{"id":"https://openalex.org/W4398188081","doi":"https://doi.org/10.1109/tac.2024.3403675","title":"Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach","display_name":"Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach","publication_year":2024,"publication_date":"2024-05-21","ids":{"openalex":"https://openalex.org/W4398188081","doi":"https://doi.org/10.1109/tac.2024.3403675"},"language":"en","primary_location":{"id":"doi:10.1109/tac.2024.3403675","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tac.2024.3403675","pdf_url":null,"source":{"id":"https://openalex.org/S184954342","display_name":"IEEE Transactions on Automatic Control","issn_l":"0018-9286","issn":["0018-9286","1558-2523","2334-3303"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Automatic Control","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087007662","display_name":"Shana Moothedath","orcid":"https://orcid.org/0000-0001-6091-2384"},"institutions":[{"id":"https://openalex.org/I173911158","display_name":"Iowa State University","ror":"https://ror.org/04rswrd78","country_code":"US","type":"education","lineage":["https://openalex.org/I173911158"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shana Moothedath","raw_affiliation_strings":["Department of Electrical and Computer Engineering, lowa State University, Ames, IA, USA","Department of Electrical and Computer Engineering, Iowa State University, Ames, IA, USA"],"raw_orcid":"https://orcid.org/0000-0001-6091-2384","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, lowa State University, Ames, IA, USA","institution_ids":["https://openalex.org/I173911158"]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Iowa State University, Ames, IA, USA","institution_ids":["https://openalex.org/I173911158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033433868","display_name":"Dinuka Sahabandu","orcid":"https://orcid.org/0000-0001-7776-7865"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dinuka Sahabandu","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0001-7776-7865","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007487580","display_name":"Joey Allen","orcid":"https://orcid.org/0000-0002-5503-4123"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joey Allen","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-5503-4123","affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004774385","display_name":"Andrew Clark","orcid":"https://orcid.org/0000-0002-5868-6186"},"institutions":[{"id":"https://openalex.org/I204465549","display_name":"Washington University in St. Louis","ror":"https://ror.org/01yc7t268","country_code":"US","type":"education","lineage":["https://openalex.org/I204465549"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Clark","raw_affiliation_strings":["Department of Electrical and Systems Engineering, Washington University in St. Louis, St. Louis, MO, USA"],"raw_orcid":"https://orcid.org/0000-0002-5868-6186","affiliations":[{"raw_affiliation_string":"Department of Electrical and Systems Engineering, Washington University in St. Louis, St. Louis, MO, USA","institution_ids":["https://openalex.org/I204465549"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003489427","display_name":"Linda Bushnell","orcid":"https://orcid.org/0000-0002-8751-2409"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Linda Bushnell","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0002-8751-2409","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0003-2761-1277","affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079723268","display_name":"Radha Poovendran","orcid":"https://orcid.org/0000-0003-0269-8097"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Radha Poovendran","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0003-0269-8097","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.561,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.83375253,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"69","issue":"10","first_page":"6684","last_page":"6699"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9627000093460083,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9627000093460083,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9208999872207642,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.6175274848937988},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6082632541656494},{"id":"https://openalex.org/keywords/tracking","display_name":"Tracking (education)","score":0.511384904384613},{"id":"https://openalex.org/keywords/flow","display_name":"Flow (mathematics)","score":0.449179083108902},{"id":"https://openalex.org/keywords/stochastic-process","display_name":"Stochastic process","score":0.42856594920158386},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1511446237564087},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.08031931519508362},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.07796910405158997}],"concepts":[{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.6175274848937988},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6082632541656494},{"id":"https://openalex.org/C2775936607","wikidata":"https://www.wikidata.org/wiki/Q466845","display_name":"Tracking (education)","level":2,"score":0.511384904384613},{"id":"https://openalex.org/C38349280","wikidata":"https://www.wikidata.org/wiki/Q1434290","display_name":"Flow (mathematics)","level":2,"score":0.449179083108902},{"id":"https://openalex.org/C8272713","wikidata":"https://www.wikidata.org/wiki/Q176737","display_name":"Stochastic process","level":2,"score":0.42856594920158386},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1511446237564087},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.08031931519508362},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.07796910405158997},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C19417346","wikidata":"https://www.wikidata.org/wiki/Q7922","display_name":"Pedagogy","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tac.2024.3403675","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tac.2024.3403675","pdf_url":null,"source":{"id":"https://openalex.org/S184954342","display_name":"IEEE Transactions on Automatic Control","issn_l":"0018-9286","issn":["0018-9286","1558-2523","2334-3303"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Automatic Control","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6100000143051147,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2685771227","display_name":null,"funder_award_id":"N00014-16-1-2710 P00002","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G6360409883","display_name":null,"funder_award_id":"2229876","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6486092784","display_name":null,"funder_award_id":"FA8650-15-C-7556","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1607809226","https://openalex.org/W1968909445","https://openalex.org/W1977538586","https://openalex.org/W2039427951","https://openalex.org/W2062973696","https://openalex.org/W2083680012","https://openalex.org/W2089745089","https://openalex.org/W2106741306","https://openalex.org/W2122661687","https://openalex.org/W2151135920","https://openalex.org/W2156036190","https://openalex.org/W2766852928","https://openalex.org/W2893632805","https://openalex.org/W2912262279","https://openalex.org/W2962703433","https://openalex.org/W2972812783","https://openalex.org/W3007985288","https://openalex.org/W3012486662","https://openalex.org/W4211167773","https://openalex.org/W4252481514","https://openalex.org/W4254547512","https://openalex.org/W6638258275","https://openalex.org/W6726226389","https://openalex.org/W6754375631"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2090404167","https://openalex.org/W2388615687"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threats":[2],"(APTs)":[3],"are":[4,160],"stealthy":[5],"attacks":[6],"by":[7,120,137],"intelligent":[8],"adversaries.":[9],"This":[10],"paper":[11],"studies":[12],"the":[13,46,89,105,108,115,121,127,141,152,158,163],"detection":[14,36,68],"of":[15,55,69,104,126,157,165],"APTs":[16,39,70],"that":[17,40,131],"infiltrate":[18],"cyber":[19],"systems":[20],"and":[21,48,114,117,129,186,189],"compromise":[22],"specifically":[23],"targeted":[24],"data":[25,180],"and/or":[26],"infrastructures.":[27],"Dynamic":[28],"information":[29,34,43,73,87],"flow":[30,74,96],"tracking":[31,75],"is":[32,79,97,135],"an":[33,63,72,94,191],"trace-based":[35],"mechanism":[37],"against":[38],"tags":[41],"suspicious":[42],"flows":[44],"in":[45],"system":[47],"performs":[49],"security":[50,112,167],"analysis":[51,113],"for":[52,66,110,178],"unauthorized":[53],"use":[54],"tagged":[56],"data.":[57],"In":[58],"this":[59],"paper,":[60],"we":[61,170],"develop":[62],"analytical":[64],"model":[65],"resourceefficient":[67],"using":[71],"game.":[76],"The":[77,101,154],"game":[78,84,106,128],"a":[80,132,138,148,175,179],"nonzero-sum,":[81],"turn-based,":[82],"stochastic":[83],"with":[85,184],"asymmetric":[86],"as":[88],"defender":[90,193],"cannot":[91],"distinguish":[92],"whether":[93],"incoming":[95],"malicious":[98],"or":[99],"benign.":[100],"payoff":[102],"functions":[103],"capture":[107],"cost":[109,164],"performing":[111,166],"rewards":[116],"penalties":[118],"received":[119],"players.":[122],"We":[123],"analyze":[124],"equilibrium":[125,134],"prove":[130],"Nash":[133],"given":[136],"solution":[139],"to":[140],"minimum":[142],"capacity":[143],"cut":[144],"set":[145],"problem":[146],"on":[147,174],"flow-network":[149,159],"derived":[150],"from":[151,162],"system.":[153],"edge":[155],"capacities":[156],"obtained":[161],"analysis.":[168],"Finally,":[169],"implement":[171],"our":[172],"algorithm":[173],"real-world":[176],"dataset":[177],"exfiltration":[181],"attack":[182],"augmented":[183],"false-negative":[185],"false-positive":[187],"rates":[188],"compute":[190],"optimal":[192],"strategy.":[194]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}