{"id":"https://openalex.org/W2766852928","doi":"https://doi.org/10.1145/3133956.3134045","title":"RAIN","display_name":"RAIN","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W2766852928","doi":"https://doi.org/10.1145/3133956.3134045","mag":"2766852928"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3134045","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3133956.3134045","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=3134045&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"http://dl.acm.org/ft_gateway.cfm?id=3134045&type=pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045154172","display_name":"Ji Yang","orcid":"https://orcid.org/0000-0002-5209-7436"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yang Ji","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100330701","display_name":"Sangho Lee","orcid":"https://orcid.org/0000-0002-0412-7768"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sangho Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090363876","display_name":"Evan Downing","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Evan Downing","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101715765","display_name":"Weiren Wang","orcid":"https://orcid.org/0009-0007-6536-973X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weiren Wang","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059830348","display_name":"Mattia Fazzini","orcid":"https://orcid.org/0000-0002-1412-1546"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mattia Fazzini","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100743709","display_name":"Taesoo Kim","orcid":"https://orcid.org/0000-0002-7440-2067"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Taesoo Kim","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030961858","display_name":"Alessandro Orso","orcid":"https://orcid.org/0000-0003-4516-9320"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alessandro Orso","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5045154172"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":8.1014,"has_fulltext":true,"cited_by_count":83,"citation_normalized_percentile":{"value":0.97928279,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"377","last_page":"390"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7237507104873657},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6138576865196228},{"id":"https://openalex.org/keywords/granularity","display_name":"Granularity","score":0.5473166108131409},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4635293781757355},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.40757977962493896},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3469204008579254},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28478461503982544}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7237507104873657},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6138576865196228},{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.5473166108131409},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4635293781757355},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.40757977962493896},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3469204008579254},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28478461503982544}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3133956.3134045","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3133956.3134045","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=3134045&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3133956.3134045","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3133956.3134045","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=3134045&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1627094294","display_name":"SaTC-EDU: EAGER: Big Data and Security: Educating the Next-Generation Security Analysts","funder_award_id":"1500084","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G1795727596","display_name":null,"funder_award_id":"DGE-1500084","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2024950750","display_name":null,"funder_award_id":"CRI-1629851","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3099434795","display_name":null,"funder_award_id":"N000140911042 and N000141512162","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G3337934819","display_name":null,"funder_award_id":"N000141512162","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G3371991119","display_name":null,"funder_award_id":"HR0011-16-C-0059","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G3626393980","display_name":"Georgia Tech's Scholarship-for-Service (SFS) Progr","funder_award_id":"1565523","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3771946922","display_name":"EAGER: Collaborative Research: Leveraging Graph Databases for Incremental and Scalable Symbolic Analysis and Verification of Web Applications","funder_award_id":"1548856","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3943877786","display_name":null,"funder_award_id":"831300","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3954318282","display_name":"Collaborative Research:   CT-L:   CLEANSE:   Cross-Layer Large-Scale Efficient Analysis of Network Activities to Secure the Internet","funder_award_id":"0831300","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3998797464","display_name":null,"funder_award_id":"N0001415","funder_id":"https://openalex.org/F4320334879","funder_display_name":"Korea Evaluation Institute of Industrial Technology"},{"id":"https://openalex.org/G4728784257","display_name":"CI-P: Collaborative: Planning for a Community-Driven Open Research Infrastructure to Support Secure Computing Research involving Intel SGX","funder_award_id":"1629851","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4935764341","display_name":null,"funder_award_id":"CNS-1704701","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5051192394","display_name":null,"funder_award_id":"FA8650-15-C","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G5643251411","display_name":null,"funder_award_id":"and