{"id":"https://openalex.org/W7105642959","doi":"https://doi.org/10.1109/ijcnn64981.2025.11229381","title":"MOLE: Provenance Graph Generation Framework Based on LLM Prompting","display_name":"MOLE: Provenance Graph Generation Framework Based on LLM Prompting","publication_year":2025,"publication_date":"2025-06-30","ids":{"openalex":"https://openalex.org/W7105642959","doi":"https://doi.org/10.1109/ijcnn64981.2025.11229381"},"language":null,"primary_location":{"id":"doi:10.1109/ijcnn64981.2025.11229381","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11229381","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yiming Ren","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yiming Ren","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Haoqiang Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoqiang Wang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yilong Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yilong Chen","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zhou Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhou Zhou","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Chengxiang Si","orcid":null},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chengxiang Si","raw_affiliation_strings":["National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC)"],"affiliations":[{"raw_affiliation_string":"National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC)","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"last","author":{"id":null,"display_name":"Qingyun Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingyun Liu","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.59533055,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.43070000410079956,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.43070000410079956,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.3765999972820282,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.026200000196695328,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.7276999950408936},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5407000184059143},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.49050000309944153},{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.44769999384880066},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.40790000557899475},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.3294999897480011}],"concepts":[{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.7276999950408936},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.720300018787384},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5407000184059143},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.49050000309944153},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.44769999384880066},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.40790000557899475},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3352000117301941},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3327000141143799},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.3294999897480011},{"id":"https://openalex.org/C82714645","wikidata":"https://www.wikidata.org/wiki/Q438331","display_name":"Template","level":2,"score":0.3131999969482422},{"id":"https://openalex.org/C42629822","wikidata":"https://www.wikidata.org/wiki/Q1346408","display_name":"Geocoding","level":2,"score":0.30570000410079956},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.29280000925064087},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2897999882698059},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.27469998598098755},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.2720000147819519},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2551000118255615},{"id":"https://openalex.org/C138958017","wikidata":"https://www.wikidata.org/wiki/Q190087","display_name":"Data type","level":2,"score":0.25099998712539673}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ijcnn64981.2025.11229381","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn64981.2025.11229381","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.46092575788497925,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2284900416","https://openalex.org/W2583874385","https://openalex.org/W2754665629","https://openalex.org/W2767094836","https://openalex.org/W2790316935","https://openalex.org/W2962703433","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W2998038410","https://openalex.org/W3015650867","https://openalex.org/W3126165507","https://openalex.org/W3212868562","https://openalex.org/W4205965165","https://openalex.org/W4288057803","https://openalex.org/W4384345672","https://openalex.org/W4384948624","https://openalex.org/W4388858673","https://openalex.org/W4394745212","https://openalex.org/W4400583111","https://openalex.org/W4403413375"],"related_works":[],"abstract_inverted_index":{"In":[0,59],"the":[1,33,114,119,165],"increasingly":[2],"complex":[3],"landscape":[4],"of":[5,13,35,94,141],"cyber-attacks,":[6],"logs":[7,28,110],"have":[8],"become":[9],"a":[10,65,133,146,155],"critical":[11],"source":[12],"data":[14,129],"for":[15],"detecting":[16],"system":[17],"threats.":[18],"Currently,":[19],"most":[20],"log-based":[21],"detection":[22],"systems":[23],"rely":[24,84],"on":[25,46,71,85],"converting":[26],"audit":[27],"into":[29],"provenance":[30,66,101,116,147,167],"graphs":[31],"during":[32,130],"process":[34,41,170],"attack":[36],"investigation.":[37],"However,":[38],"this":[39,60],"construction":[40],"is":[42,89],"still":[43],"heavily":[44],"dependent":[45],"manually":[47],"written":[48],"code":[49],"with":[50,73],"regular":[51],"expressions":[52],"tailored":[53],"to":[54,91,112,144],"each":[55],"specific":[56],"log":[57,95,120,163],"type.":[58],"paper,":[61],"we":[62],"propose":[63],"MOLE,":[64],"graph":[67,102,148,168],"generation":[68,107,169],"framework":[69,98],"based":[70],"prompting":[72],"large":[74],"language":[75],"models":[76],"(LLMs).":[77],"Unlike":[78],"traditional":[79],"approaches,":[80],"MOLE":[81],"does":[82],"not":[83],"prior":[86],"knowledge":[87],"and":[88,108,122],"adaptable":[90],"diverse":[92],"types":[93],"data.":[96],"The":[97],"automatically":[99],"generates":[100],"extraction":[103],"templates":[104],"through":[105],"instruction":[106],"parses":[109],"locally":[111],"produce":[113],"final":[115],"graph.MOLE":[117],"leverages":[118],"patterns":[121],"structures":[123],"learned":[124],"by":[125],"LLMs":[126],"from":[127],"large-scale":[128],"training.":[131],"As":[132],"result,":[134],"tasks":[135],"that":[136],"previously":[137],"required":[138],"several":[139],"days":[140],"manual":[142],"coding":[143],"generate":[145],"can":[149],"now":[150],"be":[151],"completed":[152],"in":[153],"just":[154],"few":[156],"minutes.":[157],"Furthermore,":[158],"when":[159],"processing":[160],"50":[161],"million":[162],"entries,":[164],"entire":[166],"consumed":[171],"only":[172],"20k":[173],"tokens.":[174]},"counts_by_year":[],"updated_date":"2025-11-15T23:13:30.683059","created_date":"2025-11-14T00:00:00"}