{"id":"https://openalex.org/W3157720608","doi":"https://doi.org/10.1109/tifs.2021.3076288","title":"General, Efficient, and Real-Time Data Compaction Strategy for APT Forensic Analysis","display_name":"General, Efficient, and Real-Time Data Compaction Strategy for APT Forensic Analysis","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3157720608","doi":"https://doi.org/10.1109/tifs.2021.3076288","mag":"3157720608"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2021.3076288","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3076288","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029428788","display_name":"Tiantian Zhu","orcid":"https://orcid.org/0000-0002-8657-662X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8657-662X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100368334","display_name":"Jiayu Wang","orcid":"https://orcid.org/0000-0003-4497-2891"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiayu Wang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074492926","display_name":"Linqi Ruan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108177","display_name":"Zhejiang Police College","ror":"https://ror.org/01rxaf991","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210108177"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linqi Ruan","raw_affiliation_strings":["Zhejiang Police College, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-1934-3057","affiliations":[{"raw_affiliation_string":"Zhejiang Police College, Hangzhou, China","institution_ids":["https://openalex.org/I4210108177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024324179","display_name":"Chunlin Xiong","orcid":"https://orcid.org/0000-0003-4426-3585"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlin Xiong","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4426-3585","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064030057","display_name":"Jinkai Yu","orcid":null},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinkai Yu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018390459","display_name":"Yaosheng Li","orcid":"https://orcid.org/0000-0002-5748-7927"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yaosheng Li","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Northwestern University, Evanston, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068773146","display_name":"Mingqi Lv","orcid":"https://orcid.org/0000-0003-4810-7491"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingqi Lv","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4810-7491","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056827411","display_name":"Tieming Chen","orcid":"https://orcid.org/0000-0003-4664-3311"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tieming Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4664-3311","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, China","institution_ids":["https://openalex.org/I55712492"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.5274,"has_fulltext":false,"cited_by_count":40,"citation_normalized_percentile":{"value":0.92711426,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"16","issue":null,"first_page":"3312","last_page":"3325"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8458086252212524},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.448574423789978},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3815489709377289},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3540992736816406},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.33280956745147705},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11761608719825745}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8458086252212524},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.448574423789978},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3815489709377289},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3540992736816406},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.33280956745147705},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11761608719825745}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2021.3076288","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3076288","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1317677795","display_name":null,"funder_award_id":"U1936215","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1608062039","display_name":"\u9762\u5411\u79fb\u52a8\u5e94\u7528\u7684\u6076\u610f\u4ee3\u7801\u81ea\u52a8\u5316\u68c0\u6d4b\u65b9\u6cd5\u7814\u7a76","funder_award_id":"61772026","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3558286546","display_name":null,"funder_award_id":"62002324","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G92243833","display_name":null,"funder_award_id":"TC190H3WN","funder_id":"https://openalex.org/F4320323970","funder_display_name":"Ministry of Industry and Information Technology of the People's Republic of China"},{"id":"https://openalex.org/G979421220","display_name":null,"funder_award_id":"LQ21F020016","funder_id":"https://openalex.org/F4320338464","funder_display_name":"Natural Science