{"id":"https://openalex.org/W4403937684","doi":"https://doi.org/10.1109/iscc61673.2024.10733665","title":"Devil in the Noise: Detecting Advanced Persistent Threats with Backbone Extraction","display_name":"Devil in the Noise: Detecting Advanced Persistent Threats with Backbone Extraction","publication_year":2024,"publication_date":"2024-06-26","ids":{"openalex":"https://openalex.org/W4403937684","doi":"https://doi.org/10.1109/iscc61673.2024.10733665"},"language":"en","primary_location":{"id":"doi:10.1109/iscc61673.2024.10733665","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/iscc61673.2024.10733665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109295331","display_name":"Caio Viana","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123805","display_name":"Instituto de Aeron\u00e1utica e Espa\u00e7o","ror":"https://ror.org/025n1fp68","country_code":"BR","type":"other","lineage":["https://openalex.org/I4210123805"]},{"id":"https://openalex.org/I107428990","display_name":"Instituto Tecnol\u00f3gico de Aeron\u00e1utica","ror":"https://ror.org/05vh67662","country_code":"BR","type":"education","lineage":["https://openalex.org/I107428990"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Caio M. C. Viana","raw_affiliation_strings":["Aeronautics Institute of Technology,Computer Science Division,Brazil"],"affiliations":[{"raw_affiliation_string":"Aeronautics Institute of Technology,Computer Science Division,Brazil","institution_ids":["https://openalex.org/I4210123805","https://openalex.org/I107428990"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037057466","display_name":"Carlos H. G. Ferreira","orcid":"https://orcid.org/0000-0001-9107-6884"},"institutions":[{"id":"https://openalex.org/I10824318","display_name":"Universidade Federal de Ouro Preto","ror":"https://ror.org/056s65p46","country_code":"BR","type":"education","lineage":["https://openalex.org/I10824318"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Carlos H. G. Ferreira","raw_affiliation_strings":["Federal University of Ouro Preto,Department of Computing and Systems,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Ouro Preto,Department of Computing and Systems,Brazil","institution_ids":["https://openalex.org/I10824318"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021734616","display_name":"Fabr\u00edcio Murai","orcid":"https://orcid.org/0000-0003-4487-6381"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fabricio Murai","raw_affiliation_strings":["Worcester Polytechnic Institute,Data Science &amp; Computer Science,Worcester,MA,USA"],"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Data Science &amp; Computer Science,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104946815","display_name":"Aldri Santos","orcid":"https://orcid.org/0000-0002-5861-4414"},"institutions":[{"id":"https://openalex.org/I110200422","display_name":"Universidade Federal de Minas Gerais","ror":"https://ror.org/0176yjw32","country_code":"BR","type":"education","lineage":["https://openalex.org/I110200422"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Aldri Luiz Dos Santos","raw_affiliation_strings":["Federal University of Minas Gerais,Department of Computer Science,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Minas Gerais,Department of Computer Science,Brazil","institution_ids":["https://openalex.org/I110200422"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030326285","display_name":"Louren\u00e7o Alves Pereira","orcid":"https://orcid.org/0000-0002-9682-0075"},"institutions":[{"id":"https://openalex.org/I4210123805","display_name":"Instituto de Aeron\u00e1utica e Espa\u00e7o","ror":"https://ror.org/025n1fp68","country_code":"BR","type":"other","lineage":["https://openalex.org/I4210123805"]},{"id":"https://openalex.org/I107428990","display_name":"Instituto Tecnol\u00f3gico de Aeron\u00e1utica","ror":"https://ror.org/05vh67662","country_code":"BR","type":"education","lineage":["https://openalex.org/I107428990"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Louren\u00e7o Alves Pereira J\u00fanior","raw_affiliation_strings":["Aeronautics Institute of Technology,Computer Science