1. Bates A, Tian D J, Butler K R, et al. Trustworthy whole-system provenance for the linux kernel. In: Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, 2015. 319--334.

2. Ashish G, Dawood T. SPADE: support for provenance auditing in distributed environments. In: Proceedings of ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing, Montreal, 2012. 101--120.

3. Hossain M N, Milajerdi S M, Wang J A, et al. SLEUTH: real-time attack scenario reconstruction from COTS audit data. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, 2017. 487--504.

4. King S T, Chen P M. Backtracking intrusions. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, Bolton, 2003. 223--236.

5. Lee K H, Zhang X Y, Xu D Y. High accuracy attack provenance via binary-based execution partition. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2013.