N00","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G5648561504","display_name":null,"funder_award_id":"IITP/KEIT[B0101-17-0644]","funder_id":"https://openalex.org/F4320322093","funder_display_name":"Electronics and Telecommunications Research Institute"},{"id":"https://openalex.org/G5718616599","display_name":null,"funder_award_id":"2017R1A6A3A03002506","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"},{"id":"https://openalex.org/G5869452329","display_name":null,"funder_award_id":"B0101-17-0644","funder_id":"https://openalex.org/F4320322093","funder_display_name":"Electronics and Telecommunications Research Institute"},{"id":"https://openalex.org/G60922421","display_name":null,"funder_award_id":"CNS-1563848","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6191430313","display_name":null,"funder_award_id":"N000140911042, N000141512162","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G6486092784","display_name":null,"funder_award_id":"FA8650-15-C-7556","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7146038114","display_name":null,"funder_award_id":"N000140911042","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G7182034009","display_name":null,"funder_award_id":"1704701","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7385579491","display_name":"TC: Small: A Foundational and Practical Platform for Host Security Applications","funder_award_id":"1017265","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7744643680","display_name":null,"funder_award_id":"FA8650-15-C-7556 and HR0011-16-C-0059","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G8236366147","display_name":"TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs","funder_award_id":"1563848","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G942779864","display_name":null,"funder_award_id":"CNS-0831300, CNS-1017265, DGE-1500084, CCF-1548856, CNS-1563848,SFS-1565523, CRI-1629851, and CNS-1704701","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320322093","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10"},{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320334879","display_name":"Korea Evaluation Institute of Industrial Technology","ror":"https://ror.org/03z9cwa38"},{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2766852928.pdf","grobid_xml":"https://content.openalex.org/works/W2766852928.grobid-xml"},"referenced_works_count":46,"referenced_works":["https://openalex.org/W11234669","https://openalex.org/W161166442","https://openalex.org/W168132470","https://openalex.org/W1444906800","https://openalex.org/W1527417319","https://openalex.org/W1549813142","https://openalex.org/W1559528097","https://openalex.org/W1577933227","https://openalex.org/W1610688982","https://openalex.org/W1797940646","https://openalex.org/W1837052416","https://openalex.org/W1858703999","https://openalex.org/W1963971515","https://openalex.org/W2012431717","https://openalex.org/W2017802026","https://openalex.org/W2019641142","https://openalex.org/W2029224396","https://openalex.org/W2078016990","https://openalex.org/W2088272026","https://openalex.org/W2089745089","https://openalex.org/W2100666033","https://openalex.org/W2102970979","https://openalex.org/W2108747667","https://openalex.org/W2122097147","https://openalex.org/W2142892618","https://openalex.org/W2151135920","https://openalex.org/W2170646878","https://openalex.org/W2215262239","https://openalex.org/W2284900416","https://openalex.org/W2293351723","https://openalex.org/W2327699954","https://openalex.org/W2397699236","https://openalex.org/W2417238694","https://openalex.org/W2417495832","https://openalex.org/W2474516640","https://openalex.org/W2482544674","https://openalex.org/W2491693446","https://openalex.org/W2514041296","https://openalex.org/W2532844970","https://openalex.org/W2561988158","https://openalex.org/W2579106964","https://openalex.org/W2579121572","https://openalex.org/W2912412735","https://openalex.org/W6633462303","https://openalex.org/W6636266278","https://openalex.org/W6696473490"],"related_works":["https://openalex.org/W2931688134","https://openalex.org/W2377919138","https://openalex.org/W2378857091","https://openalex.org/W103652678","https://openalex.org/W4226090359","https://openalex.org/W2059697060","https://openalex.org/W936373746","https://openalex.org/W2975817033","https://openalex.org/W4382701072","https://openalex.org/W2002863235"],"abstract_inverted_index":{"As":[0],"modern":[1],"attacks":[2],"become":[3],"more":[4],"stealthy":[5],"and":[6,30,56,64,67,82],"persistent,":[7],"detecting":[8],"or":[9,23,104],"preventing":[10],"them":[11],"at":[12],"their":[13],"early":[14],"stages":[15],"becomes":[16],"virtually":[17],"impossible.":[18],"Instead,":[19],"an":[20],"attack":[21,55,63,102],"investigation":[22],"provenance":[24],"system":[25,33,41,83],"aims":[26],"to":[27,50,112],"continuously":[28],"monitor":[29],"log":[31,49,80],"interesting":[32],"events":[34,90],"with":[35],"minimal":[36],"overhead.":[37],"Later,":[38],"if":[39],"the":[40,48,54,62],"observes":[42],"any":[43,70],"anomalous":[44],"behavior,":[45],"it":[46],"analyzes":[47],"identify":[51],"who":[52],"initiated":[53],"which":[57],"resources":[58],"were":[59],"affected":[60],"by":[61],"then":[65],"assess":[66],"recover":[68],"from":[69],"damage":[71],"incurred.":[72],"However,":[73],"because":[74],"of":[75],"a":[76],"fundamental":[77],"tradeoff":[78],"between":[79],"granularity":[81],"performance,":[84],"existing":[85],"systems":[86],"typically":[87],"record":[88],"system-call":[89],"without":[91],"detailed":[92],"program-level":[93,114],"activities":[94],"(e.g.,":[95],"memory":[96],"operation)":[97],"required":[98],"for":[99],"accurately":[100],"reconstructing":[101],"causality":[103],"demand":[105],"that":[106],"every":[107],"monitored":[108],"program":[109],"be":[110],"instrumented":[111],"provide":[113],"information.":[115]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":13},{"year":2018,"cited_by_count":12}],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2017-11-10T00:00:00"}