{"id":"https://openalex.org/W4402955702","doi":"https://doi.org/10.1145/3678890.3678916","title":"Obfuscating Provenance-Based Forensic Investigations with Mapping System Meta-Behavior","display_name":"Obfuscating Provenance-Based Forensic Investigations with Mapping System Meta-Behavior","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402955702","doi":"https://doi.org/10.1145/3678890.3678916"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678916","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678916","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107589511","display_name":"Anyuan Sang","orcid":"https://orcid.org/0009-0006-3265-4078"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Anyuan Sang","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, China"],"raw_orcid":"https://orcid.org/0009-0006-3265-4078","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053754175","display_name":"Yuchen Wang","orcid":"https://orcid.org/0000-0002-9685-6107"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuchen Wang","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, China"],"raw_orcid":"https://orcid.org/0000-0002-9685-6107","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100637724","display_name":"Li Yang","orcid":"https://orcid.org/0000-0003-2750-7031"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Li Yang","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, China and Shaanxi Key Laboratory of Network and System Security, China"],"raw_orcid":"https://orcid.org/0000-0003-2750-7031","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, China and Shaanxi Key Laboratory of Network and System Security, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100532638","display_name":"Junbo Jia","orcid":"https://orcid.org/0009-0009-4286-4003"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Junbo Jia","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, China"],"raw_orcid":"https://orcid.org/0009-0009-4286-4003","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101883746","display_name":"Lu Zhou","orcid":"https://orcid.org/0000-0002-5201-5074"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lu Zhou","raw_affiliation_strings":["School of Computer Science and Technology, Xidian University, China"],"raw_orcid":"https://orcid.org/0000-0002-5201-5074","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Xidian University, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5107589511"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":2.984,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.92754364,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"248","last_page":"262"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.8594460487365723},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6247262358665466},{"id":"https://openalex.org/keywords/forensic-science","display_name":"Forensic science","score":0.5508975982666016},{"id":"https://openalex.org/keywords/archaeology","display_name":"Archaeology","score":0.11619475483894348},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.09910893440246582},{"id":"https://openalex.org/keywords/history","display_name":"History","score":0.08977675437927246},{"id":"https://openalex.org/keywords/paleontology","display_name":"Paleontology","score":0.06563913822174072}],"concepts":[{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.8594460487365723},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6247262358665466},{"id":"https://openalex.org/C140505726","wikidata":"https://www.wikidata.org/wiki/Q495304","display_name":"Forensic science","level":2,"score":0.5508975982666016},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.11619475483894348},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.09910893440246582},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.08977675437927246},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.06563913822174072}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678890.3678916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678916","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678916","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678916","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/5","display_name":"Gender equality","score":0.5299999713897705}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W2096347345","https://openalex.org/W2135143063","https://openalex.org/W2317668908","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2747669027","https://openalex.org/W2790557990","https://openalex.org/W2792591096","https://openalex.org/W2889727957","https://openalex.org/W2947745012","https://openalex.org/W2949639282","https://openalex.org/W2995410217","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3007878096","https://openalex.org/W3008508243","https://openalex.org/W3008991042","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3109160943","https://openalex.org/W3113062381","https://openalex.org/W3126165507","https://openalex.org/W3137205257","https://openalex.org/W3195954353","https://openalex.org/W4226167879","https://openalex.org/W4235202118","https://openalex.org/W4288057803","https://openalex.org/W4308338538","https://openalex.org/W4311165940","https://openalex.org/W4316013375","https://openalex.org/W4319442612","https://openalex.org/W4319663646","https://openalex.org/W4367859913","https://openalex.org/W4378647812","https://openalex.org/W4388858881"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740","https://openalex.org/W2370535391"],"abstract_inverted_index":{"The":[0],"provenance":[1,103],"graph":[2],"technique":[3],"has":[4,29,47,55],"gained":[5],"popularity":[6],"for":[7],"attack":[8,96],"analysis,":[9],"such":[10],"as":[11],"Advanced":[12],"Persistent":[13],"Threat":[14],"(APT)":[15],"attacks,":[16],"by":[17,43],"creating":[18],"entity":[19],"interaction":[20],"graphs":[21],"from":[22],"host":[23],"audit":[24],"logs.":[25],"While":[26],"this":[27],"method":[28],"shown":[30],"promising":[31],"analysis":[32],"results":[33],"and":[34,75,98],"interpretability,":[35],"its":[36],"robustness":[37],"against":[38],"mimic":[39],"attacks":[40,68],"carried":[41],"out":[42],"potentially":[44],"skilled":[45],"attackers":[46],"yet":[48],"to":[49,66,77,101],"be":[50],"fully":[51],"proven.":[52],"Recent":[53],"research":[54],"showcased":[56],"adversarial":[57],"methodologies":[58],"targeting":[59],"provenance-based":[60],"Machine":[61],"Learning":[62],"(ML)":[63],"detectors,":[64],"leading":[65],"evasion":[67],"through":[69],"the":[70,78,88],"addition":[71],"of":[72],"corresponding":[73],"nodes":[74],"edges":[76],"feature":[79,92],"space.":[80],"However,":[81],"these":[82],"approaches":[83],"face":[84],"several":[85],"challenges,":[86],"including":[87],"difficulty":[89],"in":[90],"translating":[91],"alterations":[93],"into":[94],"practical":[95],"scenarios":[97],"limited":[99],"applicability":[100],"other":[102],"graph-based":[104],"detection":[105],"schemes.":[106]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}