{"id":"https://openalex.org/W3153091645","doi":"https://doi.org/10.1145/3422337.3447831","title":"UTrack","display_name":"UTrack","publication_year":2021,"publication_date":"2021-04-10","ids":{"openalex":"https://openalex.org/W3153091645","doi":"https://doi.org/10.1145/3422337.3447831","mag":"3153091645"},"language":"en","primary_location":{"id":"doi:10.1145/3422337.3447831","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422337.3447831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100387738","display_name":"Yue Li","orcid":"https://orcid.org/0000-0001-7682-811X"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yue Li","raw_affiliation_strings":["College of William and Mary, Williamsburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103189621","display_name":"Zhenyu Wu","orcid":"https://orcid.org/0000-0003-4345-5075"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhenyu Wu","raw_affiliation_strings":["Google Inc., New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Google Inc., New York, NY, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Virginia Tech, Arlington, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Tech, Arlington, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026728546","display_name":"Kun Sun","orcid":"https://orcid.org/0000-0003-4152-2107"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kun Sun","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108134931","display_name":"Zhichun Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210119420","display_name":"Stellar Solutions (United States)","ror":"https://ror.org/03h3tdh87","country_code":"US","type":"company","lineage":["https://openalex.org/I4210119420"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhichun Li","raw_affiliation_strings":["Stellar Cyber, Santa Clara, CA, USA"],"affiliations":[{"raw_affiliation_string":"Stellar Cyber, Santa Clara, CA, USA","institution_ids":["https://openalex.org/I4210119420"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024705395","display_name":"Kangkook Jee","orcid":"https://orcid.org/0000-0003-3797-4637"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kangkook Jee","raw_affiliation_strings":["University of Texas at Dallas, Dallas, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, Dallas, TX, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054561146","display_name":"Junghwan Rhee","orcid":"https://orcid.org/0000-0002-4043-9371"},"institutions":[{"id":"https://openalex.org/I139325414","display_name":"University of Central Oklahoma","ror":"https://ror.org/02n455404","country_code":"US","type":"education","lineage":["https://openalex.org/I139325414"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junghwan Rhee","raw_affiliation_strings":["University of Central Oklahoma, Edmond, OK, USA"],"affiliations":[{"raw_affiliation_string":"University of Central Oklahoma, Edmond, OK, USA","institution_ids":["https://openalex.org/I139325414"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100456776","display_name":"Haifeng Chen","orcid":"https://orcid.org/0000-0002-1318-6583"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haifeng Chen","raw_affiliation_strings":["NEC Laboratories America, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"NEC Laboratories America, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5100387738"],"corresponding_institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.04879797,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"161","last_page":"172"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8278643488883972},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.560930609703064},{"id":"https://openalex.org/keywords/salient","display_name":"Salient","score":0.5569124221801758},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.5320799350738525},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.42968153953552246},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.4275180995464325},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37275850772857666},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.24986067414283752},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.12012782692909241}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8278643488883972},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.560930609703064},{"id":"https://openalex.org/C2780719617","wikidata":"https://www.wikidata.org/wiki/Q1030752","display_name":"Salient","level":2,"score":0.5569124221801758},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