{"id":"https://openalex.org/W4416250484","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228350","title":"PORTIA: A Multi-Granularity APT Detection Model Based on Provenance Graphs","display_name":"PORTIA: A Multi-Granularity APT Detection Model Based on Provenance Graphs","publication_year":2025,"publication_date":"2025-06-30","ids":{"openalex":"https://openalex.org/W4416250484","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228350"},"language":null,"primary_location":{"id":"doi:10.1109/ijcnn64981.2025.11228350","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228350","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039293896","display_name":"Yiming Ren","orcid":"https://orcid.org/0009-0009-6120-2945"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yiming Ren","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060832996","display_name":"Hui Chen","orcid":"https://orcid.org/0000-0002-0048-0193"},"institutions":[{"id":"https://openalex.org/I129604602","display_name":"University of Sydney","ror":"https://ror.org/0384j8v12","country_code":"AU","type":"education","lineage":["https://openalex.org/I129604602"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Haoyang Chen","raw_affiliation_strings":["The University of Sydney"],"affiliations":[{"raw_affiliation_string":"The University of Sydney","institution_ids":["https://openalex.org/I129604602"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115601988","display_name":"Hailong Wang","orcid":"https://orcid.org/0000-0001-9884-4460"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoqiang Wang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100679801","display_name":"Yilong Chen","orcid":"https://orcid.org/0009-0007-7095-1724"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yilong Chen","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100359929","display_name":"Zhou Zhou","orcid":"https://orcid.org/0000-0002-7674-9857"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhou Zhou","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091685769","display_name":"Chengxiang Si","orcid":"https://orcid.org/0000-0003-2646-6100"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chengxiang Si","raw_affiliation_strings":["Coordination Center of China (CNCERT/CC),National Computer Network Emergency Response Technical Team"],"affiliations":[{"raw_affiliation_string":"Coordination Center of China (CNCERT/CC),National Computer Network Emergency Response Technical Team","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100713362","display_name":"Qingyun Liu","orcid":"https://orcid.org/0000-0003-4815-3463"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingyun Liu","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5039293896"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.19416185,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.3831999897956848,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.3831999897956848,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.16249999403953552,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.066600002348423,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.5497000217437744},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.45509999990463257},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.44290000200271606},{"id":"https://openalex.org/keywords/digital-watermarking","display_name":"Digital watermarking","score":0.39890000224113464},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.35910001397132874},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.34790000319480896},{"id":"https://openalex.org/keywords/graph-embedding","display_name":"Graph embedding","score":0.3422999978065491}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7235000133514404},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.5497000217437744},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.504800021648407},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.461899995803833},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.45509999990463257},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.44290000200271606},{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.39890000224113464},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3617999851703644},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.35910001397132874},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.34790000319480896},{"id":"https://openalex.org/C75564084","wikidata":"https://www.wikidata.org/wiki/Q5597085","display_name":"Graph embedding","level":3,"score":0.3422999978065491},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.3073999881744385},{"id":"https://openalex.org/C152745839","wikidata":"https://www.wikidata.org/wiki/Q5438153","display_name":"Fault detection and isolation","level":3,"score":0.3034000098705292},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.29100000858306885},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C4641261","wikidata":"https://www.wikidata.org/wiki/Q11681085","display_name":"Face detection","level":4,"score":0.2842999994754791},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27090001106262207},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C88230418","wikidata":"https://www.wikidata.org/wiki/Q131476","display_name":"Graph theory","level":2,"score":0.25609999895095825}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ijcnn64981.2025.11228350","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228350","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1973403081","https://openalex.org/W2062805799","https://openalex.org/W2072453486","https://openalex.org/W2096474000","https://openalex.org/W2284900416","https://openalex.org/W2764080192","https://openalex.org/W2767094836","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3007237867","https://openalex.org/W3015650867","https://openalex.org/W3212868562","https://openalex.org/W4205965165","https://openalex.org/W4210803071","https://openalex.org/W4288057803","https://openalex.org/W4290876361","https://openalex.org/W4384948624"],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"have":[4],"become":[5],"a":[6,60,83],"major":[7],"cybersecurity":[8],"threat":[9],"due":[10],"to":[11,24,87],"their":[12],"stealthy":[13],"attack":[14,111],"methods":[15,31],"and":[16,28,49,81,131],"long":[17],"latency":[18],"periods.":[19],"Traditional":[20],"signature-based":[21],"detection":[22,63,115,139],"struggles":[23],"detect":[25],"novel":[26],"attacks,":[27],"while":[29],"unsupervised":[30,99],"using":[32],"Graph":[33],"Neural":[34],"Networks":[35],"(GNNs)":[36],"can":[37,102],"model":[38,64,88],"system":[39,52,90,106,118],"behavior,":[40,91],"they":[41],"face":[42],"challenges":[43],"in":[44],"handling":[45],"large-scale":[46],"provenance":[47,72],"graphs":[48,73],"accurately":[50],"incorporating":[51,117],"operational":[53,119],"states":[54,107],"for":[55],"detection.This":[56],"paper":[57],"presents":[58],"PORTIA,":[59],"multi-granularity":[61],"APT":[62,132],"based":[65],"on":[66,110,122],"graph":[67,84],"representation":[68],"learning.":[69],"PORTIA":[70,101,127],"constructs":[71],"by":[74,116],"integrating":[75],"temporal":[76],"information":[77],"from":[78],"audit":[79],"logs":[80],"uses":[82],"mask":[85],"autoencoder":[86],"normal":[89],"detecting":[92],"anomalies":[93],"through":[94],"embedding":[95],"shifts.":[96],"As":[97],"an":[98],"model,":[100],"swiftly":[103],"identify":[104],"anomalous":[105],"without":[108],"relying":[109],"signatures,":[112],"achieving":[113],"fine-grained":[114],"states.":[120],"Evaluations":[121],"multiple":[123],"datasets":[124],"show":[125],"that":[126],"detects":[128],"both":[129],"standard":[130],"attacks":[133],"with":[134],"high":[135],"precision,":[136],"outperforming":[137],"existing":[138],"systems.":[140]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-14T00:00:00"}