Foundation of Zhejiang Province"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320323970","display_name":"Ministry of Industry and Information Technology of the People's Republic of China","ror":"https://ror.org/0385nmy68"},{"id":"https://openalex.org/F4320338464","display_name":"Natural Science Foundation of Zhejiang Province","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W168132470","https://openalex.org/W1444906800","https://openalex.org/W1997787524","https://openalex.org/W2009232481","https://openalex.org/W2078821319","https://openalex.org/W2093406244","https://openalex.org/W2094227925","https://openalex.org/W2096347345","https://openalex.org/W2100666033","https://openalex.org/W2112127916","https://openalex.org/W2168264487","https://openalex.org/W2213728018","https://openalex.org/W2295705535","https://openalex.org/W2317668908","https://openalex.org/W2397699236","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2747669027","https://openalex.org/W2751114427","https://openalex.org/W2751844787","https://openalex.org/W2755094099","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2792591096","https://openalex.org/W2888974175","https://openalex.org/W2889727957","https://openalex.org/W2962703433","https://openalex.org/W2962785074","https://openalex.org/W3005127313","https://openalex.org/W3015650867","https://openalex.org/W3101089035","https://openalex.org/W4205777466","https://openalex.org/W4252481514","https://openalex.org/W4255411440","https://openalex.org/W6601859066","https://openalex.org/W6628457668","https://openalex.org/W6684481483","https://openalex.org/W6712595259","https://openalex.org/W6743841043","https://openalex.org/W6754375631"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"The":[0,233],"damage":[1],"caused":[2],"by":[3],"Advanced":[4],"Persistent":[5],"Threat":[6],"(APT)":[7],"attacks":[8],"to":[9,33,46,60,119,206,230,247,261,277],"governments":[10],"and":[11,38,109,123,137,164,179,189,221,269,287],"large":[12,105],"enterprises":[13],"is":[14,21,205,291],"gradually":[15],"escalating.":[16],"Once":[17],"an":[18],"attack":[19,209],"event":[20],"detected,":[22],"forensic":[23,65,86,203],"analysis":[24,152,204,214],"will":[25,57],"use":[26],"the":[27,40,43,47,62,78,99,121,143,154,159,200,208,216,224,231,236,241],"dependencies":[28],"between":[29],"system":[30,144,162,248],"audit":[31],"logs":[32],"rapidly":[34],"locate":[35],"intrusion":[36],"points":[37],"determine":[39],"impact":[41],"of":[42,50,55,64,101,153,172,202,235,244],"attacks.":[44],"Due":[45],"high":[48,252],"persistence":[49],"APT":[51],"attacks,":[52],"huge":[53],"amounts":[54],"data":[56,83,106,115,139,170,191],"be":[58],"stored":[59],"meet":[61,98,120],"needs":[63],"analysis,":[66,87],"which":[67,177,290],"not":[68,149,185,228],"only":[69],"brings":[70],"great":[71],"storage":[72],"overhead,":[73,108],"but":[74],"also":[75],"sharply":[76],"increases":[77],"computing":[79],"costs.":[80],"To":[81,127],"compact":[82],"without":[84],"affecting":[85],"several":[88],"methods":[89,117],"have":[90],"been":[91],"proposed.":[92],"However,":[93],"in":[94],"real-world":[95,237],"scenarios,":[96],"we":[97],"problems":[100],"weak":[102],"cross-platform":[103],"capability,":[104],"processing":[107],"poor":[110],"real-time":[111,138],"performance,":[112],"rendering":[113],"existing":[114],"compaction":[116,140,171,192,242],"difficult":[118],"usability":[122],"universality":[124],"requirements":[125],"jointly.":[126],"overcome":[128],"these":[129],"difficulties,":[130],"this":[131],"paper":[132],"proposes":[133],"a":[134],"general,":[135],"efficient,":[136],"method":[141,246],"at":[142],"log":[145],"level;":[146],"it":[147,165],"does":[148],"involve":[150],"internal":[151],"program":[155],"or":[156],"depend":[157],"on":[158,194,215,285],"specific":[160],"operating":[161],"type,":[163],"includes":[166],"two":[167],"strategies:":[168],"1)":[169],"maintaining":[173],"global":[174,187],"semantics":[175,196],"(GS),":[176],"determines":[178],"deletes":[180,223],"redundant":[181],"events":[182,218,249],"that":[183,199,226,240],"do":[184],"affect":[186],"dependencies,":[188],"2)":[190],"based":[193],"suspicious":[195],"(SS).":[197],"Given":[198],"purpose":[201],"restore":[207],"chain,":[210],"SS":[211],"performs":[212],"context":[213],"remaining":[217],"from":[219],"GS":[220,286],"further":[222],"parts":[225],"are":[227,250],"related":[229],"attack.":[232],"results":[234],"experiments":[238],"show":[239],"ratios":[243],"our":[245],"as":[251,253],"<inline-formula":[254,262,270,278],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[255,263,271,279],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">":[256,264,272,280],"<tex-math":[257,265,273,281],"notation=\"LaTeX\">$4.36\\times":[258],"$":[259,267,275,283],"</tex-math></inline-formula>":[260,268,276,284],"notation=\"LaTeX\">$13.18\\times":[266],"notation=\"LaTeX\">$7.86\\times":[274],"notation=\"LaTeX\">$26.99\\times":[282],"SS,":[288],"respectively,":[289],"better":[292],"than":[293],"state-of-the-art":[294],"studies.":[295]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}