{"id":"https://openalex.org/W2990791794","doi":"https://doi.org/10.1145/3359789.3359818","title":"Progressive processing of system-behavioral query","display_name":"Progressive processing of system-behavioral query","publication_year":2019,"publication_date":"2019-11-22","ids":{"openalex":"https://openalex.org/W2990791794","doi":"https://doi.org/10.1145/3359789.3359818","mag":"2990791794"},"language":"en","primary_location":{"id":"doi:10.1145/3359789.3359818","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359818","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002240947","display_name":"Jiaping Gui","orcid":"https://orcid.org/0009-0001-4272-9604"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jiaping Gui","raw_affiliation_strings":["NEC Laboratories America, Inc"],"affiliations":[{"raw_affiliation_string":"NEC Laboratories America, Inc","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012621594","display_name":"Xusheng Xiao","orcid":"https://orcid.org/0000-0003-4797-4294"},"institutions":[{"id":"https://openalex.org/I58956616","display_name":"Case Western Reserve University","ror":"https://ror.org/051fd9666","country_code":"US","type":"education","lineage":["https://openalex.org/I58956616"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xusheng Xiao","raw_affiliation_strings":["Case Western Reserve University"],"affiliations":[{"raw_affiliation_string":"Case Western Reserve University","institution_ids":["https://openalex.org/I58956616"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100449520","display_name":"Li Ding","orcid":"https://orcid.org/0000-0003-1517-2975"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ding Li","raw_affiliation_strings":["NEC Laboratories America, Inc"],"affiliations":[{"raw_affiliation_string":"NEC Laboratories America, Inc","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101947406","display_name":"Chung Hwan Kim","orcid":"https://orcid.org/0000-0002-0985-8439"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chung Hwan Kim","raw_affiliation_strings":["NEC Laboratories America, Inc"],"affiliations":[{"raw_affiliation_string":"NEC Laboratories America, Inc","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100456776","display_name":"Haifeng Chen","orcid":"https://orcid.org/0000-0002-1318-6583"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Haifeng Chen","raw_affiliation_strings":["NEC Laboratories America, Inc"],"affiliations":[{"raw_affiliation_string":"NEC Laboratories America, Inc","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5002240947"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1768,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.5590779,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"378","last_page":"389"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8684141039848328},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.6571147441864014},{"id":"https://openalex.org/keywords/partition","display_name":"Partition (number theory)","score":0.6571058034896851},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6163818836212158},{"id":"https://openalex.org/keywords/system-monitoring","display_name":"System monitoring","score":0.5075873136520386},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43993955850601196},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11637276411056519}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8684141039848328},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.6571147441864014},{"id":"https://openalex.org/C42812","wikidata":"https://www.wikidata.org/wiki/Q1082910","display_name":"Partition (number theory)","level":2,"score":0.6571058034896851},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6163818836212158},{"id":"https://openalex.org/C200749887","wikidata":"https://www.wikidata.org/wiki/Q1165574","display_name":"System