{"id":"https://openalex.org/W4416251833","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228446","title":"TRAIL: A Transformer-Enhanced Feature Embedding Approach for Unsupervised Anomaly Detection","display_name":"TRAIL: A Transformer-Enhanced Feature Embedding Approach for Unsupervised Anomaly Detection","publication_year":2025,"publication_date":"2025-06-30","ids":{"openalex":"https://openalex.org/W4416251833","doi":"https://doi.org/10.1109/ijcnn64981.2025.11228446"},"language":null,"primary_location":{"id":"doi:10.1109/ijcnn64981.2025.11228446","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228446","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103021863","display_name":"Jingjing Feng","orcid":"https://orcid.org/0000-0002-6092-2328"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jingjing Feng","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054631261","display_name":"Wenzhuo Cui","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenzhuo Cui","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053613008","display_name":"Shuyi Zhang","orcid":"https://orcid.org/0009-0005-1891-9685"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuyi Zhang","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086093729","display_name":"Xinli Wei","orcid":"https://orcid.org/0000-0001-5470-9590"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xulong Wei","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101992420","display_name":"Yingying Du","orcid":"https://orcid.org/0000-0002-1205-5012"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yingying Du","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008201587","display_name":"Wen Yu","orcid":"https://orcid.org/0000-0002-9540-7924"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Wen","raw_affiliation_strings":["Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5103021863"],"corresponding_institution_ids":["https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.42087089,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.7441999912261963,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.7441999912261963,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.07329999655485153,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.04569999873638153,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.691100001335144},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6614999771118164},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5699999928474426},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5408999919891357},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5404000282287598},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.5134999752044678},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4934999942779541},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.4555000066757202},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4341999888420105}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8077999949455261},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.691100001335144},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6614999771118164},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5931000113487244},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5699999928474426},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5408999919891357},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5404000282287598},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.5134999752044678},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4934999942779541},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.4555000066757202},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4350000023841858},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4341999888420105},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.42829999327659607},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.4108999967575073},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.40230000019073486},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3833000063896179},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.36739999055862427},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.34540000557899475},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.3370000123977661},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.33469998836517334},{"id":"https://openalex.org/C2776151529","wikidata":"https://www.wikidata.org/wiki/Q3045304","display_name":"Object detection","level":3,"score":0.33390000462532043},{"id":"https://openalex.org/C152565575","wikidata":"https://www.wikidata.org/wiki/Q1124538","display_name":"Conditional random field","level":2,"score":0.33000001311302185},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3199999928474426},{"id":"https://openalex.org/C118505674","wikidata":"https://www.wikidata.org/wiki/Q42586063","display_name":"Encoder","level":2,"score":0.3190000057220459},{"id":"https://openalex.org/C183322885","wikidata":"https://www.wikidata.org/wiki/Q17007702","display_name":"Context model","level":3,"score":0.2919999957084656},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.27959999442100525},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.2565000057220459},{"id":"https://openalex.org/C2781215313","wikidata":"https://www.wikidata.org/wiki/Q3493345","display_name":"SPARK (programming language)","level":2,"score":0.2515999972820282}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ijcnn64981.2025.11228446","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11228446","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W2064675550","https://openalex.org/W2154851992","https://openalex.org/W2284900416","https://openalex.org/W2296719434","https://openalex.org/W2560810941","https://openalex.org/W2767094836","https://openalex.org/W2803255133","https://openalex.org/W2808544127","https://openalex.org/W2947745012","https://openalex.org/W2962703433","https://openalex.org/W2962756421","https://openalex.org/W2962849408","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W3015650867","https://openalex.org/W3109037541","https://openalex.org/W3206604724","https://openalex.org/W4288057803","https://openalex.org/W4290876361","https://openalex.org/W4385245566","https://openalex.org/W4402029688","https://openalex.org/W4402263650","https://openalex.org/W4402265033","https://openalex.org/W4402288718","https://openalex.org/W4402858692","https://openalex.org/W4407938407","https://openalex.org/W4414802066"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,17,89,123,128,159,168,181,189,202,236],"continuous":[2],"evolution":[3],"of":[4,19,91,125,165,184,204,238],"cyberattack":[5],"techniques,":[6,26],"Advanced":[7],"Persistent":[8],"Threats":[9],"(APTs)":[10],"have":[11,45],"become":[12],"a":[13,107,153,230],"major":[14],"challenge":[15,203],"in":[16,127],"field":[18],"cybersecurity.":[20],"APT":[21,42,239],"attacks":[22],"typically":[23],"exploit":[24],"sophisticated":[25],"such":[27],"as":[28],"zero-day":[29],"exploits,":[30],"to":[31,63,121,146,179,197],"achieve":[32],"highly":[33],"stealthy":[34],"and":[35,54,58,88,133,141,161,215,228,232],"persistent":[36],"intrusions.":[37],"In":[38],"recent":[39],"years,":[40],"many":[41],"detection":[43,111,218,237],"methods":[44,77],"relied":[46],"on":[47,114,221],"constructing":[48],"provenance":[49,115,129],"graphs":[50],"from":[51],"system":[52],"logs":[53],"leveraging":[55],"deep":[56,108],"learning":[57,109,178],"natural":[59],"language":[60],"processing":[61],"techniques":[62],"analyze":[64],"potential":[65],"malicious":[66],"activities,":[67],"enabling":[68],"automated":[69],"intrusion":[70],"detection.":[71],"Despite":[72],"their":[73],"significant":[74,225],"potential,":[75],"these":[76,96],"still":[78],"face":[79],"several":[80],"challenges,":[81],"including":[82],"high":[83],"computational":[84,226],"costs,":[85],"coarse-grained":[86],"detection,":[87,150],"lack":[90],"high-quality":[92],"labeled":[93,206,222],"data.To":[94],"address":[95],"limitations,":[97],"we":[98,151],"propose":[99],"TRAIL":[100,117,172,212],"(Transformer-Enhanced":[101],"Representation":[102],"for":[103,176,235],"Anomaly":[104],"Intelligent":[105],"Learning),":[106],"fine-grained":[110,148,216],"method":[112],"based":[113],"graphs.":[116],"uses":[118],"random":[119],"walks":[120],"capture":[122],"semantics":[124],"nodes":[126,166],"graph,":[130],"representing":[131],"local":[132,160],"global":[134,162],"structures":[135],"while":[136],"reducing":[137],"some":[138],"redundant":[139],"operations":[140],"saving":[142],"computing":[143],"costs.":[144],"Then,":[145],"enable":[147],"node-level":[149],"employ":[152],"Transformer-based":[154],"node":[155],"encoder":[156],"that":[157,211],"integrates":[158],"context":[163],"information":[164],"into":[167],"feature":[169],"representations.":[170],"Finally,":[171],"utilizes":[173],"an":[174],"autoencoder":[175],"unsupervised":[177],"model":[180],"behavior":[182],"characteristics":[183],"benign":[185],"nodes.":[186],"Combined":[187],"with":[188],"Isolation":[190],"Forest":[191],"model,":[192],"reconstruction":[193],"errors":[194],"are":[195],"used":[196],"detect":[198],"anomalous":[199],"nodes,":[200],"addressing":[201],"limited":[205],"data.":[207],"Experimental":[208],"results":[209],"demonstrate":[210],"achieves":[213],"efficient":[214],"anomaly":[217],"without":[219],"reliance":[220],"data,":[223],"exhibiting":[224],"efficiency":[227],"providing":[229],"robust":[231],"effective":[233],"solution":[234],"attacks.":[240]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-14T00:00:00"}