{"id":"https://openalex.org/W4411551651","doi":"https://doi.org/10.1109/cscwd64889.2025.11033670","title":"Pegasus: Accelerating Provenance Graph-based Intrusion Detection Methods","display_name":"Pegasus: Accelerating Provenance Graph-based Intrusion Detection Methods","publication_year":2025,"publication_date":"2025-05-05","ids":{"openalex":"https://openalex.org/W4411551651","doi":"https://doi.org/10.1109/cscwd64889.2025.11033670"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd64889.2025.11033670","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033670","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5118596129","display_name":"Pengcheng Bi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Pengcheng Bi","raw_affiliation_strings":["School of Cyber Security, University of Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063335569","display_name":"Qi Wang","orcid":"https://orcid.org/0000-0001-9780-5443"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Wang","raw_affiliation_strings":["National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061718239","display_name":"Xu Yuan","orcid":"https://orcid.org/0000-0003-3775-3033"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Xu","raw_affiliation_strings":["National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Emergency Response, Technical Team Coordination Center of China,Beijing,China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066426299","display_name":"Tianning Zang","orcid":"https://orcid.org/0000-0003-3583-6249"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tianning Zang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028040417","display_name":"Xiaochun Yun","orcid":"https://orcid.org/0000-0003-2849-1086"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiaochun Yun","raw_affiliation_strings":["Zhongguancun National Laboratory,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun National Laboratory,Beijing,China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5118596129"],"corresponding_institution_ids":["https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":1.5567,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.85129129,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2436","last_page":"2441"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9786999821662903,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.972000002861023,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7197378873825073},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6433008313179016},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.5462725162506104},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4333045780658722},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.27024564146995544},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.24061265587806702},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.1411614716053009},{"id":"https://openalex.org/keywords/petrology","display_name":"Petrology","score":0.049552321434020996}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7197378873825073},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6433008313179016},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.5462725162506104},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4333045780658722},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.27024564146995544},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.24061265587806702},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.1411614716053009},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.049552321434020996}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd64889.2025.11033670","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cscwd64889.2025.11033670","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Climate action","score":0.4300000071525574,"id":"https://metadata.un.org/sdg/13"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W2154851992","https://openalex.org/W2160459668","https://openalex.org/W2271004381","https://openalex.org/W2284900416","https://openalex.org/W2527994611","https://openalex.org/W2576850237","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2962756421","https://openalex.org/W2963999143","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3015650867","https://openalex.org/W3016038045","https://openalex.org/W3137205257","https://openalex.org/W3152911549","https://openalex.org/W4318619660","https://openalex.org/W4388858881","https://openalex.org/W6743841043","https://openalex.org/W6760755035","https://openalex.org/W6803339927"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740"],"abstract_inverted_index":{"Provenance-based":[0],"Endpoint":[1],"Detection":[2],"and":[3,90,125,153],"Response":[4],"(P-EDR)":[5],"systems":[6],"are":[7],"considered":[8],"as":[9],"the":[10,94,143],"key":[11],"to":[12,52,75],"future":[13],"Advanced":[14],"Persistent":[15],"Threat":[16],"(APT)":[17],"defense.":[18],"Building":[19],"provenance":[20,63],"graphs":[21,64],"that":[22,105,129],"consider":[23],"causal":[24],"relationships":[25],"between":[26],"software":[27],"behaviors":[28],"can":[29,106,157],"better":[30],"provide":[31],"contextual":[32],"information":[33],"of":[34,40,85],"cyber":[35,44],"attacks,":[36],"which":[37],"is":[38,118],"capable":[39],"effectively":[41],"reconstructing":[42],"complex":[43],"attack":[45,55,60,150],"scenarios":[46],"represented":[47],"by":[48,135],"APT.":[49],"Although":[50],"promising":[51],"assist":[53],"in":[54,80,83],"investigation,":[56],"existing":[57,139],"methods":[58],"for":[59,77],"detection":[61,68,103,151,162],"using":[62],"adopt":[65],"a":[66,101,113,121],"centralized":[67],"architecture,":[69],"sending":[70],"all":[71],"system":[72,104,117,131,156],"audit":[73],"logs":[74],"servers":[76],"processing,":[78],"resulting":[79],"unbearable":[81],"costs":[82],"terms":[84],"data":[86,88],"transmission,":[87],"storage,":[89],"computation.":[91],"To":[92],"address":[93],"above":[95,144],"fundamental":[96],"challenges,":[97],"we":[98],"propose":[99],"Pegasus,":[100],"distributed":[102,114],"reduce":[107],"memory":[108,133],"consumption":[109,134],"during":[110],"training":[111],"through":[112],"system.":[115],"Our":[116],"evaluated":[119],"on":[120,149],"large":[122],"public":[123],"dataset,":[124],"experimental":[126],"results":[127],"show":[128],"our":[130,154],"reduces":[132],"47%\u201365%":[136],"compared":[137],"with":[138],"provenance-based":[140],"EDR.":[141],"And":[142],"processing":[145],"has":[146],"little":[147],"impact":[148],"performance,":[152],"EDR":[155],"still":[158],"achieve":[159],"sufficiently":[160],"good":[161],"results.":[163]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}