{"id":"https://openalex.org/W1995773849","doi":"https://doi.org/10.1145/2810103.2810106","title":"POSTER","display_name":"POSTER","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W1995773849","doi":"https://doi.org/10.1145/2810103.2810106","mag":"1995773849"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2810106","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2810106","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2810106?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2810106?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088206056","display_name":"Anoop Singhal","orcid":"https://orcid.org/0000-0002-2602-3927"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Anoop Singhal","raw_affiliation_strings":["NIST, Gaithersburg, MD, USA"],"affiliations":[{"raw_affiliation_string":"NIST, Gaithersburg, MD, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100701769","display_name":"Changwei Liu","orcid":"https://orcid.org/0000-0003-2367-5564"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Changwei Liu","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031787636","display_name":"Duminda Wijesekara","orcid":null},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Duminda Wijesekara","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5088206056"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.08785066,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1677","last_page":"1677"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8291196823120117},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5923946499824524},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5456023216247559},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.5315290093421936},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.5104061961174011},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5099142789840698},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5056183338165283},{"id":"https://openalex.org/keywords/plan","display_name":"Plan (archaeology)","score":0.43584689497947693},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17920950055122375}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8291196823120117},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5923946499824524},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5456023216247559},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.5315290093421936},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.5104061961174011},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5099142789840698},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5056183338165283},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.43584689497947693},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17920950055122375},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2810103.2810106","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2810106","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2810106?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2810103.2810106","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2810106","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2810106?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6399999856948853,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W1995773849.pdf","grobid_xml":"https://content.openalex.org/works/W1995773849.grobid-xml"},"referenced_works_count":7,"referenced_works":["https://openalex.org/W1495304983","https://openalex.org/W1555728360","https://openalex.org/W1986126834","https://openalex.org/W2001479375","https://openalex.org/W2258962210","https://openalex.org/W2547036158","https://openalex.org/W4249001313"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W2375896275","https://openalex.org/W4230913293","https://openalex.org/W2166943775","https://openalex.org/W2775236000","https://openalex.org/W2151915331","https://openalex.org/W2312996858","https://openalex.org/W2392120181","https://openalex.org/W2307276533","https://openalex.org/W2390124310"],"abstract_inverted_index":{"Modern-day":[0],"attackers":[1,38],"tend":[2],"to":[3,12,18,88,93,134,136,158,166,176],"use":[4,151],"sophisticated":[5],"multi-stage/multi-host":[6],"attack":[7,15,30,48,96,168,190],"techniques":[8],"and":[9,25,57,79,109,127,163,181],"anti-forensics":[10,129],"tools":[11],"cover":[13],"their":[14],"traces.":[16],"Due":[17],"the":[19,37,52,90,95,141,156,178],"current":[20],"limitations":[21],"of":[22,39,65,104,172],"intrusion":[23],"detection":[24],"forensic":[26],"analysis":[27],"tools,":[28],"reconstructing":[29,47],"scenarios":[31,49],"from":[32,54],"evidence":[33,110,157],"left":[34],"behind":[35],"by":[36,50,112],"an":[40,80,128,189],"enterprise":[41],"system":[42,58,116,122,159,199],"is":[43,68,117,175],"challenging.":[44],"In":[45,72,147],"particular,":[46],"using":[51,123],"information":[53],"IDS":[55],"alerts":[56],"logs":[59],"that":[60,84,131,195],"have":[61],"a":[62,69,77,101,120,137,197],"large":[63,102],"number":[64],"false":[66],"positives":[67],"big":[70],"challenge.":[71],"this":[73,148,173],"paper,":[74],"we":[75,132,150],"present":[76],"model":[78],"accompanying":[81],"software":[82],"tool":[83],"systematically":[85],"addresses":[86],"how":[87,188],"resolve":[89],"above":[91],"problems":[92,99],"reconstruct":[94,167],"scenario.":[97],"These":[98],"include":[100],"amount":[103],"data":[105,108],"including":[106,154],"non-relevant":[107],"destroyed":[111],"anti-forensic":[113],"techniques.":[114],"Our":[115,192],"based":[118],"on":[119],"Prolog":[121],"known":[124],"vulnerability":[125],"databases":[126],"database":[130,139],"plan":[133],"extend":[135],"standardized":[138],"like":[140],"NIST":[142],"National":[143],"Vulnerability":[144],"Database":[145],"(NVD).":[146],"model,":[149],"different":[152],"methods,":[153],"mapping":[155],"vulnerabilities,":[160],"inductive":[161],"reasoning":[162,165,198],"abductive":[164],"scenarios.":[169],"The":[170],"goal":[171],"work":[174],"reduce":[177],"investigators'":[179],"time":[180],"effort":[182],"in":[183],"reaching":[184],"definite":[185],"conclusion":[186],"about":[187],"occurred.":[191],"results":[193],"indicate":[194],"such":[196],"can":[200],"be":[201],"useful":[202],"for":[203],"network":[204],"forensics":[205],"analysis.":[206]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}