monitoring","level":2,"score":0.5075873136520386},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43993955850601196},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11637276411056519},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3359789.3359818","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3359789.3359818","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7099999785423279}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W979215280","https://openalex.org/W1540258466","https://openalex.org/W1989587125","https://openalex.org/W1992355453","https://openalex.org/W1995976200","https://openalex.org/W2014515160","https://openalex.org/W2044458395","https://openalex.org/W2049828091","https://openalex.org/W2063425022","https://openalex.org/W2065325279","https://openalex.org/W2074180730","https://openalex.org/W2080622138","https://openalex.org/W2087293980","https://openalex.org/W2096347345","https://openalex.org/W2101645128","https://openalex.org/W2113767173","https://openalex.org/W2125743503","https://openalex.org/W2131724884","https://openalex.org/W2133464983","https://openalex.org/W2134429122","https://openalex.org/W2139248042","https://openalex.org/W2145490846","https://openalex.org/W2161086411","https://openalex.org/W2167630669","https://openalex.org/W2404716398","https://openalex.org/W2466206609","https://openalex.org/W2489842326","https://openalex.org/W2620471208","https://openalex.org/W2790557990","https://openalex.org/W2963556271","https://openalex.org/W3147048975","https://openalex.org/W3148712241","https://openalex.org/W4301884989"],"related_works":["https://openalex.org/W2000785801","https://openalex.org/W986318368","https://openalex.org/W2384410913","https://openalex.org/W2352878646","https://openalex.org/W2004734601","https://openalex.org/W2130149817","https://openalex.org/W2990194547","https://openalex.org/W1480123525","https://openalex.org/W2620865396","https://openalex.org/W1516401916"],"abstract_inverted_index":{"System":[0],"monitoring":[1,17,92,208],"has":[2],"recently":[3],"emerged":[4],"as":[5],"an":[6,34,117],"effective":[7],"way":[8],"to":[9,39,80,107,120,237],"analyze":[10,52],"and":[11,25,44,51,83,115,145,210],"counter":[12],"advanced":[13],"cyber":[14],"attacks.":[15,58],"The":[16,125],"data":[18,38,62],"records":[19],"a":[20,27,71,97,134],"series":[21],"of":[22,30,128,196],"system":[23,31,42,54,78,91,98,113,195,207,217],"events":[24],"provides":[26],"global":[28],"view":[29],"behaviors":[32,46,55,114,204],"in":[33],"organization.":[35],"Querying":[36],"such":[37],"identify":[40],"potential":[41],"risks":[43],"malicious":[45],"helps":[47],"security":[48],"analysts":[49],"detect":[50],"abnormal":[53],"caused":[56],"by":[57],"However,":[59],"since":[60],"the":[61,152,158,166,171,179,187,193,211,215,228,238],"volume":[63],"is":[64,130],"huge,":[65],"queries":[66,110,139,201],"could":[67],"easily":[68],"run":[69],"for":[70,77,142,168,182,202],"long":[72],"time,":[73],"making":[74],"it":[75],"difficult":[76],"experts":[79],"obtain":[81,121],"prompt":[82],"continuous":[84],"feedback.":[85],"To":[86],"support":[87],"interactive":[88],"querying":[89],"over":[90,205],"data,":[93,209],"we":[94],"propose":[95],"ProbeQ,":[96],"that":[99,111,136,164,214],"progressively":[100,222],"processes":[101],"system-behavioral":[102],"queries.":[103],"It":[104],"allows":[105],"users":[106],"concisely":[108],"compose":[109],"describe":[112],"specify":[116],"update":[118,154,229],"frequency":[119],"partial":[122,147,220],"results":[123,148,212],"progressively.":[124],"query":[126],"engine":[127],"ProbeQ":[129,138,197,216],"built":[131],"based":[132,150,185],"on":[133,151,186,198],"framework":[135,159],"partitions":[137],"into":[140],"sub-queries":[141,184],"parallel":[143],"execution":[144,189,234,239],"retrieves":[146],"periodically":[149],"specified":[153],"frequency.":[155],"We":[156,191],"concretize":[157],"with":[160,231],"three":[161],"partition":[162,174],"strategies":[163],"predict":[165],"workloads":[167,181],"sub-queries,":[169],"where":[170],"adaptive":[172],"workload":[173],"strategy":[175],"(AdWd)":[176],"dynamically":[177],"adjusts":[178],"predicted":[180],"subsequent":[183],"latest":[188],"information.":[190],"evaluate":[192],"prototype":[194],"commonly":[199],"used":[200],"suspicious":[203],"real-world":[206],"show":[213],"can":[218],"provide":[219],"updates":[221],"(on":[223],"average":[224],"9.1%":[225],"deviation":[226],"from":[227],"frequencies)":[230],"only":[232],"1.2%":[233],"overhead":[235],"compared":[236],"without":[240],"progressive":[241],"processing.":[242]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}