Workshop on Attack Provenance, Reasoning, and Investigation for Security in the Monitored Environment (PRISM) 2026 Accepted Papers

View the detailed program page to learn when each paper will be presented during the upcoming event. The workshop proceedings will be added shortly.

Defending Job Platforms from Non-Genuine Applications Using Layered Detection and Anomaly Modeling

Rama Rohit Reddy Gangula, Vijay Vardhan Alluri, Saif Jawaid, Dhwaj Raj, Udit Jindal (Indeed.com)

How to Effectively Trace Provenance on Windows Endpoint Detection & Response Telemetry

Jason Liu, Muhammad Adil Inam, Akul Goyal, Dylen Greenenwald (University of Illinois at Urbana-Champaign), Saurav Chittal (Purdue University), Adam Bates (University of Illinois at Urbana-Champaign)

Kick Bad Guys Out! Conditionally Activated Anomaly Detection in Federated Learning with Zero-Knowledge Proof Verification

Shanshan Han (University of California, Irvine), Wenxuan Wu (Texas A&M University), Baturalp Buyukates (University of Birmingham), Weizhao Jin (University of Southern California), Qifan Zhang (Palo Alto Networks), Yuhang Yao (Carnegie Mellon University), Salman Avestimehr (University of Southern California)

Minding the Gap: Bridging Causal Disconnects in System Provenance

Hanke Kimm, Sagar Mishra, R. Sekar (Stony Brook University)

NOD: Uncovering intense attackers’ behavior through Nested Outlier Detection from SSH logs

Ghazal Abdollahi, Hamid Asadi, Robert Ricci (The University of Utah)

Private Yet Accurate: A Decentralized Approach to System Intrusion Detection

Jinghan Zhang, Sharon Biju, Saleha Muzammil, Wajih Ul Hassan (University of Virginia)

SocialStego: A Steganography Tool for the Modern Era of Social Media

Branden Palacio, Keyang Yu (Marquette University)

SysArmor: The Practice of Integrating Provenance Analysis into Endpoint Detection and Response Systems

Shaofei Li, Jiandong Jin, Hanlin Jiang, Yi Huang (Peking University), Yifei Bao (Jilin University), Yuhan Meng, Fengwei Hong, Zheng Huang (Peking University), Peng Jiang (Southeast University), Ding Li (Peking University)

Tutorial: Introducing the Carbanak Attack Engagement, Version 2

Akul Goyal (University of Illinois at Urbana-Champaign), Saurav Chittal (Purdue University), Dylen Greenenwald, and Adam Bates (University of Illinois at Urbana-Champaign)

Wall-PROV: Revisiting Firewall Rule Misconfigurations with Data Provenance and Verifying the Provenance Graph Properties

Abdullah Al Farooq (Wentworth Institute of Technology), Tanvir Rahman Akash (Trine University), Manash Sarker (Patuakhali Science and Technology University)

Work-in-progress: Building Next-Generation Datasets for Provenance-Based Intrusion Detection

Qizhi Cai (Zhejiang University), Lingzhi Wang (Northwestern University), Yao Zhu, Zhipeng Chen (Zhejiang University), Xiangmin Shen (Hofstra University), Zhenyuan LI (Zhejiang University)

Work-in-progress: G-Prove: Gossip-Based Provenance for Scalable Detection of Cross-Domain Flow Attacks in SDN

Moustapha Awwalou DIOUF, Maimouna Tamah DIAO, El-Hacen DIALLO (SnT, University of Luxembourg), Samuel Ouya (Cheikh Hamidou KANE Digital University), Jacques Klein, Tegawendé F. Bissyandé (University of Luxembourg)

Work-in-progress: The Case for LLM-Enhanced Backward Tracking

Jiahui Wang (Zhejiang University), Xiangmin Shen (Hofstra University), Zhengkai Wang, Zhenyuan LI (Zhejiang University)