{"id":"https://openalex.org/W4388858881","doi":"https://doi.org/10.1145/3576915.3616580","title":"Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools","display_name":"Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388858881","doi":"https://doi.org/10.1145/3576915.3616580"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3616580","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3616580","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076296815","display_name":"Feng Dong","orcid":"https://orcid.org/0000-0001-7091-2169"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Feng Dong","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004424243","display_name":"Shaofei Li","orcid":"https://orcid.org/0009-0001-6530-5935"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shaofei Li","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011186847","display_name":"Peng Jiang","orcid":"https://orcid.org/0000-0002-2613-5224"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Jiang","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039182822","display_name":"Ding Li","orcid":"https://orcid.org/0000-0001-7558-9137"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ding Li","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077842923","display_name":"Liangyi Huang","orcid":"https://orcid.org/0000-0003-0845-3293"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Liangyi Huang","raw_affiliation_strings":["Arizona State University, Phoenix, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Phoenix, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012621594","display_name":"Xusheng Xiao","orcid":"https://orcid.org/0000-0003-4797-4294"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xusheng Xiao","raw_affiliation_strings":["Arizona State University, Phoenix, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Phoenix, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035553179","display_name":"Jiedong Chen","orcid":"https://orcid.org/0009-0002-9656-7310"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiedong Chen","raw_affiliation_strings":["Sangfor Technologies Inc., Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Sangfor Technologies Inc., Shenzhen, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400376","display_name":"Xiapu Luo","orcid":"https://orcid.org/0000-0002-9082-3208"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xiapu Luo","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021450973","display_name":"Yao Guo","orcid":"https://orcid.org/0000-0001-5064-5286"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yao Guo","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101636662","display_name":"Xiangqun Chen","orcid":"https://orcid.org/0000-0002-7366-5906"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiangqun Chen","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":11,"corresponding_author_ids":["https://openalex.org/A5076296815"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":11.3251,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.98450782,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2396","last_page":"2410"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5790733695030212},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5139917731285095},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.39945632219314575},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.23541122674942017},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08341774344444275}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5790733695030212},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5139917731285095},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.39945632219314575},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.23541122674942017},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08341774344444275}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3576915.3616580","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3616580","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2873699935","display_name":null,"funder_award_id":"2021YFB2701000","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G6242636793","display_name":null,"funder_award_id":"CNS-2028748","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7990159915","display_name":null,"funder_award_id":"62302181, 62172009, 62072046","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W2047248540","https://openalex.org/W2113299124","https://openalex.org/W2532844970","https://openalex.org/W2609517807","https://openalex.org/W2747669027","https://openalex.org/W2766852928","https://openalex.org/W2784054170","https://openalex.org/W2790557990","https://openalex.org/W2794988934","https://openalex.org/W2802314533","https://openalex.org/W2889379876","https://openalex.org/W2889727957","https://openalex.org/W2914724518","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2971761262","https://openalex.org/W2977489474","https://openalex.org/W2978956219","https://openalex.org/W2995410217","https://openalex.org/W3006711782","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3099203541","https://openalex.org/W3105780912","https://openalex.org/W3109160943","https://openalex.org/W3126165507","https://openalex.org/W3137205257","https://openalex.org/W3195954353","https://openalex.org/W3212661259","https://openalex.org/W4245671428","https://openalex.org/W4288057708","https://openalex.org/W4288057803","https://openalex.org/W4311165940"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2350741829","https://openalex.org/W2130043461","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Provenance-Based":[0],"Endpoint":[1,113],"Detection":[2,114],"and":[3,44,67,92,115,141,151,154,173],"Response":[4,116],"(P-EDR)":[5],"systems":[6,27,43,106,172,182],"are":[7,122,177],"deemed":[8],"crucial":[9],"for":[10,50],"future":[11],"Advanced":[12],"Persistent":[13],"Threats":[14],"(APT)":[15],"defenses.":[16],"Despite":[17],"the":[18,38,47,58,65,68,89,125,168],"fact":[19],"that":[20,100],"numerous":[21],"new":[22],"techniques":[23],"to":[24,107,179],"improve":[25],"P-EDR":[26,42,51,71,105,129,171,181],"have":[28],"been":[29],"proposed":[30],"in":[31,183],"academia,":[32],"it":[33],"is":[34],"still":[35],"unclear":[36],"whether":[37],"industry":[39,48,102,120,142],"will":[40],"adopt":[41,180],"what":[45],"improvements":[46,176],"desires":[49],"systems.":[52,72,118,130],"To":[53],"this":[54],"end,":[55],"we":[56],"conduct":[57],"first":[59],"set":[60],"of":[61,70,76,88,128,170],"systematic":[62,94],"studies":[63],"on":[64,167],"effectiveness":[66,169],"limitations":[69],"Our":[73,97],"study":[74],"consists":[75],"four":[77],"components:":[78],"a":[79,86,93],"one-to-one":[80],"interview,":[81],"an":[82],"online":[83],"questionnaire":[84],"study,":[85],"survey":[87],"relevant":[90],"literature,":[91],"measurement":[95],"study.":[96],"research":[98,134],"indicates":[99],"all":[101],"experts":[103,121],"consider":[104],"be":[108],"more":[109],"effective":[110],"than":[111],"conventional":[112],"(EDR)":[117],"However,":[119],"concerned":[123],"about":[124],"operating":[126],"cost":[127,150],"In":[131],"addition,":[132],"our":[133],"reveals":[135],"three":[136],"significant":[137],"gaps":[138],"between":[139],"academia":[140],"(1)":[143],"overlooking":[144],"client-side":[145],"overhead;":[146],"(2)":[147],"imbalancedalarm":[148],"triage":[149],"interpretation":[152],"cost;":[153],"(3)":[155],"excessive":[156],"server":[157],"side":[158],"memory":[159],"consumption.":[160],"This":[161],"paper's":[162],"findings":[163],"provide":[164],"objective":[165],"data":[166],"how":[174],"much":[175],"needed":[178],"industry.":[184]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":17},{"year":2024,"cited_by_count":7}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}