.5320799350738525},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.42968153953552246},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.4275180995464325},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37275850772857666},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.24986067414283752},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.12012782692909241},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3422337.3447831","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422337.3447831","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W1524673069","https://openalex.org/W1551760018","https://openalex.org/W1683791865","https://openalex.org/W1964908178","https://openalex.org/W1969568357","https://openalex.org/W1972524097","https://openalex.org/W2022710553","https://openalex.org/W2045234005","https://openalex.org/W2064853889","https://openalex.org/W2067257553","https://openalex.org/W2093406244","https://openalex.org/W2096347345","https://openalex.org/W2100895597","https://openalex.org/W2130843735","https://openalex.org/W2133990480","https://openalex.org/W2141353180","https://openalex.org/W2150847526","https://openalex.org/W2153644028","https://openalex.org/W2159764755","https://openalex.org/W2162370593","https://openalex.org/W2168508162","https://openalex.org/W2213728018","https://openalex.org/W2293351723","https://openalex.org/W2295705535","https://openalex.org/W2397699236","https://openalex.org/W2560810941","https://openalex.org/W2579106964","https://openalex.org/W2583862887","https://openalex.org/W2604395162","https://openalex.org/W2625181141","https://openalex.org/W2741724921","https://openalex.org/W2752929869","https://openalex.org/W2790316935","https://openalex.org/W2912412735","https://openalex.org/W2962703433","https://openalex.org/W2962785074","https://openalex.org/W3003687308","https://openalex.org/W4232900735"],"related_works":["https://openalex.org/W2329500892","https://openalex.org/W28991112","https://openalex.org/W2370726991","https://openalex.org/W2032233321","https://openalex.org/W3121970507","https://openalex.org/W2110028391","https://openalex.org/W54497855","https://openalex.org/W2369710579","https://openalex.org/W217960748","https://openalex.org/W3125814499"],"abstract_inverted_index":{"Tracking":[0],"user":[1,21,44,69,81,171,194],"activities":[2,78],"inside":[3],"an":[4],"enterprise":[5,131],"network":[6,85],"has":[7],"been":[8],"a":[9,48,60,75,98,104,129,186,193],"fundamental":[10],"building":[11],"block":[12],"for":[13],"today's":[14],"security":[15,25],"infrastructure,":[16],"as":[17],"it":[18],"provides":[19],"accurate":[20,43,188],"profiling":[22],"and":[23,71,83,97,109,176,189],"helps":[24],"auditors":[26],"to":[27,112,162,170],"make":[28],"informed":[29],"decisions":[30],"based":[31,87],"on":[32,88,192],"the":[33,37,65,114,122,147,165,181],"derived":[34],"insights":[35],"from":[36],"abundant":[38],"log":[39],"data.":[40,118],"Towards":[41],"more":[42,99,139],"tracking,":[45],"we":[46,63,102,156],"propose":[47],"novel":[49],"paradigm":[50],"named":[51],"UTrack":[52,127,159],"by":[53],"leveraging":[54],"rich":[55],"system-level":[56],"audit":[57],"logs.":[58],"From":[59],"holistic":[61],"perspective,":[62],"bridge":[64],"semantic":[66],"gap":[67],"between":[68],"accounts":[70,82],"real":[72,76,130],"users,":[73],"tracking":[74],"user's":[77],"across":[79],"different":[80,84],"hosts":[86],"causal":[89],"relationship":[90],"among":[91],"processes.":[92],"To":[93],"achieve":[94],"better":[95],"scalability":[96],"salient":[100,190],"view,":[101],"apply":[103],"variety":[105],"of":[106,117,134,150],"data":[107,123,174,183],"reduction":[108,175],"compression":[110,177],"techniques":[111],"process":[113],"large":[115],"amount":[116],"%and":[119],"significantly":[120],"reduce":[121,180],"volume.":[124],"We":[125],"implement":[126],"in":[128,144],"environment":[132],"consisting":[133],"111":[135],"hosts,":[136],"which":[137],"generate":[138],"than":[140],"4":[141],"billion":[142],"events":[143,166],"total":[145],"during":[146],"experiment":[148],"time":[149],"one":[151],"month.":[152],"Through":[153],"our":[154],"evaluation,":[155],"demonstrate":[157],"that":[158,167],"is":[160],"able":[161],"accurately":[163],"identify":[164],"are":[168],"relevant":[169],"activities.":[172],"Our":[173],"modules":[178],"largely":[179],"output":[182],"size,":[184],"producing":[185],"both":[187],"overview":[191],"session":[195],"profile.":[196]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2021-04-26T00:00:00"}