| Unicorn: Runtime provenance-based detector for advanced persistent threats X Han, T Pasquier, A Bates, J Mickens, M Seltzer Network and Distributed System Security Symposium, 2020 | 521 | 2020 |
| Practical whole-system provenance capture T Pasquier, X Han, M Goldstein, T Moyer, D Eyers, M Seltzer, J Bacon Proceedings of the 2017 symposium on cloud computing, 405-418, 2017 | 257 | 2017 |
| Kairos: Practical intrusion detection and investigation using whole-system provenance Z Cheng, Q Lv, J Liang, Y Wang, D Sun, T Pasquier, X Han 2024 IEEE Symposium on Security and Privacy (SP), 3533-3551, 2024 | 143 | 2024 |
| Runtime analysis of whole-system provenance T Pasquier, X Han, T Moyer, A Bates, O Hermant, D Eyers, J Bacon, ... Proceedings of the 2018 ACM SIGSAC conference on computer and communications …, 2018 | 127 | 2018 |
| {SIGL}: Securing software installations through deep graph learning X Han, X Yu, T Pasquier, D Li, J Rhee, J Mickens, M Seltzer, H Chen 30th USENIX Security Symposium (USENIX Security 21), 2345-2362, 2021 | 89 | 2021 |
| Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems A Goyal, X Han, G Wang, A Bates Network and Distributed System Security Symposium, 2023 | 81 | 2023 |
| Provenance-based intrusion detection: opportunities and challenges X Han, T Pasquier, M Seltzer 10th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2018), 2018 | 76 | 2018 |
| {FRAPpuccino}: Fault-detection through Runtime Analysis of Provenance X Han, T Pasquier, T Ranjan, M Goldstein, M Seltzer 9th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 17), 2017 | 72 | 2017 |
| Automated debugging in data-intensive scalable computing MA Gulzar, M Interlandi, X Han, M Li, T Condie, M Kim Proceedings of the 2017 Symposium on Cloud Computing, 520-534, 2017 | 37 | 2017 |
| Secure namespaced kernel audit for containers SY Lim, B Stelea, X Han, T Pasquier Proceedings of the ACM Symposium on Cloud Computing, 518-532, 2021 | 34 | 2021 |
| Unleashing unprivileged ebpf potential with dynamic sandboxing SY Lim, X Han, T Pasquier Proceedings of the 1st Workshop on eBPF and Kernel Extensions, 42-48, 2023 | 27 | 2023 |
| Sharing and preserving computational analyses for posterity with encapsulator T Pasquier, MK Lau, X Han, E Fong, BS Lerner, ER Boose, M Crosas, ... Computing in Science & Engineering 20 (4), 111-124, 2018 | 24 | 2018 |
| {FetchBPF}: Customizable prefetching policies in linux with {eBPF} X Cao, S Patel, SY Lim, X Han, T Pasquier 2024 USENIX Annual Technical Conference (USENIX ATC 24), 369-378, 2024 | 22 | 2024 |
| ORTHRUS: Achieving High Quality of Attribution in Provenance-based Intrusion Detection Systems B Jiang, T Bilot, N El Madhoun, K Al Agha, A Zouaoui, S Iqbal, X Han, ... Security Symposium (USENIX Sec’25). USENIX, 2025 | 19 | 2025 |
| Securing software installation through deep graph learning X Yu, X Han, D Li, J Rhee, H Chen US Patent 11,321,066, 2022 | 13 | 2022 |
| Safebpf: Hardware-assisted defense-in-depth for ebpf kernel extensions SY Lim, T Prasad, X Han, T Pasquier Proceedings of the 2024 on Cloud Computing Security Workshop, 80-94, 2024 | 11 | 2024 |
| Interactive debugging for big data analytics MA Gulzar, X Han, M Interlandi, S Mardani, SD Tetali, T Millstein, M Kim 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16), 2016 | 11 | 2016 |
| Xanthus: Push-button orchestration of host provenance data collection X Han, J Mickens, A Gehani, M Seltzer, T Pasquier Proceedings of the 3rd International Workshop on Practical Reproducible …, 2020 | 10 | 2020 |
| Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance (Supplementary Material) Z Cheng, Q Lv, J Liang, Y Wang, D Sun, T Pasquier, X Han | 6 | 2023 |
| Securing Monolithic Kernels using Compartmentalization SY Lim, S Agrawal, X Han, D Eyers, D O'Keeffe, T Pasquier arXiv preprint arXiv:2404.08716, 2024 | 2 | 2024 |
Thomas PasquierAssistant Professor, University of British ColumbiaVerified email at cs.ubc.ca
