{"id":"https://openalex.org/W4411552219","doi":"https://doi.org/10.1109/cscwd64889.2025.11033314","title":"MPKAN: APT Attack Detection on Audit Logs via Graph Semantic Enhancement","display_name":"MPKAN: APT Attack Detection on Audit Logs via Graph Semantic Enhancement","publication_year":2025,"publication_date":"2025-05-05","ids":{"openalex":"https://openalex.org/W4411552219","doi":"https://doi.org/10.1109/cscwd64889.2025.11033314"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd64889.2025.11033314","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033314","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046560634","display_name":"Zehui Wang","orcid":"https://orcid.org/0009-0008-0549-2434"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zehui Wang","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028786921","display_name":"Dan Du","orcid":"https://orcid.org/0000-0002-3470-2890"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Du","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062977500","display_name":"Yinhao Qi","orcid":"https://orcid.org/0000-0002-2827-0243"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yinhao Qi","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114657640","display_name":"Wenhao Yan","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenhao Yan","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101804593","display_name":"Xiaobo Yang","orcid":"https://orcid.org/0000-0001-9866-7724"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaobo Yang","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102920589","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0002-7185-990X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006911293","display_name":"Zhigang Lu","orcid":"https://orcid.org/0000-0002-2552-6231"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5046560634"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":1.5567,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.85139043,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2605","last_page":"2610"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9785000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9785000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9519000053405762,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.9401999711990356,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6611496210098267},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5558694005012512},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.46510180830955505},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.34611383080482483},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.1482411026954651},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.10644516348838806},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.06124836206436157}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6611496210098267},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5558694005012512},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.46510180830955505},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.34611383080482483},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.1482411026954651},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.10644516348838806},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.06124836206436157}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd64889.2025.11033314","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033314","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3129173456","display_name":null,"funder_award_id":"2021156","funder_id":"https://openalex.org/F4320322847","funder_display_name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences"},{"id":"https://openalex.org/G3882980231","display_name":null,"funder_award_id":"2023YFC2206402","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320322847","display_name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","ror":"https://ror.org/031141b54"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2792591096","https://openalex.org/W2890262614","https://openalex.org/W2910711617","https://openalex.org/W2962703433","https://openalex.org/W3004507689","https://openalex.org/W3015650867","https://openalex.org/W3102952580","https://openalex.org/W3137205257","https://openalex.org/W3195954353","https://openalex.org/W4288057803","https://openalex.org/W4406256835","https://openalex.org/W6636510571","https://openalex.org/W6736685754"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"As":[0],"cloud":[1],"computing":[2],"and":[3,15,33,40,67,71,74,106,110,130,139,147,159,176,185],"mobile":[4],"work":[5],"blur":[6],"traditional":[7],"network":[8,135],"boundaries,":[9],"security":[10],"measures":[11],"like":[12],"static":[13],"firewalls":[14],"signature-based":[16],"systems":[17],"are":[18],"becoming":[19],"inadequate.":[20],"Audit":[21],"logs":[22],"contain":[23],"fine-grained":[24],"OS-level":[25],"information,":[26,73,129,141],"but":[27],"due":[28],"to":[29,83,121,136],"their":[30],"vast":[31],"volume":[32],"the":[34,62,93,102,117,152,157],"complex":[35,167],"relationships":[36],"between":[37,87],"entities,":[38],"processing":[39],"analyzing":[41],"them":[42],"remains":[43],"a":[44,53,97,132],"significant":[45],"challenge.":[46],"In":[47],"this":[48],"paper,":[49],"we":[50,142],"introduce":[51],"MPKAN,":[52],"new":[54],"method":[55],"for":[56],"detecting":[57],"APT":[58],"attacks,":[59],"which":[60],"enhances":[61],"information":[63,105,150],"input":[64],"of":[65,174,180],"nodes":[66],"edges,":[68],"integrates":[69],"node-level":[70,138],"edge-level":[72,140],"improves":[75],"graph-level":[76],"semantics.":[77],"It":[78],"uses":[79],"meta-path":[80],"random":[81],"walks":[82],"enhance":[84],"semantic":[85],"connections":[86],"nodes,":[88],"merges":[89],"multiple":[90],"edges":[91],"in":[92,151,166],"provenance":[94],"graph":[95,114],"into":[96],"single":[98],"edge":[99,104],"while":[100],"retaining":[101],"original":[103],"operation":[107],"sequence":[108],"relationships,":[109],"by":[111],"associating":[112],"heterogeneous":[113],"neighbors,":[115],"utilizing":[116],"message":[118],"passing":[119],"mechanism":[120],"iteratively":[122],"update":[123],"states":[124],"based":[125],"on":[126,156],"neighbor":[127],"node":[128],"using":[131],"knowledge":[133],"association":[134],"integrate":[137],"can":[143],"effectively":[144],"capture":[145],"local":[146],"global":[148],"structural":[149],"graph.":[153],"MPKAN's":[154],"evaluations":[155],"ATLAS":[158],"Darpa":[160],"datasets":[161],"demonstrate":[162],"its":[163,183],"excellent":[164],"performance":[165],"attack":[168],"scenarios,":[169],"achieving":[170],"an":[171,177],"average":[172],"accuracy":[173],"0.9899":[175],"F1":[178],"score":[179],"0.9853,":[181],"confirming":[182],"effectiveness":[184],"efficiency.":[186]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}