{"id":"https://openalex.org/W4416286252","doi":"https://doi.org/10.1109/jiot.2025.3633319","title":"ContrastMatcher: Adaptive Contrastive Provenance Graph Matching for Host-Based Attack Detection","display_name":"ContrastMatcher: Adaptive Contrastive Provenance Graph Matching for Host-Based Attack Detection","publication_year":2025,"publication_date":"2025-11-17","ids":{"openalex":"https://openalex.org/W4416286252","doi":"https://doi.org/10.1109/jiot.2025.3633319"},"language":null,"primary_location":{"id":"doi:10.1109/jiot.2025.3633319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3633319","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112444020","display_name":"Hao Yan","orcid":"https://orcid.org/0009-0002-2449-1759"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hao Yan","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082984483","display_name":"W Liao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wenhao Liao","raw_affiliation_strings":["Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100327196","display_name":"Jia Sun","orcid":"https://orcid.org/0000-0002-2541-2373"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jia Sun","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101539851","display_name":"Lei Du","orcid":"https://orcid.org/0000-0003-4631-5174"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Du","raw_affiliation_strings":["Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101632919","display_name":"Liyi Zeng","orcid":"https://orcid.org/0009-0009-1627-5811"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Liyi Zeng","raw_affiliation_strings":["Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070856186","display_name":"Zhaoquan Gu","orcid":"https://orcid.org/0000-0001-7546-852X"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhaoquan Gu","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091368858","display_name":"Binxing Fang","orcid":"https://orcid.org/0000-0003-0305-2132"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Binxing Fang","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, Guangdong, China","institution_ids":["https://openalex.org/I204983213"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5112444020"],"corresponding_institution_ids":["https://openalex.org/I204983213"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18766306,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":"3","first_page":"4434","last_page":"4448"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.2151000052690506,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.2151000052690506,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.20260000228881836,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.14030000567436218,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.5430999994277954},{"id":"https://openalex.org/keywords/reduction","display_name":"Reduction (mathematics)","score":0.4781999886035919},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.44130000472068787},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.39430001378059387},{"id":"https://openalex.org/keywords/subgraph-isomorphism-problem","display_name":"Subgraph isomorphism problem","score":0.36970001459121704},{"id":"https://openalex.org/keywords/computational-complexity-theory","display_name":"Computational complexity theory","score":0.36579999327659607},{"id":"https://openalex.org/keywords/supervised-learning","display_name":"Supervised learning","score":0.335999995470047}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8141000270843506},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.5430999994277954},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.4781999886035919},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4424999952316284},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.44130000472068787},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40799999237060547},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.39430001378059387},{"id":"https://openalex.org/C131992880","wikidata":"https://www.wikidata.org/wiki/Q2528185","display_name":"Subgraph isomorphism problem","level":3,"score":0.36970001459121704},{"id":"https://openalex.org/C179799912","wikidata":"https://www.wikidata.org/wiki/Q205084","display_name":"Computational complexity theory","level":2,"score":0.36579999327659607},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35740000009536743},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.335999995470047},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32359999418258667},{"id":"https://openalex.org/C311688","wikidata":"https://www.wikidata.org/wiki/Q2393193","display_name":"Time