Division,Brazil"],"affiliations":[{"raw_affiliation_string":"Aeronautics Institute of Technology,Computer Science Division,Brazil","institution_ids":["https://openalex.org/I4210123805","https://openalex.org/I107428990"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5109295331"],"corresponding_institution_ids":["https://openalex.org/I107428990","https://openalex.org/I4210123805"],"apc_list":null,"apc_paid":null,"fwci":0.375,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.58887461,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8841999769210815,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8841999769210815,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.5918879508972168},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5757102966308594},{"id":"https://openalex.org/keywords/extraction","display_name":"Extraction (chemistry)","score":0.550101637840271},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2687479853630066}],"concepts":[{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.5918879508972168},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5757102966308594},{"id":"https://openalex.org/C4725764","wikidata":"https://www.wikidata.org/wiki/Q844704","display_name":"Extraction (chemistry)","level":2,"score":0.550101637840271},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2687479853630066},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc61673.2024.10733665","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/iscc61673.2024.10733665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2038793346","https://openalex.org/W2284900416","https://openalex.org/W2532844970","https://openalex.org/W2962703433","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3022067606","https://openalex.org/W3092036871","https://openalex.org/W3190895447","https://openalex.org/W3192184909","https://openalex.org/W3212868562","https://openalex.org/W4295899235","https://openalex.org/W4324007191","https://openalex.org/W6682691769","https://openalex.org/W6738964360","https://openalex.org/W6741450815","https://openalex.org/W6754375631","https://openalex.org/W6782167706","https://openalex.org/W6802797615"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"The":[0],"use":[1,17],"of":[2,18,36,106,144,153],"host":[3],"intrusion":[4],"detection":[5,159],"systems":[6,19],"shows":[7],"promising":[8],"results":[9,141],"in":[10,38,103,119,134],"detecting":[11],"APT":[12],"campaigns":[13],"due":[14],"to":[15,24,78,95,111,126,156,169],"the":[16,34,42,67,104,120,135,145,151,158],"logs":[20,37,68],"as":[21,57,71],"source":[22],"data":[23],"get":[25],"more":[26],"information":[27],"about":[28],"system":[29],"environment.":[30],"However,":[31],"dealing":[32],"with":[33,81],"increase":[35,102],"time":[39],"while":[40],"tracking":[41],"execution":[43],"context":[44],"is":[45],"a":[46,58],"challenge":[47],"for":[48],"security":[49,89],"analysts.":[50],"Therefore,":[51],"this":[52],"work":[53],"presents":[54],"backbone":[55],"extraction":[56],"crucial":[59],"preprocessing":[60],"step,":[61],"filtering":[62],"out":[63],"irrelevant":[64],"logs.":[65],"As":[66],"are":[69],"modeled":[70],"provenance":[72],"graphs,":[73],"we":[74,99],"discard":[75],"spurious":[76],"edges":[77],"detect":[79],"residuals":[80],"distinctive":[82],"node":[83],"and":[84,115,123,130,149],"edge":[85],"distributions":[86],"that":[87],"indicate":[88,142],"threats.":[90],"By":[91],"applying":[92],"our":[93,140,154],"methodology":[94,155],"state-of-the-art":[96],"benchmark":[97],"datasets,":[98],"observed":[100],"an":[101],"performance":[105],"one-class":[107],"classifiers":[108],"by":[109,124,161],"up":[110,125],"62%":[112],"on":[113,117,128,132],"F1-score":[114,129],"48%":[116],"recall":[118,133],"Streamspot":[121],"dataset":[122],"40%":[127],"33%":[131],"DARPA3":[136],"THEIA":[137],"dataset.":[138],"Moreover,":[139],"mitigation":[143],"dependency":[146],"explosion":[147],"problem":[148],"underscore":[150],"ability":[152],"improve":[157],"landscape":[160],"shrinking":[162],"graph":[163],"sizes":[164],"without":[165],"losing":[166],"essential":[167],"aspects":[168],"characterize":[170],"attacks.":[171]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}