{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:Z2JHVEKMAGVAEY57LPQ2BUHH6X","short_pith_number":"pith:Z2JHVEKM","schema_version":"1.0","canonical_sha256":"ce927a914c01aa0263bf5be1a0d0e7f5c8283d91ae52ff5891fa0f118151bd1f","source":{"kind":"arxiv","id":"1810.03464","version":3},"attestation_state":"computed","paper":{"title":"A Query System for Efficiently Investigating Complex Attack Behaviors for Enterprise Security","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Fengyuan Xu, Kangkook Jee, Peng Gao, Prateek Mittal, Sanjeev R. Kulkarni, Xusheng Xiao, Zhichun Li","submitted_at":"2018-10-04T22:27:07Z","abstract_excerpt":"The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely attack investigation over the monitoring data for uncovering the attack sequence. However, existing general-purpose query systems lack explicit language constructs for expressing key properties of major attack behaviors, and their semantics-agnostic design often produces inefficient execution plans for queries. To address these limitations, we build AIQL, a novel query system that is designed with novel types of domain"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1810.03464","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-10-04T22:27:07Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"28ac565d05473a20dab9795e9dc33a67c90f1db11674ac7bbeb32820eae07d7c","abstract_canon_sha256":"3736b33ebd7d5f038fde2129501572fcc88c1e91ff2aa3c9d871b56b03eabe25"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:50:59.176701Z","signature_b64":"abZwM0kHjMZOmHaf10P4nsbKThaxVe8nJhB9xxL6ucLpVtMKFvWz8C3B9PO33cZEfrssJwMe7P5Ryb0KLgjuDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"ce927a914c01aa0263bf5be1a0d0e7f5c8283d91ae52ff5891fa0f118151bd1f","last_reissued_at":"2026-05-17T23:50:59.176077Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:50:59.176077Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"A Query System for Efficiently Investigating Complex Attack Behaviors for Enterprise Security","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Fengyuan Xu, Kangkook Jee, Peng Gao, Prateek Mittal, Sanjeev R. Kulkarni, Xusheng Xiao, Zhichun Li","submitted_at":"2018-10-04T22:27:07Z","abstract_excerpt":"The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely attack investigation over the monitoring data for uncovering the attack sequence. However, existing general-purpose query systems lack explicit language constructs for expressing key properties of major attack behaviors, and their semantics-agnostic design often produces inefficient execution plans for queries. To address these limitations, we build AIQL, a novel query system that is designed with novel types of domain"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1810.03464","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1810.03464","created_at":"2026-05-17T23:50:59.176183+00:00"},{"alias_kind":"arxiv_version","alias_value":"1810.03464v3","created_at":"2026-05-17T23:50:59.176183+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1810.03464","created_at":"2026-05-17T23:50:59.176183+00:00"},{"alias_kind":"pith_short_12","alias_value":"Z2JHVEKMAGVA","created_at":"2026-05-18T12:33:04.347982+00:00"},{"alias_kind":"pith_short_16","alias_value":"Z2JHVEKMAGVAEY57","created_at":"2026-05-18T12:33:04.347982+00:00"},{"alias_kind":"pith_short_8","alias_value":"Z2JHVEKM","created_at":"2026-05-18T12:33:04.347982+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X","json":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X.json","graph_json":"https://pith.science/api/pith-number/Z2JHVEKMAGVAEY57LPQ2BUHH6X/graph.json","events_json":"https://pith.science/api/pith-number/Z2JHVEKMAGVAEY57LPQ2BUHH6X/events.json","paper":"https://pith.science/paper/Z2JHVEKM"},"agent_actions":{"view_html":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X","download_json":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X.json","view_paper":"https://pith.science/paper/Z2JHVEKM","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1810.03464&json=true","fetch_graph":"https://pith.science/api/pith-number/Z2JHVEKMAGVAEY57LPQ2BUHH6X/graph.json","fetch_events":"https://pith.science/api/pith-number/Z2JHVEKMAGVAEY57LPQ2BUHH6X/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X/action/timestamp_anchor","attest_storage":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X/action/storage_attestation","attest_author":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X/action/author_attestation","sign_citation":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X/action/citation_signature","submit_replication":"https://pith.science/pith/Z2JHVEKMAGVAEY57LPQ2BUHH6X/action/replication_record"}},"created_at":"2026-05-17T23:50:59.176183+00:00","updated_at":"2026-05-17T23:50:59.176183+00:00"}