Workshop on Attack Provenance, Reasoning, and Investigation for Security in the Monitored Environment (PRISM) 2026 Accepted Papers

View the detailed program page to learn when each paper will be presented during the upcoming event.

2026 Paper Awards

Palo Alto Networks Best Paper Award

Minding the Gap: Bridging Causal Disconnects in System Provenance
Hanke Kimm, Sagar Mishra, R. Sekar (Stony Brook University)

Palo Alto Networks Best Paper Award Runner-Up

How to Effectively Trace Provenance on Windows Endpoint Detection & Response Telemetry
Jason Liu, Muhammad Adil Inam, Akul Goyal, Dylen Greenenwald (University of Illinois at Urbana-Champaign), Saurav Chittal (Purdue University), Adam Bates (University of Illinois at Urbana-Champaign)

Building Next-Generation Datasets for Provenance-Based Intrusion Detection

Qizhi Cai (Zhejiang University), Lingzhi Wang (Northwestern University), Yao Zhu (Zhejiang University), Zhipeng Chen (Zhejiang University), Xiangmin Shen (Hofstra University), Zhenyuan Li (Zhejiang University)

Defending Job Platforms from Non-Genuine Applications Using Layered Detection and Anomaly Modeling

Rama Rohit Reddy Gangula (Indeed), Vijay Vardhan Alluri (Indeed), Saif Jawaid (Indeed), Dhwaj Raj (Indeed), Udit Jindal (Indeed)

G-Prove: Gossip-Based Provenance for Scalable Detection of Cross-Domain Flow Attacks in SDN

Moustapha Awwalou Diouf (SnT, University of Luxembourg), Maimouna Tamah Diao (SnT, University of Luxembourg), El-hacen Diallo (SnT, University of Luxembourg), Samuel Ouya (Cheikh Hamidou KANE Digital University), Jacques Klein (SnT, University of Luxembourg), Tegawendé F. Bissyandé (SnT, University of Luxembourg)

How to Effectively Trace Provenance on Windows Endpoint Detection & Response Telemetry

Jason Liu (University of Illinois at Urbana-Champaign), Muhammad Adil Inam (University of Illinois at Urbana-Champaign), Akul Goyal (University of Illinois at Urbana-Champaign), Dylen Greenenwald (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), Saurav Chittal (Purdue University)

Kick Bad Guys Out! Conditionally Activated Anomaly Detection in Federated Learning with Zero-Knowledge Proof Verification

Shanshan Han (University of California, Irvine), Wenxuan Wu (Texas A&M University), Baturalp Buyukates (University of Birmingham), Weizhao Jin (University of Southern California), Qifan Zhang (Palo Alto Networks), Yuhang Yao (Carnegie Mellon University), Salman Avestimehr (University of Southern California)

Lessons Learned through Customer Discovery in a Provenance-based Security Start-Up

Akul Goyal (Provenance Security, Inc.), Adam Bates (Provenance Security, Inc.)

Minding the Gap: Bridging Causal Disconnects in System Provenance

Hanke Kimm (Stony Brook University, NY, USA), Sagar Mishra (Stony Brook University, NY, USA), R. Sekar (Stony Brook University, NY, USA)

NOD: Uncovering intense attackers’ behavior through Nested Outlier Detection from SSH logs

Ghazal Abdollahi (University of Utah), Hamid Asadi (University of Utah), Robert Ricci (University of Utah)

Private Yet Accurate: A Decentralized Approach to System Intrusion Detection

Jinghan Zhang (University of Virginia), Sharon Biju (University of Virginia), Saleha Muzammil (University of Virginia), Wajih Ul Hassan (University of Virginia)

SocialStego: A Steganography Tool for the Modern Era of Social Media

Branden Palacio (Marquette University), Keyang Yu (Marquette University)

SysArmor: The Practice of Integrating Provenance Analysis into Endpoint Detection and Response Systems

Shaofei Li (Peking University), Jiandong Jin (Peking University), Hanlin Jiang (Peking University), Yi Huang (Peking University), Yifei Bao (Jilin University), Yuhan Meng (Peking University), Fengwei Hong (Peking University), Zheng Huang (Peking University), Peng Jiang (Southeast University), Ding Li (Peking University)

The Case for LLM-Enhanced Backward Tracking

Jiahui Wang (Zhejiang University, Hangzhou, China), Xiangmin Shen (Hofstra University, Hempstead, NY, USA), Zhengkai Wang (Zhejiang University, Hangzhou, China), Zhenyuan Li (Zhejiang University, Hangzhou, China)

Wall-PROV: Revisiting Firewall Rule Misconfigurations with Data Provenance and Verifying the Provenance Graph Properties

Abdullah Al Farooq (Wentworth Institute of Technology), Tanvir Rahman Akash (Trine University), Manash Sarker (Patuakhali Science and Technology University)