{"id":"https://openalex.org/W4411551449","doi":"https://doi.org/10.1109/cscwd64889.2025.11033564","title":"Autumn: An Unsupervised APT Detection via Detailed Process-Level Analysis","display_name":"Autumn: An Unsupervised APT Detection via Detailed Process-Level Analysis","publication_year":2025,"publication_date":"2025-05-05","ids":{"openalex":"https://openalex.org/W4411551449","doi":"https://doi.org/10.1109/cscwd64889.2025.11033564"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd64889.2025.11033564","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033564","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032731430","display_name":"Zehui Wang","orcid":"https://orcid.org/0000-0002-1311-3878"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zehui Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101722015","display_name":"Yunxiang Wang","orcid":"https://orcid.org/0000-0002-9286-1881"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yunxiang Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114657640","display_name":"Wenhao Yan","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenhao Yan","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062977500","display_name":"Yinhao Qi","orcid":"https://orcid.org/0000-0002-2827-0243"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yinhao Qi","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100419119","display_name":"Tian Tian","orcid":"https://orcid.org/0000-0002-4343-893X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tian Tian","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101765169","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0003-0864-1665"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012305916","display_name":"Zhigang L\u00fc","orcid":"https://orcid.org/0000-0001-5102-6217"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5032731430"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":2.1935,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.88307669,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"600","last_page":"605"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11918","display_name":"Forecasting Techniques and Applications","score":0.0617000013589859,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11918","display_name":"Forecasting Techniques and Applications","score":0.0617000013589859,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10876","display_name":"Fault Detection and Control Systems","score":0.05739999935030937,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.676418662071228},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5075832605361938},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.41732367873191833},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1180221438407898}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.676418662071228},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5075832605361938},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41732367873191833},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1180221438407898}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd64889.2025.11033564","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033564","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/13","display_name":"Climate action"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W1978394996","https://openalex.org/W2890262614","https://openalex.org/W2962703433","https://openalex.org/W2978956219","https://openalex.org/W6636510571"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"are":[4,31],"exceptionally":[5],"challenging":[6],"to":[7,10,163,232],"detect":[8],"due":[9],"their":[11],"high":[12],"stealthiness.":[13],"Audit":[14],"logs,":[15,70,152],"which":[16],"provide":[17],"detailed":[18],"process-level":[19],"information":[20,62,130,177],"and":[21,26,80,135,160,183,194,219],"record":[22],"all":[23],"activities":[24],"before":[25],"after":[27],"an":[28,91,105],"APT":[29,78,92,122],"attack,":[30],"crucial":[32],"for":[33,76,120,188],"detecting":[34,77],"such":[35],"threats.":[36],"However,":[37],"the":[38,55,64,99,170,185,192,203,207,214],"sheer":[39],"volume":[40],"of":[41,172,197,226],"data":[42,165,218],"in":[43,60,241],"audit":[44,69,133,151],"logs":[45,134],"also":[46],"poses":[47],"a":[48,148,198,223],"significant":[49,239],"challenge.":[50],"Current":[51],"methods":[52],"suffer":[53],"from":[54,63,131,150],"following":[56],"issues:":[57],"1)":[58],"difficulty":[59],"extracting":[61],"complex":[65],"contextual":[66],"relationships":[67],"within":[68],"2)":[71],"reliance":[72],"on":[73,96,113,142,158,216,222],"prior":[74,114],"knowledge":[75],"attacks,":[79],"3)":[81],"coarse-grained":[82],"detection":[83,93,123,138,242],"signals.":[84],"In":[85],"this":[86],"paper,":[87],"we":[88,201,212],"introduce":[89],"Autumn,":[90],"method":[94],"focused":[95],"processes":[97],"as":[98],"primary":[100],"research":[101],"object.":[102],"Autumn":[103,125,237],"is":[104],"unsupervised":[106,234],"learning":[107,235],"model":[108,204,215],"that":[109],"does":[110],"not":[111],"rely":[112],"knowledge,":[115],"making":[116],"it":[117,154,221],"more":[118],"suitable":[119],"real-world":[121],"scenarios.":[124],"can":[126],"swiftly":[127],"identify":[128],"critical":[129],"vast":[132],"provides":[136],"fine-grained":[137],"signals":[139],"by":[140,146,205],"focusing":[141],"processes.":[143,173],"We":[144,167],"begin":[145],"constructing":[147],"graph":[149],"segmenting":[153],"into":[155,178],"subgraphs":[156,227],"based":[157],"time,":[159],"applying":[161],"strategies":[162],"reduce":[164],"volume.":[166],"then":[168],"learn":[169],"characteristics":[171],"By":[174],"converting":[175],"process":[176,196],"input":[179],"vectors":[180],"using":[181],"word2vec":[182],"calculating":[184],"reconstruction":[186],"error":[187],"each":[189],"subgraph":[190],"through":[191],"encoding":[193],"decoding":[195],"transformer":[199],"autoencoder,":[200],"train":[202,213],"associating":[206],"processes'":[208],"IDF":[209],"scores.":[210],"Finally,":[211],"benign":[217],"test":[220],"separate":[224],"set":[225],"containing":[228],"attack":[229],"events.":[230],"Compared":[231],"other":[233],"methods,":[236],"shows":[238],"improvement":[240],"performance.":[243]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}