网络与信息安全学报2025,Vol.11Issue(6):105-119,15.DOI:10.11959/j.issn.2096-109x.2025068
保留因果关系的溯源图压缩方法
Causality-preserving compression method on provenance graph
ZHANG Zilong 1DONG Weiyu 1WANG Yisen1
作者信息
- 1. Information Engineering University,Zhengzhou 450001,China
- 折叠
摘要
Abstract
Provenance graphs were widely used for detecting and investigating sophisticated network attacks.How-ever,their high storage and analysis overhead made graph compression indispensable.Most existing compression methods were found to disrupt critical causal dependencies among nodes,thereby compromising the effectiveness of attack investigations.In particular,current compression algorithms that preserved investigative capabilities struggled to handle redundancies arising from cyclic interactions between nodes.To address this challenge,a novel graph compression algorithm,CPC,was proposed.By thoroughly analyzing causal relationships and recording es-sential node dependency information,redundant transitive dependency edges were precisely identified and re-moved,significantly improving edge compression efficiency while preserving the integrity of attack investigation results.Two variants of the algorithm were developed:CPC-A,which retains full dependencies for offline prov-enance graph construction,and CPC-P,which preserves partial dependencies for online scenarios.Experimental evaluations on public datasets showed that,compared with current state-of-the-art compression algorithms,the pro-posed approaches achieved substantially higher compression performance,with overall compression ratios im-proved by 9.3%~86.4%.关键词
溯源图/压缩算法/因果关系/攻击调查Key words
provenance graph/compression algorithm/causal relationshipcausality association/attack investigation分类
信息技术与安全科学引用本文复制引用
ZHANG Zilong,DONG Weiyu,WANG Yisen..保留因果关系的溯源图压缩方法[J].网络与信息安全学报,2025,11(6):105-119,15.