complexity","level":2,"score":0.31610000133514404},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.3124000132083893},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.30809998512268066},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.30090001225471497},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.2928999960422516},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.27720001339912415},{"id":"https://openalex.org/C125014702","wikidata":"https://www.wikidata.org/wiki/Q4680749","display_name":"Adaptive learning","level":2,"score":0.2500999867916107}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2025.3633319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3633319","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W2048653843","https://openalex.org/W2096347345","https://openalex.org/W2126359798","https://openalex.org/W2132022337","https://openalex.org/W2148606255","https://openalex.org/W2284900416","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2790557990","https://openalex.org/W2889727957","https://openalex.org/W2906943923","https://openalex.org/W2910711617","https://openalex.org/W2947745012","https://openalex.org/W2958285686","https://openalex.org/W2963843206","https://openalex.org/W2978956219","https://openalex.org/W2997591727","https://openalex.org/W2998038410","https://openalex.org/W3006711782","https://openalex.org/W3008054143","https://openalex.org/W3035524453","https://openalex.org/W3095746859","https://openalex.org/W3110889769","https://openalex.org/W3126165507","https://openalex.org/W3137205257","https://openalex.org/W3157720608","https://openalex.org/W3158906645","https://openalex.org/W3211430557","https://openalex.org/W3212868562","https://openalex.org/W3214329506","https://openalex.org/W4288057803","https://openalex.org/W4388858673","https://openalex.org/W4405689572","https://openalex.org/W4412627969","https://openalex.org/W4414110927"],"related_works":[],"abstract_inverted_index":{"Provenance":[0],"graphs":[1,29,82],"have":[2],"emerged":[3],"as":[4,41],"a":[5,68,92,157,226],"promising":[6],"approach":[7],"for":[8,63,79,98,106],"detecting":[9],"host-based":[10,208],"attacks,":[11],"particularly":[12],"on":[13,51,196],"Internet":[14],"of":[15,110],"Things":[16],"(IoT)":[17],"endpoints":[18],"where":[19,133],"audit":[20,33],"logs":[21,34],"are":[22,26,55],"available":[23],"but":[24],"resources":[25],"constrained.":[27],"Such":[28],"integrate":[30],"fine-grained":[31],"system":[32],"and":[35,58,117,123,141,181],"formulate":[36],"the":[37,45,127,153,170,175,182,185,192,197,221,230,240],"attack":[38,176],"detection":[39,172,231],"process":[40],"subgraph":[42,53,65,100,154],"matching":[43,54,101],"within":[44],"provenance":[46,81,99,222],"graph.":[47],"Existing":[48],"methods":[49],"relying":[50],"exact":[52],"computationally":[56],"intensive":[57],"time-consuming,":[59],"while":[60],"supervised":[61,242],"learning":[62,97,146,243],"approximate":[64],"matching,":[66],"although":[67],"potential":[69],"alternative,":[70],"requires":[71],"extensive":[72],"labeled":[73],"data":[74],"that":[75,203],"is":[76],"prohibitively":[77],"costly":[78],"annotating":[80],"at":[83],"scale.":[84],"To":[85],"tackle":[86],"these":[87],"problems,":[88],"we":[89],"propose":[90],"ContrastMatcher,":[91],"self-supervised":[93,115,145],"adaptive":[94,114,144],"graph":[95,121],"contrastive":[96],"which":[102,189],"needs":[103],"no":[104],"label":[105,219],"training.":[107],"ContrastMatcher":[108,163,204],"consists":[109],"three":[111],"modules:":[112],"reduction,":[113],"learning,":[116],"lightweight":[118,171],"detection.":[119],"By":[120],"reduction":[122,128],"process-centric":[124],"ego":[125],"partitioning,":[126],"module":[129,147,173],"identifies":[130],"likely":[131],"regions":[132],"attacks":[134],"may":[135],"occur,":[136],"substantially":[137],"reducing":[138],"computational":[139],"complexity":[140],"runtime.":[142],"The":[143],"selects":[148],"effective":[149],"augmentations":[150],"to":[151,164,239],"learn":[152],"representations":[155,187],"with":[156,233],"carefully":[158],"designed":[159],"self-attention":[160],"encoder,":[161],"enabling":[162],"work":[165],"without":[166,217],"any":[167,218],"label.":[168],"Finally,":[169],"classifies":[174],"relations":[177],"between":[178],"each":[179],"query":[180],"candidates":[183],"from":[184],"learned":[186],"automatically,":[188],"avoids":[190],"setting":[191],"approximation":[193],"manually.":[194],"Experiments":[195],"DARPA":[198],"Engagement":[199],"3":[200],"datasets":[201],"show":[202],"can":[205],"reduce":[206],"irrelevant":[207],"log":[209],"events":[210],"by":[211],"80%":[212],"\u2212":[213],"90%.":[214],"In":[215],"addition,":[216],"in":[220],"graph,":[223],"it":[224],"achieves":[225],"competitive":[227],"performance":[228],"regarding":[229],"accuracy":[232],"only":[234],"1%":[235],"training":[236],"time":[237],"compared":[238],"existing":[241],"methods.":[244]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-11-17T00:00:00"}