{"id":"https://openalex.org/W3005127313","doi":"https://doi.org/10.1109/tdsc.2020.2971484","title":"Conan: A Practical Real-Time APT Detection System With High Accuracy and Efficiency","display_name":"Conan: A Practical Real-Time APT Detection System With High Accuracy and Efficiency","publication_year":2020,"publication_date":"2020-02-03","ids":{"openalex":"https://openalex.org/W3005127313","doi":"https://doi.org/10.1109/tdsc.2020.2971484","mag":"3005127313"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2020.2971484","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.2971484","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024324179","display_name":"Chunlin Xiong","orcid":"https://orcid.org/0000-0003-4426-3585"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlin Xiong","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0003-4426-3585","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029428788","display_name":"Tiantian Zhu","orcid":"https://orcid.org/0000-0002-8657-662X"},"institutions":[{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tiantian Zhu","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-8657-662X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I55712492"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101907132","display_name":"Wei-Hao Dong","orcid":"https://orcid.org/0000-0001-9172-8053"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weihao Dong","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0001-9172-8053","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074492926","display_name":"Linqi Ruan","orcid":null},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linqi Ruan","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0003-1934-3057","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101512874","display_name":"Runqing Yang","orcid":"https://orcid.org/0000-0002-4183-4568"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Runqing Yang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-4183-4568","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047799795","display_name":"Yueqiang Cheng","orcid":"https://orcid.org/0000-0002-6277-340X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yueqiang Cheng","raw_affiliation_strings":["Baidu Security, Sunnyvale, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-6277-340X","affiliations":[{"raw_affiliation_string":"Baidu Security, Sunnyvale, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101793453","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0001-9891-6989"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010052157","display_name":"Shuai Cheng","orcid":"https://orcid.org/0000-0002-8163-5424"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuai Cheng","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035753317","display_name":"Xutong Chen","orcid":"https://orcid.org/0000-0001-9201-3893"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xutong Chen","raw_affiliation_strings":["Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA"],"raw_orcid":"https://orcid.org/0000-0001-9201-3893","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering and Computer Science, Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.8346,"has_fulltext":false,"cited_by_count":132,"citation_normalized_percentile":{"value":0.9624029,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"19","issue":"1","first_page":"551","last_page":"565"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9839000105857849,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8899347186088562},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6013468503952026},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.38969284296035767}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8899347186088562},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6013468503952026},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.38969284296035767},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2020.2971484","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.2971484","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W168132470","https://openalex.org/W1549725782","https://openalex.org/W1813893391","https://openalex.org/W1884606608","https://openalex.org/W1978845641","https://openalex.org/W1985987493","https://openalex.org/W2008170713","https://openalex.org/W2009232481","https://openalex.org/W2040825319","https://openalex.org/W2086631206","https://openalex.org/W2093406244","https://openalex.org/W2096347345","https://openalex.org/W2096847629","https://openalex.org/W2103378897","https://openalex.org/W2106649514","https://openalex.org/W2121468041","https://openalex.org/W2123886726","https://openalex.org/W2137569638","https://openalex.org/W2141254179","https://openalex.org/W2143659423","https://openalex.org/W2163030488","https://openalex.org/W2168620475","https://openalex.org/W2170967934","https://openalex.org/W2213728018","https://openalex.org/W2271004381","https://openalex.org/W2284900416","https://openalex.org/W2295705535","https://openalex.org/W2532844970","https://openalex.org/W2579106964","https://openalex.org/W2625009890","https://openalex.org/W2755572540","https://openalex.org/W2790557990","https://openalex.org/W2799162796","https://openalex.org/W2806029905","https://openalex.org/W2962703433","https://openalex.org/W3093538749","https://openalex.org/W3136767761","https://openalex.org/W4244726870","https://openalex.org/W6601859066","https://openalex.org/W6605901207","https://openalex.org/W6628457668","https://openalex.org/W6628647653","https://openalex.org/W6633462303","https://openalex.org/W6636895364","https://openalex.org/W6636991409","https://openalex.org/W6640663528","https://openalex.org/W6640826072","https://openalex.org/W6675021112","https://openalex.org/W6712595259","https://openalex.org/W6737785282","https://openalex.org/W6743841043","https://openalex.org/W6743866659","https://openalex.org/W6751955181","https://openalex.org/W6754375631"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threat":[2],"(APT)":[3],"attacks":[4,156,196],"have":[5,25],"caused":[6],"serious":[7],"security":[8],"threats":[9],"and":[10,22,42,50,66,75,101,139,152,163,176,193],"financial":[11],"losses":[12],"worldwide.":[13],"Various":[14],"real-time":[15,35],"detection":[16,37,48,69],"mechanisms":[17,38],"that":[18,71,148],"combine":[19],"context":[20],"information":[21],"provenance":[23,55],"graphs":[24],"been":[26],"proposed":[27],"to":[28,46,146],"defend":[29],"against":[30],"APT":[31,36,68,195],"attacks.":[32],"However,":[33],"existing":[34],"suffer":[39],"from":[40],"accuracy":[41,60],"efficiency":[43,87,165],"issues":[44],"due":[45],"inaccurate":[47],"models":[49],"the":[51,59,78,86],"growing":[52],"size":[53],"of":[54,166,174,178],"graphs.":[56],"To":[57,84],"address":[58,85],"issue,":[61,88],"we":[62,89,115,131],"propose":[63,90],"a":[64,91,124,128,186],"novel":[65],"accurate":[67],"model":[70],"removes":[72],"unnecessary":[73],"phases":[74],"focuses":[76],"on":[77,137],"remaining":[79],"ones":[80],"with":[81],"improved":[82],"definitions.":[83],"state-based":[92],"framework":[93],"in":[94,106,123,127,197],"which":[95],"events":[96,126],"are":[97],"consumed":[98],"as":[99],"streams":[100],"each":[102],"entity":[103],"is":[104],"represented":[105],"an":[107],"FSA-like":[108],"structure":[109],"without":[110],"storing":[111,120],"historic":[112],"data.":[113],"Additionally,":[114],"reconstruct":[116],"attack":[117],"scenarios":[118,145],"by":[119],"just":[121],"one":[122],"thousand":[125],"database.":[129],"Finally,":[130],"implement":[132],"our":[133,158],"design,":[134],"called":[135],"<small>Conan</small>,":[136],"Windows":[138],"conduct":[140],"comprehensive":[141],"experiments":[142],"under":[143],"real-world":[144,198],"show":[147],"<small>Conan</small>":[149,167,185],"can":[150],"accurately":[151],"efficiently":[153],"detect":[154],"all":[155],"within":[157],"evaluation.":[159],"The":[160],"memory":[161,175],"usage":[162],"CPU":[164],"remain":[168],"constant":[169],"over":[170],"time":[171],"(1-10":[172],"MB":[173],"hundreds":[177],"times":[179],"faster":[180],"than":[181],"data":[182],"generation),":[183],"making":[184],"practical":[187],"design":[188],"for":[189],"detecting":[190],"both":[191],"known":[192],"unknown":[194],"scenarios.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":11},{"year":2025,"cited_by_count":53},{"year":2024,"cited_by_count":32},{"year":2023,"cited_by_count":19},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":12},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}