{"id":"https://openalex.org/W3094213939","doi":"https://doi.org/10.1145/3427228.3427272","title":"On the Forensic Validity of Approximated Audit Logs","display_name":"On the Forensic Validity of Approximated Audit Logs","publication_year":2020,"publication_date":"2020-12-07","ids":{"openalex":"https://openalex.org/W3094213939","doi":"https://doi.org/10.1145/3427228.3427272","mag":"3094213939"},"language":"en","primary_location":{"id":"doi:10.1145/3427228.3427272","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427272","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033840812","display_name":"Noor Michael","orcid":"https://orcid.org/0000-0003-0320-7990"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Noor Michael","raw_affiliation_strings":["University of Illinois Urbana-Champaign"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010662467","display_name":"Jaron Mink","orcid":"https://orcid.org/0000-0001-9390-3900"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jaron Mink","raw_affiliation_strings":["University of Illinois Urbana-Champaign, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, United States of America","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083193232","display_name":"Jason Liu","orcid":"https://orcid.org/0000-0001-8222-4013"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Liu","raw_affiliation_strings":["University of Illinois Urbana-Champaign"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047211455","display_name":"Sneha Gaur","orcid":"https://orcid.org/0000-0001-8613-8286"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sneha Gaur","raw_affiliation_strings":["University of Illinois Urbana-Champaign"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089936565","display_name":"Wajih Ul Hassan","orcid":"https://orcid.org/0000-0002-5676-6027"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wajih Ul Hassan","raw_affiliation_strings":["University of Illinois Urbana-Champaign, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, United States of America","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021649580","display_name":"Adam Bates","orcid":"https://orcid.org/0000-0003-1511-4951"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Bates","raw_affiliation_strings":["University of Illinois Urbana-Champaign, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, United States of America","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5033840812"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":7.2636,"has_fulltext":false,"cited_by_count":43,"citation_normalized_percentile":{"value":0.97524002,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"189","last_page":"202"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.8506499528884888},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6752011775970459},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.614654004573822},{"id":"https://openalex.org/keywords/measure","display_name":"Measure (data warehouse)","score":0.5624269247055054},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.5108711123466492},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.5093735456466675},{"id":"https://openalex.org/keywords/forensic-science","display_name":"Forensic science","score":0.47425925731658936},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4603886306285858},{"id":"https://openalex.org/keywords/computer-forensics","display_name":"Computer forensics","score":0.4552444815635681},{"id":"https://openalex.org/keywords/forensic-accounting","display_name":"Forensic accounting","score":0.437637597322464},{"id":"https://openalex.org/keywords/value","display_name":"Value (mathematics)","score":0.4155201315879822},{"id":"https://openalex.org/keywords/raw-data","display_name":"Raw data","score":0.41447409987449646},{"id":"https://openalex.org/keywords/audit-trail","display_name":"Audit trail","score":0.4101904332637787},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4004899263381958},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3528006076812744},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.3106449842453003},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.15666526556015015},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12123715877532959},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.10319072008132935},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.08450359106063843}],"concepts":[{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.8506499528884888},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6752011775970459},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.614654004573822},{"id":"https://openalex.org/C2780009758","wikidata":"https://www.wikidata.org/wiki/Q6804172","display_name":"Measure (data warehouse)","level":2,"score":0.5624269247055054},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.5108711123466492},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.5093735456466675},{"id":"https://openalex.org/C140505726","wikidata":"https://www.wikidata.org/wiki/Q495304","display_name":"Forensic science","level":2,"score":0.47425925731658936},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4603886306285858},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.4552444815635681},{"id":"https://openalex.org/C2780073145","wikidata":"https://www.wikidata.org/wiki/Q2663158","display_name":"Forensic accounting","level":3,"score":0.437637597322464},{"id":"https://openalex.org/C2776291640","wikidata":"https://www.wikidata.org/wiki/Q2912517","display_name":"Value (mathematics)","level":2,"score":0.4155201315879822},{"id":"https://openalex.org/C132964779","wikidata":"https://www.wikidata.org/wiki/Q2110223","display_name":"Raw data","level":2,"score":0.41447409987449646},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.4101904332637787},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4004899263381958},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3528006076812744},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.3106449842453003},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.15666526556015015},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12123715877532959},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.10319072008132935},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.08450359106063843},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3427228.3427272","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427272","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:www.ideals.illinois.edu:2142/108188","is_oa":false,"landing_page_url":"http://hdl.handle.net/2142/108188","pdf_url":null,"source":{"id":"https://openalex.org/S4377196349","display_name":"IDEALS (University of Illinois Urbana-Champaign)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I157725225","host_organization_name":"University of Illinois Urbana-Champaign","host_organization_lineage":["https://openalex.org/I157725225"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Thesis"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.41999998688697815,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G887431454","display_name":null,"funder_award_id":"17-50024","funder_id":"https://openalex.org/F4320322898","funder_display_name":"Shota Rustaveli National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320322898","display_name":"Shota Rustaveli National Science Foundation","ror":"https://ror.org/00xc87681"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W9827866","https://openalex.org/W168132470","https://openalex.org/W1230614544","https://openalex.org/W1444906800","https://openalex.org/W1575826986","https://openalex.org/W1797940646","https://openalex.org/W1858703999","https://openalex.org/W1983949504","https://openalex.org/W1987593503","https://openalex.org/W2081276694","https://openalex.org/W2096347345","https://openalex.org/W2098721736","https://openalex.org/W2116998101","https://openalex.org/W2137842875","https://openalex.org/W2183816381","https://openalex.org/W2213728018","https://openalex.org/W2234087692","https://openalex.org/W2284900416","https://openalex.org/W2295705535","https://openalex.org/W2317668908","https://openalex.org/W2397699236","https://openalex.org/W2532844970","https://openalex.org/W2541153825","https://openalex.org/W2560810941","https://openalex.org/W2562036180","https://openalex.org/W2579106964","https://openalex.org/W2601206855","https://openalex.org/W2614037574","https://openalex.org/W2747669027","https://openalex.org/W2751844787","https://openalex.org/W2755094099","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2792591096","https://openalex.org/W2887200831","https://openalex.org/W2889727957","https://openalex.org/W2891032614","https://openalex.org/W2897662483","https://openalex.org/W2907338990","https://openalex.org/W2914982603","https://openalex.org/W2917388839","https://openalex.org/W2947745012","https://openalex.org/W2950085508","https://openalex.org/W2962703433","https://openalex.org/W3006711782","https://openalex.org/W3008508243","https://openalex.org/W3008991042","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3101089035","https://openalex.org/W3105780912","https://openalex.org/W3109160943","https://openalex.org/W3152730647","https://openalex.org/W4241138002","https://openalex.org/W6629958140"],"related_works":["https://openalex.org/W2181728705","https://openalex.org/W4238452393","https://openalex.org/W2167366752","https://openalex.org/W2489557937","https://openalex.org/W4247205791","https://openalex.org/W3002268218","https://openalex.org/W2385667210","https://openalex.org/W3001565613","https://openalex.org/W1506329045","https://openalex.org/W72026768"],"abstract_inverted_index":{"Auditing":[0],"is":[1,58,67,93],"an":[2],"increasingly":[3],"essential":[4],"tool":[5],"for":[6,37,95],"the":[7,13,39,51,63,73],"defense":[8],"of":[9,16,32,41,54],"computing":[10],"systems,":[11],"but":[12],"unwieldy":[14],"nature":[15],"log":[17],"data":[18],"imposes":[19],"significant":[20],"burdens":[21],"on":[22],"administrators":[23],"and":[24,48],"analysts.":[25],"To":[26],"address":[27],"this":[28,87],"issue,":[29],"a":[30],"variety":[31],"techniques":[33,71],"have":[34],"been":[35],"proposed":[36],"approximating":[38],"contents":[40],"raw":[42],"audit":[43],"logs,":[44],"facilitating":[45],"efficient":[46],"storage":[47],"analysis.":[49],"However,":[50],"security":[52],"value":[53],"these":[55,70],"approximated":[56],"logs":[57],"difficult":[59],"to":[60,62,77],"measure\u2014relative":[61],"original":[64],"log,":[65],"it":[66],"unclear":[68],"if":[69],"retain":[72],"forensic":[74],"evidence":[75,92],"needed":[76],"effectively":[78],"investigate":[79],"threats.":[80],"Unfortunately,":[81],"prior":[82],"work":[83],"has":[84],"only":[85],"investigated":[86],"issue":[88],"anecdotally,":[89],"demonstrating":[90],"sufficient":[91],"retained":[94],"specific":[96],"attack":[97],"scenarios.":[98]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}