{"id":"https://openalex.org/W2907338990","doi":"https://doi.org/10.1145/3274694.3274751","title":"Lprov","display_name":"Lprov","publication_year":2018,"publication_date":"2018-12-03","ids":{"openalex":"https://openalex.org/W2907338990","doi":"https://doi.org/10.1145/3274694.3274751","mag":"2907338990"},"language":"en","primary_location":{"id":"doi:10.1145/3274694.3274751","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274751","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274751?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274751?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100455958","display_name":"Fei Wang","orcid":"https://orcid.org/0000-0003-3462-8472"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Fei Wang","raw_affiliation_strings":["Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053834185","display_name":"Yonghwi Kwon","orcid":"https://orcid.org/0000-0002-0021-2850"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yonghwi Kwon","raw_affiliation_strings":["University of Virginia"],"affiliations":[{"raw_affiliation_string":"University of Virginia","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101594068","display_name":"Shiqing Ma","orcid":"https://orcid.org/0000-0003-1551-8948"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shiqing Ma","raw_affiliation_strings":["Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100362457","display_name":"Xiangyu Zhang","orcid":"https://orcid.org/0000-0002-5273-4765"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiangyu Zhang","raw_affiliation_strings":["Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108280598","display_name":"Dongyan Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dongyan Xu","raw_affiliation_strings":["Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100455958"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":0.6606,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.70841345,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"605","last_page":"617"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7925277948379517},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5620105266571045},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.5599293112754822},{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.5217469930648804},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4725708067417145},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.45460599660873413},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4171968102455139},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.41268664598464966},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.4110690951347351},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.38664335012435913},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.35814544558525085},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2945585250854492},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11149564385414124}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7925277948379517},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5620105266571045},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.5599293112754822},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.5217469930648804},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4725708067417145},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.45460599660873413},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4171968102455139},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.41268664598464966},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.4110690951347351},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.38664335012435913},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.35814544558525085},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2945585250854492},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11149564385414124},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3274694.3274751","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274751","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274751?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:alma.01RUT_INST:11695743750004646","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:alma.01RUT_INST:11695743750004646","is_oa":false,"landing_page_url":"https://scholarship.libraries.rutgers.edu/esploro/outputs/conferencePaper/LPROV-practical-library-aware-provenance-tracing/991031794683904646","pdf_url":null,"source":{"id":"https://openalex.org/S4210197018","display_name":"View","issn_l":"2688-268X","issn":["2688-268X","2688-3988"],"is_oa":false,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3274694.3274751","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274751","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274751?download=true","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.4399999976158142,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320338291","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2907338990.pdf","grobid_xml":"https://content.openalex.org/works/W2907338990.grobid-xml"},"referenced_works_count":56,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W168132470","https://openalex.org/W1444906800","https://openalex.org/W1499241274","https://openalex.org/W1524673069","https://openalex.org/W1559528097","https://openalex.org/W1638793211","https://openalex.org/W1683791865","https://openalex.org/W1813893391","https://openalex.org/W1821004526","https://openalex.org/W1858703999","https://openalex.org/W1963971515","https://openalex.org/W2009232481","https://openalex.org/W2035991175","https://openalex.org/W2040431736","https://openalex.org/W2084201645","https://openalex.org/W2086234010","https://openalex.org/W2089745089","https://openalex.org/W2093406244","https://openalex.org/W2096347345","https://openalex.org/W2102970979","https://openalex.org/W2103499520","https://openalex.org/W2108747667","https://openalex.org/W2112127916","https://openalex.org/W2116682495","https://openalex.org/W2119251836","https://openalex.org/W2122366494","https://openalex.org/W2129167530","https://openalex.org/W2132185316","https://openalex.org/W2133089788","https://openalex.org/W2144789413","https://openalex.org/W2144801589","https://openalex.org/W2144992712","https://openalex.org/W2145969515","https://openalex.org/W2151135920","https://openalex.org/W2158438481","https://openalex.org/W2159357881","https://openalex.org/W2213728018","https://openalex.org/W2293351723","https://openalex.org/W2293796484","https://openalex.org/W2295705535","https://openalex.org/W2317668908","https://openalex.org/W2394543764","https://openalex.org/W2397699236","https://openalex.org/W2401617229","https://openalex.org/W2407590826","https://openalex.org/W2482544674","https://openalex.org/W2579106964","https://openalex.org/W2601206855","https://openalex.org/W2605597658","https://openalex.org/W2751844787","https://openalex.org/W2765949026","https://openalex.org/W2766852928","https://openalex.org/W4238764625","https://openalex.org/W4245671428","https://openalex.org/W4255411440"],"related_works":["https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740","https://openalex.org/W2370535391","https://openalex.org/W2370679613","https://openalex.org/W2392768766"],"abstract_inverted_index":{"With":[0],"the":[1,50,58,148,173,178,185],"continuing":[2],"evolution":[3],"of":[4,23,52,150,236],"sophisticated":[5,136],"APT":[6],"attacks,":[7],"provenance":[8,25,44,86,91,158,188,202,215,239],"tracking":[9,135,159],"is":[10,45,103,108,114,132],"becoming":[11],"an":[12,111],"important":[13,54],"technique":[14],"for":[15],"efficient":[16],"attack":[17,201,208],"investigation":[18,146],"in":[19,56,85],"enterprise":[20],"networks.":[21],"Most":[22],"existing":[24],"techniques":[26],"are":[27,73],"operating":[28],"on":[29],"system":[30,65,160],"event":[31],"auditing":[32],"that":[33,184,196],"discloses":[34],"dependence":[35],"relationships":[36],"by":[37,95],"scrutinizing":[38],"syscall":[39,117,166],"traces.":[40],"Unfortunately,":[41],"such":[42],"auditing-based":[43],"not":[46,123],"able":[47],"to":[48,134,143,218],"track":[49],"causality":[51],"another":[53],"dimension":[55],"provenance,":[57],"shared":[59],"libraries.":[60,139],"Different":[61],"from":[62],"other":[63],"data-only":[64],"entities":[66],"like":[67],"files":[68],"and":[69,77,97,105,165,209,229],"sockets,":[70],"dynamic":[71],"libraries":[72],"linked":[74],"at":[75,116,127],"runtime":[76,227],"may":[78],"get":[79],"executed,":[80],"which":[81,161,180],"poses":[82],"new":[83],"challenges":[84,131],"tracking.":[87],"For":[88],"example,":[89],"library":[90,101,121,151,163,174,186,207,210],"cannot":[92],"be":[93,190],"tracked":[94],"syscalls":[96],"mapping;":[98],"whether":[99],"a":[100,120,156,169,237],"function":[102],"called":[104,109],"how":[106],"it":[107,182],"within":[110],"execution":[112,126,149,187],"context":[113],"invisible":[115],"level;":[118],"linking":[119],"does":[122],"promise":[124],"their":[125],"runtime.":[128],"Addressing":[129],"these":[130],"critical":[133],"attacks":[137],"leveraging":[138],"In":[140],"this":[141],"paper,":[142],"facilitate":[144],"fine-grained":[145],"inside":[147],"binaries,":[152],"we":[153],"develop":[154],"Lprov,":[155],"novel":[157],"combines":[162],"tracing":[164],"tracing.":[167],"Upon":[168],"syscall,":[170],"Lprov":[171,197],"identifies":[172],"calls":[175],"together":[176],"with":[177],"stack":[179],"induces":[181],"so":[183],"can":[189,198],"accurately":[191],"revealed.":[192],"Our":[193],"evaluation":[194],"shows":[195],"precisely":[199],"identify":[200],"involving":[203],"libraries,":[204],"including":[205],"malicious":[206],"vulnerability":[211],"exploitation,":[212],"while":[213],"syscall-based":[214],"tools":[216],"fail":[217],"identify.":[219],"It":[220],"only":[221],"incurs":[222],"7.0%":[223],"(in":[224],"geometric":[225],"mean)":[226],"overhead":[228],"consumes":[230],"3":[231],"times":[232],"less":[233],"storage":[234],"space":[235],"state-of-the-art":[238],"tool.":[240]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-01-11T00:00:00"}