,99],"anomaly":[47,84],"either":[48],"a":[50,76,88,103,131,179],"single":[51,89],"path":[53,91],"or":[54],"whole":[56,94,126],"graph,":[58],"neither":[59],"which":[61],"achieve":[63],"benefit":[65],"on":[66,109,178],"both":[67,87],"accuracy":[69],"time.":[72],"We":[73],"propose":[74],"Pagoda,":[75],"hybrid":[77],"approach":[78],"takes":[80],"into":[81,143],"account":[82],"degree":[85],"graph.":[96,128],"It":[97],"quickly":[101],"if":[102],"serious":[104],"compromise":[105],"has":[106],"been":[107],"found":[108],"one":[110,144],"path,":[111],"further":[114],"improve":[115],"rate":[118],"considering":[120],"representation":[123],"Pagoda":[129],"uses":[130],"persistent":[132],"memory":[133],"database":[134,165],"to":[135,147],"store":[136],"aggregates":[139],"multiple":[140],"similar":[141],"items":[142,161],"maximumly":[148],"reduce":[149],"unnecessary":[150],"I/O":[151],"during":[152],"analysis.":[155],"In":[156],"addition,":[157],"it":[158],"encodes":[159],"duplicate":[160],"rule":[164],"filters":[167],"noise":[168],"does":[170],"not":[171],"contain":[172],"information.":[174],"The":[175],"experimental":[176],"results":[177],"wide":[180],"variety":[181],"real-world":[183],"applications":[184],"demonstrate":[185],"its":[186],"performance":[187],"efficiency.":[189]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}